diff --git a/hosts/bloodletting/configuration.nix b/hosts/bloodletting/configuration.nix index 275b184..2d90f43 100644 --- a/hosts/bloodletting/configuration.nix +++ b/hosts/bloodletting/configuration.nix @@ -31,6 +31,16 @@ # Enable networking networking.networkmanager.enable = true; + networking.interfaces.ens19.ipv4.addresses = [{ + address = "185.138.143.227"; + prefixLength = 29; + }]; + + networking.defaultGateway = { + address = "185.138.143.225"; + interface = "ens19"; + }; + # Enable the OpenSSH daemon. services.openssh = { enable = true; @@ -42,7 +52,7 @@ # Open ports in the firewall. networking.firewall = { - allowedTCPPorts = [ 80 443 20 21 22 990 6162 ]; + allowedTCPPorts = [ 20 21 22 80 443 990 6162 ]; allowedTCPPortRanges = [{ from = 40000; to = 40200; @@ -64,12 +74,14 @@ security.acme.certs."technogothic.net" = { domain = "*.technogothic.net"; + extraDomainNames = [ "technogothic.net" ]; dnsProvider = "rfc2136"; credentialsFile = "/var/lib/secrets/rfc2136-technogothic-net"; group = "nginx"; }; security.acme.defaults.reloadServices = [ "nginx" "vsftpd" ]; + systemd.services.nginx.serviceConfig.ProtectHome = "read-only"; # Nginx services.nginx = { @@ -88,6 +100,8 @@ forceSSL = true; root = pkgs.vampysite; + serverAliases = [ "agatha.technogothic.net" ]; + locations."=/cv.pdf" = { alias = "/home/ftp/cv.pdf"; }; extraConfig = '' @@ -95,6 +109,12 @@ ''; }; + virtualHosts."www.technogothic.net" = { + useACMEHost = "technogothic.net"; + forceSSL = true; + globalRedirect = "technogothic.net"; + }; + virtualHosts."grafana.technogothic.net" = { useACMEHost = "technogothic.net"; forceSSL = true; @@ -124,6 +144,15 @@ proxyWebsockets = true; }; }; + + virtualHosts."ftp.technogothic.net" = { + useACMEHost = "technogothic.net"; + forceSSL = true; + + root = "/home/ftp"; + + locations."/" = { extraConfig = "autoindex on;"; }; + }; }; # This value determines the NixOS release from which the default