Merge branch 'server1_mail' into server1_develop

author: ene <ene@sils.li> 2023-03-20 15:06:45 +0100
committer: ene <ene@sils.li> 2023-03-20 15:06:45 +0100
commit: 034bba88dd9e2e1099774dcb33f77a4c904627ba (patch)
tree: 7e48f79857dc58df67f6d8e0f809f693dbd09116 /system/services
parent: Merge branch 'server1_network' into server1_develop (diff)
parent: Fix(system/services/minecraft): Remove to make compile (diff)
download: nixos-server-034bba88dd9e2e1099774dcb33f77a4c904627ba.zip
8 files changed, 52 insertions, 1 deletions
diff --git a/system/services/acme/default.nix b/system/services/acme/default.nix
new file mode 100644
index 0000000..a163e77
--- /dev/null
+++ b/system/services/acme/default.nix
@@ -0,0 +1,30 @@
+{...}: {
+  users.users.nginx.extraGroups = ["acme"];
+
+  services.nginx = {
+    enable = true;
+    virtualHosts = {
+      "acmechallenge.vhack.eu" = {
+        serverAliases = ["*.vhack.eu"];
+        locations."/.well-known/acme-challenge" = {
+          root = "/var/lib/acme/.challenges";
+        };
+        locations."/" = {
+          return = "301 https://$host$request_uri";
+        };
+      };
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "admin@vhack.eu";
+    certs = {
+      "server1.vhack.eu" = {
+        webroot = "/var/lib/acme/.challenges";
+        group = "nginx";
+        extraDomainNames = ["imap.vhack.eu" "smtp.vhack.eu"];
+      };
+    };
+  };
+}
diff --git a/system/services/default.nix b/system/services/default.nix
new file mode 100644
index 0000000..f36cb29
--- /dev/null
+++ b/system/services/default.nix
@@ -0,0 +1,11 @@
+{config, ...}: {
+  imports = [
+    ./acme
+    ./firewall
+    #./minecraft
+    ./nginx
+    ./nix
+    ./opensshd
+    ./rust-motd
+  ];
+}
diff --git a/system/services/firewall/default.nix b/system/services/firewall/default.nix
new file mode 100644
index 0000000..23dbcc4
--- /dev/null
+++ b/system/services/firewall/default.nix
@@ -0,0 +1,11 @@
+# vim: ts=2
+{...}: {
+  networking.firewall = {
+    allowedTCPPorts = [
+      # for mail protocols:
+      465 # SMTP SSL
+      995 # POP3 SSL
+      993 # IMAP SSL
+    ];
+  };
+}
diff --git a/services/services/minecraft.nix b/system/services/minecraft/default.nix
index 754c974..754c974 100644
--- a/services/services/minecraft.nix
+++ b/system/services/minecraft/default.nix
diff --git a/services/services/nginx.nix b/system/services/nginx/default.nix
index 204783b..204783b 100644
--- a/services/services/nginx.nix
+++ b/system/services/nginx/default.nix
diff --git a/services/services/nix.nix b/system/services/nix/default.nix
index bd562ec..bd562ec 100644
--- a/services/services/nix.nix
+++ b/system/services/nix/default.nix
diff --git a/services/services/opensshd.nix b/system/services/opensshd/default.nix
index cb9f2ba..75c5aef 100644
--- a/services/services/opensshd.nix
+++ b/system/services/opensshd/default.nix
@@ -8,7 +8,6 @@
     passwordAuthentication = false;
     hostKeys = [
       {
-        comment = "key comment";
         path = "/srv/sshd/ssh_host_ed25519_key";
         rounds = 1000;
         type = "ed25519";
diff --git a/services/services/rust-motd.nix b/system/services/rust-motd/default.nix
index 21bc1cd..21bc1cd 100644
--- a/services/services/rust-motd.nix
+++ b/system/services/rust-motd/default.nix
author	ene <ene@sils.li>	2023-03-20 15:06:45 +0100
committer	ene <ene@sils.li>	2023-03-20 15:06:45 +0100
commit	034bba88dd9e2e1099774dcb33f77a4c904627ba (patch)
tree	7e48f79857dc58df67f6d8e0f809f693dbd09116 /system/services
parent	Merge branch 'server1_network' into server1_develop (diff)
parent	Fix(system/services/minecraft): Remove to make compile (diff)
download	nixos-server-034bba88dd9e2e1099774dcb33f77a4c904627ba.zip