nix-config/hosts/containers/matemat/default.nix

{ hostRegistry, lib, pkgs, ... }:
{
  c3d2 = {
    isInHq = true;
    hq.interface = "eth0";
  };
  networking.hostName = "matemat";
  networking.useNetworkd = true;
  networking.interfaces.eth0 = {
    ipv4.addresses = [{
      address = hostRegistry.hosts.matemat.ip4;
      prefixLength = 26;
    }];
  };
  networking.defaultGateway = "172.20.73.1";
  networking.firewall.allowedTCPPorts = [ 80 443 ];

  services.yammat.enable = true;

  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    virtualHosts."matemat.hq.c3d2.de" = {
      default = true;
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://localhost:3000";
        extraConfig = ''
          satisfy any;
          auth_basic secured;
          auth_basic_user_file ${pkgs.matemat-auth};
          allow 2a00:8180:2c00:200::/56;
          allow 172.22.99.0/24;
          allow 172.20.72.0/21;
          deny all;
        '';
      };
    };
  };

  services.ssmtp = {
    enable = true;
    root = "nek0@c3d2.de";
    useTLS = true;
    useSTARTTLS = true;
    hostName = "mail.c3d2.de:587";
    domain = "matemat.hq.c3d2.de";
    settings = {
      hostname = "matemat.hq.c3d2.de";
    };
  };
}
matemat: move from c3d2 to serv fixes gitea issue #9 2021-10-06 21:56:36 +02:00			`{ hostRegistry, lib, pkgs, ... }:`
lib/default-gateway.nix: set only when running without systemd-networkd this would need GatewayOnLink=yes for the route on the interface 2021-03-06 01:10:53 +01:00			`{`
matemat: 🎆 init 2021-03-06 01:13:27 +01:00			`c3d2 = {`
			`isInHq = true;`
			`hq.interface = "eth0";`
			`};`
matemat: move from c3d2 to serv fixes gitea issue #9 2021-10-06 21:56:36 +02:00			`networking.hostName = "matemat";`
			`networking.useNetworkd = true;`
			`networking.interfaces.eth0 = {`
			`ipv4.addresses = [{`
			`address = hostRegistry.hosts.matemat.ip4;`
			`prefixLength = 26;`
			`}];`
matemat: 🎆 init 2021-03-06 01:13:27 +01:00			`};`
matemat: move from c3d2 to serv fixes gitea issue #9 2021-10-06 21:56:36 +02:00			`networking.defaultGateway = "172.20.73.1";`
			`networking.firewall.allowedTCPPorts = [ 80 443 ];`
matemat: 🎆 init 2021-03-06 01:13:27 +01:00
			`services.yammat.enable = true;`

			`services.nginx = {`
			`enable = true;`
			`recommendedProxySettings = true;`
			`virtualHosts."matemat.hq.c3d2.de" = {`
			`default = true;`
			`forceSSL = true;`
			`enableACME = true;`
matemat: add auth 2021-03-06 02:28:46 +01:00			`locations."/" = {`
			`proxyPass = "http://localhost:3000";`
			`extraConfig = ''`
matemat: allow auth-less access from local subnets 2021-03-06 02:33:38 +01:00			`satisfy any;`
matemat: add auth 2021-03-06 02:28:46 +01:00			`auth_basic secured;`
			`auth_basic_user_file ${pkgs.matemat-auth};`
IPv6 renumbering 2021-06-02 21:37:18 +02:00			`allow 2a00:8180:2c00:200::/56;`
matemat: allow auth-less access from local subnets 2021-03-06 02:33:38 +01:00			`allow 172.22.99.0/24;`
			`allow 172.20.72.0/21;`
			`deny all;`
matemat: add auth 2021-03-06 02:28:46 +01:00			`'';`
			`};`
matemat: 🎆 init 2021-03-06 01:13:27 +01:00			`};`
			`};`
ssmtp for matemat 2021-03-06 20:59:08 +01:00
			`services.ssmtp = {`
			`enable = true;`
			`root = "nek0@c3d2.de";`
matemat: set ssmtp.useTLS nixos complained 2021-09-08 01:43:35 +02:00			`useTLS = true;`
ssmtp for matemat 2021-03-06 20:59:08 +01:00			`useSTARTTLS = true;`
matemat: specify port for mail.c3d2.de 2021-05-28 04:54:26 +02:00			`hostName = "mail.c3d2.de:587";`
ssmtp for matemat 2021-03-06 20:59:08 +01:00			`domain = "matemat.hq.c3d2.de";`
rewrite hostname to satisfy helo restrictions 2021-04-30 10:36:37 +02:00			`settings = {`
			`hostname = "matemat.hq.c3d2.de";`
			`};`
ssmtp for matemat 2021-03-06 20:59:08 +01:00			`};`
lib/default-gateway.nix: set only when running without systemd-networkd this would need GatewayOnLink=yes for the route on the interface 2021-03-06 01:10:53 +01:00			`}`