{ pkgs, ... }:
let
bensIp = "68.107.97.20"; # hiddor-kahih
benKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiNB0iF9ClawNEizBtdYucqp1tAXXRbqvlPS6PFRrtiwSl+SJD29BCLgA5rLxcmFhBHZ/iId/En7GPFEzI/gMu071J7pUI4OcW0UVZju3GNc6ZEz/a6AD2u79JiXEDHfPEdmMqAe36kkaK0KJWSQP3xsFRwJ+8F8HHbSwoCLL+GJhBgAWHQLGfKesNrDacNljNDU3CgkEnDmu8QKuSzH2k1vrr69q2u2iMSAdiStDBAWEjN5nCVrm2XB2vmFLMtXpX2n8JI+znOGzRRDc8dNXejQeDMZGyV6jfVidEIX7vdgSydGjTRKcCLVAsKY3z0gYBZ8u8EUNujgcFBnnAvytj ben@neb";
ibbPort = "3000";
fathomPort = "3030";
gitDir = "/srv/git";
in
{
nixpkgs.config.allowUnfree = true;
nixpkgs.overlays = [
(import ../../pack/overlay.nix)
];
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
services = {
gitolite = {
enable = true;
enableGitAnnex = true;
dataDir = "${gitDir}";
user = "git";
group = "git";
extraGitoliteRc = ''
$RC{SITE_INFO} = 'a computer is a bicycle for the mind.';
$RC{GIT_CONFIG_KEYS} = 'gitweb\.(owner|description|category)';
'';
adminPubkey = "${benKey}";
};
lighttpd = {
enable = true;
port = 8000;
document-root = "/srv/www";
mod_userdir = true;
mod_status = true;
collectd = {
enable = true;
};
cgit = {
# disable cgit for now; the ssh interface still works anyway.
enable = false;
subdir = "git";
configText = ''
cache-size=0
clone-url=git@simatime.com:$CGIT_REPO_URL
enable-index-owner=1
enable-http-clone=0
enable-index-links=1
enable-commit-graph=1
enable-log-filecount=1
enable-log-linecount=1
enable-git-config=1
remove-suffix=1
branch-sort=age
max-stats=week
mimetype.gif=image/gif
mimetype.html=text/html
mimetype.jpg=image/jpeg
mimetype.jpeg=image/jpeg
mimetype.pdf=application/pdf
mimetype.png=image/png
mimetype.svg=image/svg+xml
about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
readme=:README.md
root-title=simatime git repository
root-desc=a computer is a bicycle for the mind.
project-list=${gitDir}/projects.list
scan-path=${gitDir}/repositories
'';
};
};
ibb = {
enable = true;
port = ibbPort;
};
fathom = {
enable = true;
port = fathomPort;
dataDir = "/var/lib/fathom";
};
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"web.simatime.com".locations."/".proxyPass = "http://${bensIp}:8000";
"dev.simatime.com".locations."/".proxyPass = "http://${bensIp}:${ibbPort}";
"hero.simatime.com".locations."/".proxyPass = "http://${bensIp}:3001";
"tv.simatime.com".locations."/".proxyPass = "http://${bensIp}:8096"; # emby runs on port 8096
"notebook.simatime.com".locations = {
"/" = {
proxyPass = "http://${bensIp}:3099";
proxyWebsockets = true;
extraConfig = ''
proxy_buffering off;
proxy_read_timeout 86400;
'';
};
"/(api/kernels/[^/]+/channels|terminals/websocket)/" = {
proxyPass = "http://${bensIp}:3099";
proxyWebsockets = true;
};
};
"stats.simatime.com" = {
locations."/".proxyPass = "http://localhost:${fathomPort}";
forceSSL = true;
enableACME = true;
};
"influencedbybooks.com" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
proxyPass = "http://localhost:${ibbPort}";
};
};
};
};
};
znc = {
enable = true;
mutable = true;
useLegacyConfig = false;
openFirewall = true;
config = {
LoadModule = [ "adminlog" "fail2ban" ];
User.bsima = {
Admin = true;
Nick = "bsima";
AltNick = "bsima1";
LoadModule = [ "chansaver" "controlpanel" ];
Network.freenode = { Server = "chat.freenode.net +6697";
LoadModule = [ "simple_away" "nickserv" ];
Chan = {
"#ai" = {};
"#bsima" = {};
"#emacs" = {};
"#haskell" = {};
"#haskell-miso" = {};
"#home-manager" = {};
"#nixos" = {};
"#servant" = {};
"#sr.ht" = {};
"#xmonad" = {};
};
};
Pass.password = {
Method = "sha256";
Hash = "4a6703074c713a26d56a906fc9ea82bb591177f10a25a650719266bf588d9525";
Salt = "QByO-A:4Rbib;dl_3wEH";
};
};
};
};
};
mailserver = {
enable = true;
monitoring = {
enable = true;
alertAddress = "ben@bsima.me";
};
fqdn = "mail.simatime.com";
domains = [ "simatime.com" ];
certificateScheme = 3; # let's encrypt
enableImap = true;
enablePop3 = true;
enableImapSsl = true;
enablePop3Ssl = true;
enableManageSieve = true;
virusScanning = false; # ur on ur own
loginAccounts = {
"ben@simatime.com" = {
hashedPassword = "$6$Xr180W0PqprtaFB0$9S/Ug1Yz11CaWO7UdVJxQLZWfRUE3/rarB0driXkXALugEeQDLIjG2STGQBLU23//JtK3Mz8Kwsvg1/Zo0vD2/";
aliases = [
# admin stuff
"postmaster@simatime.com"
"abuse@simatime.com"
];
catchAll = [ "simatime.com" ];
quota = "1G";
};
"nick@simatime.com" = {
hashedPassword = "$6$31P/Mg8k8Pezy1e$Fn1tDyssf.1EgxmLYFsQpSq6RP4wbEvP/UlBlXQhyKA9FnmFtJteXsbJM1naa8Kyylo8vZM9zmeoSthHS1slA1";
aliases = [
"nicolai@simatime.com"
];
quota = "1G";
};
};
};
virtualisation = {
libvirtd.enable = true;
docker.enable = true;
virtualbox.guest.enable = true;
virtualbox.host.enable = true;
virtualbox.host.headless = false;
virtualbox.host.addNetworkInterface = true;
};
boot.cleanTmpDir = true;
networking.hostName = "simatime";
networking.firewall.allowPing = true;
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [ benKey ];
}