62 lines
1.2 KiB
Nix
62 lines
1.2 KiB
Nix
|
{ config, pkgs, lib, zentralwerk, ... }:
|
||
|
|
||
|
{
|
||
|
c3d2 = {
|
||
|
deployment = {
|
||
|
server = "server9";
|
||
|
mounts = [ "etc" "var"];
|
||
|
};
|
||
|
};
|
||
|
|
||
|
microvm.mem = 1024;
|
||
|
microvm.shares = [
|
||
|
{
|
||
|
tag = "ftp";
|
||
|
source = "/tank/storage/ftp";
|
||
|
mountPoint = "/var/www";
|
||
|
proto = "virtiofs";
|
||
|
socket = "ftp.socket";
|
||
|
}
|
||
|
];
|
||
|
|
||
|
networking = {
|
||
|
hostName = "ftp";
|
||
|
firewall.allowedTCPPorts = [ 80 443 ];
|
||
|
};
|
||
|
|
||
|
services.nginx = {
|
||
|
enable = true;
|
||
|
recommendedOptimisation = true;
|
||
|
recommendedTlsSettings = true;
|
||
|
recommendedGzipSettings = true;
|
||
|
recommendedProxySettings = true;
|
||
|
sslDhparam = "${config.security.dhparams.params."nginx".path}";
|
||
|
defaultListenAddresses = [ "0.0.0.0" ];
|
||
|
};
|
||
|
|
||
|
services.nginx.virtualHosts."ftp.c3d2.de" = {
|
||
|
default = true;
|
||
|
enableACME = true;
|
||
|
forceSSL = true;
|
||
|
locations."/" = {
|
||
|
root = "/var/www/ftp.c3d2.de";
|
||
|
extraConfig = "autoindex on;";
|
||
|
};
|
||
|
};
|
||
|
|
||
|
security.dhparams = {
|
||
|
enable = true;
|
||
|
stateful = true;
|
||
|
params."nginx".bits = 4096;
|
||
|
};
|
||
|
|
||
|
services.openssh.enable = true;
|
||
|
|
||
|
sops = {
|
||
|
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||
|
secrets = { };
|
||
|
};
|
||
|
|
||
|
system.stateVersion = "22.05";
|
||
|
}
|