105 lines
2.7 KiB
Nix
105 lines
2.7 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
{
|
|
imports = [ ./hardware-configuration.nix ];
|
|
|
|
boot.initrd.supportedFilesystems = [ "zfs" ];
|
|
boot.initrd.systemd.enable = true;
|
|
services.zfs.autoScrub.enable = true;
|
|
services.zfs.trim.enable = true;
|
|
|
|
networking.hostName = "sunflower";
|
|
networking.hostId = "77d68c52";
|
|
|
|
system.stateVersion = "24.11";
|
|
|
|
security.sudo.wheelNeedsPassword = false;
|
|
|
|
networking.firewall.allowedTCPPorts = [ 22 80 443 1337 1338 ];
|
|
networking.firewall.allowedUDPPorts = [ 1337 1338 ];
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "audrey@rhelmot.io";
|
|
};
|
|
|
|
services.bingosync = {
|
|
enable = true;
|
|
domain = "celestebingo.rhelmot.io";
|
|
socketsDomain = "sockets-celestebingo.rhelmot.io";
|
|
databaseUrl = "postgres://%2Frun%2Fpostgresql/bingosync";
|
|
extraPythonPackages = p: [ p.psycopg2 ];
|
|
};
|
|
|
|
services.postgresql = {
|
|
enable = true;
|
|
ensureDatabases = [ "bingosync" ];
|
|
ensureUsers = [
|
|
{ name = "bingosync"; ensureDBOwnership = true; }
|
|
];
|
|
};
|
|
|
|
services.nginx = {
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
|
|
virtualHosts."rhelmot.io" = {
|
|
default = true;
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
root = "/var/www/rhelmot.io/";
|
|
};
|
|
locations."/secret/" = {
|
|
basicAuthFile = "/var/lib/rhelmot.io/secret";
|
|
root = "/var/www/rhelmot.io/";
|
|
};
|
|
};
|
|
virtualHosts."www.rhelmot.io" = {
|
|
globalRedirect = "rhelmot.io";
|
|
enableACME = true;
|
|
};
|
|
|
|
virtualHosts."bingosync.rhelmot.io" = {
|
|
locations."/" = {
|
|
proxyPass = "https://bingosync.com/";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
# proxy conf generated by services.bingosync
|
|
virtualHosts."celestebingo.rhelmot.io" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
};
|
|
virtualHosts."sockets-celestebingo.rhelmot.io" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
};
|
|
virtualHosts."www.celestebingo.rhelmot.io" = {
|
|
globalRedirect = "celestebingo.rhelmot.io";
|
|
enableACME = true;
|
|
};
|
|
|
|
virtualHosts."minal.rhelmot.io" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/".root = "/var/www/minal.rhelmot.io/";
|
|
};
|
|
virtualHosts."www.minal.rhelmot.io" = {
|
|
globalRedirect = "minal.rhelmot.io";
|
|
enableACME = true;
|
|
};
|
|
virtualHosts."mimispastrypost.com" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/".root = "/var/www/mimispastrypost.com/";
|
|
};
|
|
virtualHosts."www.mimispastrypost.com" = {
|
|
globalRedirect = "mimispastrypost.com";
|
|
enableACME = true;
|
|
};
|
|
};
|
|
}
|