forked from c3d2/nix-config
63 lines
1.4 KiB
Nix
63 lines
1.4 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
let fqdn = "gemini.c3d2.de";
|
|
in {
|
|
imports = [ ./users.nix ];
|
|
|
|
c3d2.hq.statistics.enable = true;
|
|
c3d2.autoUpdate = true;
|
|
|
|
networking.hostName = "gemini";
|
|
networking.hosts."::1" = [ fqdn ];
|
|
|
|
networking.firewall.enable = false;
|
|
networking.firewall.allowedTCPPorts = [
|
|
80
|
|
443
|
|
config.services.molly-brown.settings.Port
|
|
config.services.duckling-proxy.port
|
|
];
|
|
|
|
services.duckling-proxy = {
|
|
enable = true;
|
|
address = "0.0.0.0";
|
|
port = 1966;
|
|
serverCert = "/var/lib/acme/${fqdn}/cert.pem";
|
|
serverKey = "/var/lib/acme/${fqdn}/key.pem";
|
|
};
|
|
|
|
services.kineto = {
|
|
enable = true;
|
|
port = 1967;
|
|
geminiDomain = "gemini://${fqdn}";
|
|
};
|
|
|
|
services.molly-brown = {
|
|
enable = true;
|
|
hostName = fqdn;
|
|
certPath = "/var/lib/acme/${fqdn}/cert.pem";
|
|
keyPath = "/var/lib/acme/${fqdn}/key.pem";
|
|
docBase = "/var/gemini";
|
|
settings = {
|
|
DefaultLang = "de";
|
|
ReadMollyFiles = true;
|
|
};
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
virtualHosts.${fqdn} = {
|
|
default = true;
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/".proxyPass = "http://127.0.0.1:1967";
|
|
};
|
|
};
|
|
|
|
systemd.services.duckling-proxy.serviceConfig.SupplementaryGroups =
|
|
[ config.security.acme.certs.${fqdn}.group ];
|
|
|
|
systemd.services.molly-brown.serviceConfig.SupplementaryGroups =
|
|
[ config.security.acme.certs.${fqdn}.group ];
|
|
}
|