summary refs log tree commit diff stats
path: root/system/services
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--system/services/acme/default.nix30
-rw-r--r--system/services/default.nix11
-rw-r--r--system/services/firewall/default.nix11
-rw-r--r--system/services/minecraft/default.nix (renamed from services/services/minecraft.nix)0
-rw-r--r--system/services/nginx/default.nix (renamed from services/services/nginx.nix)0
-rw-r--r--system/services/nix/default.nix (renamed from services/services/nix.nix)0
-rw-r--r--system/services/opensshd/default.nix (renamed from services/services/opensshd.nix)1
-rw-r--r--system/services/rust-motd/default.nix (renamed from services/services/rust-motd.nix)0
8 files changed, 52 insertions, 1 deletions
diff --git a/system/services/acme/default.nix b/system/services/acme/default.nix
new file mode 100644
index 0000000..a163e77
--- /dev/null
+++ b/system/services/acme/default.nix
@@ -0,0 +1,30 @@
+{...}: {
+  users.users.nginx.extraGroups = ["acme"];
+
+  services.nginx = {
+    enable = true;
+    virtualHosts = {
+      "acmechallenge.vhack.eu" = {
+        serverAliases = ["*.vhack.eu"];
+        locations."/.well-known/acme-challenge" = {
+          root = "/var/lib/acme/.challenges";
+        };
+        locations."/" = {
+          return = "301 https://$host$request_uri";
+        };
+      };
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "admin@vhack.eu";
+    certs = {
+      "server1.vhack.eu" = {
+        webroot = "/var/lib/acme/.challenges";
+        group = "nginx";
+        extraDomainNames = ["imap.vhack.eu" "smtp.vhack.eu"];
+      };
+    };
+  };
+}
diff --git a/system/services/default.nix b/system/services/default.nix
new file mode 100644
index 0000000..f36cb29
--- /dev/null
+++ b/system/services/default.nix
@@ -0,0 +1,11 @@
+{config, ...}: {
+  imports = [
+    ./acme
+    ./firewall
+    #./minecraft
+    ./nginx
+    ./nix
+    ./opensshd
+    ./rust-motd
+  ];
+}
diff --git a/system/services/firewall/default.nix b/system/services/firewall/default.nix
new file mode 100644
index 0000000..23dbcc4
--- /dev/null
+++ b/system/services/firewall/default.nix
@@ -0,0 +1,11 @@
+# vim: ts=2
+{...}: {
+  networking.firewall = {
+    allowedTCPPorts = [
+      # for mail protocols:
+      465 # SMTP SSL
+      995 # POP3 SSL
+      993 # IMAP SSL
+    ];
+  };
+}
diff --git a/services/services/minecraft.nix b/system/services/minecraft/default.nix
index 754c974..754c974 100644
--- a/services/services/minecraft.nix
+++ b/system/services/minecraft/default.nix
diff --git a/services/services/nginx.nix b/system/services/nginx/default.nix
index 204783b..204783b 100644
--- a/services/services/nginx.nix
+++ b/system/services/nginx/default.nix
diff --git a/services/services/nix.nix b/system/services/nix/default.nix
index bd562ec..bd562ec 100644
--- a/services/services/nix.nix
+++ b/system/services/nix/default.nix
diff --git a/services/services/opensshd.nix b/system/services/opensshd/default.nix
index cb9f2ba..75c5aef 100644
--- a/services/services/opensshd.nix
+++ b/system/services/opensshd/default.nix
@@ -8,7 +8,6 @@
     passwordAuthentication = false;
     hostKeys = [
       {
-        comment = "key comment";
         path = "/srv/sshd/ssh_host_ed25519_key";
         rounds = 1000;
         type = "ed25519";
diff --git a/services/services/rust-motd.nix b/system/services/rust-motd/default.nix
index 21bc1cd..21bc1cd 100644
--- a/services/services/rust-motd.nix
+++ b/system/services/rust-motd/default.nix
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-30 10:35:17 +0000