nix-config/hosts/containers/matemat/default.nix

{ zentralwerk, config, lib, pkgs, ... }:

{
  c3d2 = {
    autoUpdate = true;
    deployment = {
      server = "server10";
      mounts = [ "etc" "home" "var"];
      interfaces = [{
        net = "serv";
        mac = "FA:2B:1B:DC:85:72";
      }];
    };
  };

  networking = {
    hostName = "matemat";
    interfaces.ens3 = {
      ipv4.addresses = [{
        address = config.c3d2.hosts.matemat.ip4;
        prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
      }];
      useDHCP = false;
    };
    defaultGateway = "172.20.73.1";
    firewall.allowedTCPPorts = [ 80 443 ];
  };

  services = {
    nginx = {
      enable = true;
      recommendedProxySettings = true;
      virtualHosts."matemat.hq.c3d2.de" = {
        default = true;
        forceSSL = true;
        enableACME = true;
        locations."/" = {
          proxyPass = "http://localhost:3000";
          extraConfig = ''
            satisfy any;
            auth_basic secured;
            auth_basic_user_file ${pkgs.matemat-auth};
            allow 2a00:8180:2c00:200::/56;
            allow 172.22.99.0/24;
            allow 172.20.72.0/21;
            deny all;
          '';
        };
      };
    };
    yammat.enable = true;
  };

  programs.msmtp = {
    enable = true;
    accounts.default = {
      host = "mail.c3d2.de";
      port = 587;
      tls = true;
      tls_starttls = true;
      auth = false;
      domain = "matemat.hq.c3d2.de";
      from = "nek0@c3d2.de";
    };
  };
}