nixos-config/config/host-config/france.nix

{ config, lib, pkgs, ... }:

with lib;
let
  primary-ip = "208.81.3.117";
  git-server-ip = "208.81.3.118";
  hostname = config.instance.hostname;
  domain-name = config.fudo.hosts.${hostname}.domain;
  domain = config.fudo.domains.${domain-name};
  host-fqdn = "${hostname}.${domain-name}";
  mail-hostname = "mail.fudo.org";

  france-secrets = config.fudo.secrets.host-secrets.france;

  acme-private-key = hostname: "/var/lib/acme/${hostname}/key.pem";
  acme-certificate = hostname: "/var/lib/acme/${hostname}/fullchain.pem";

in {
  imports = let
    is-regular-file = filename: type: type == "regular" || type == "link";
    regular-files = path:
      attrNames (filterAttrs is-regular-file (builtins.readDir path));
    is-nix-file = filename: (builtins.match "^(.+)\.nix$" filename) != null;
    nix-files = path:
      map
        (file: path + "/${file}")
        (filter is-nix-file (regular-files path));
  in nix-files ./france;

  config = {
    fudo = {
      hosts.france.external-interfaces = [ "extif0" ];

      client.dns = {
        enable = true;
        ipv4 = true;
        ipv6 = true;
        user = "fudo-client";
        external-interface = "extif0";
      };

      france = {
        mail = {
          mail-directory = "/state/mail-server/mail";
          state-directory = "/state/mail-server/var";
          ldap-server-urls = [
            "ldap://france.fudo.org"
          ];
        };

        webmail = {
          # TODO: this is not using the database!
          mail-server = mail-hostname;
          database.hostname = "localhost";
        };

        git = {
          repository-directory = "/state/gitea/repo";
          state-directory = "/state/gitea/state";
          ssh.listen-ip = git-server-ip;
        };
      };

      minecraft-server = {
        enable = true;
        package = pkgs.minecraft-current;
        data-dir = "/state/minecraft/selbyland";
        world-name = "selbyland";
        motd = "Welcome to the Selby Minecraft server.";
      };
    };

    networking = {
      intif0 = {
        ipv4.addresses = [{
          address = "192.168.11.1";
          prefixLength = 24;
        }];
      };
      extif0 = {
        ipv4.addresses = [
          {
            address = primary-ip;
            prefixLength = 28;
          }
          {
            address = git-server-ip;
            prefixLength = 32;
          }
        ];
      };
    };

    services = {
      nginx = {
        enable = true;
        recommendedGzipSettings = true;
        recommendedOptimisations = true;
        recommendedTlsSettings = true;
        recommendedProxySettings = true;

        virtualHosts = {
          "mail.fudo.org" = {
            enableACME = true;
            locations."/".return = "301 https://webmail.fudo.org$request_uri";
          };
        };
      };
    };
  };
}
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00			`{ config, lib, pkgs, ... }:`

Partway to getting France back in the fold. Stuck on ACME certs. 2021-10-28 09:32:35 -07:00			`with lib;`
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00			`let`
			`primary-ip = "208.81.3.117";`
Initial, broken 2021-09-29 17:55:13 -07:00			`git-server-ip = "208.81.3.118";`
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00			`hostname = config.instance.hostname;`
			`domain-name = config.fudo.hosts.${hostname}.domain;`
			`domain = config.fudo.domains.${domain-name};`
			`host-fqdn = "${hostname}.${domain-name}";`
			`mail-hostname = "mail.fudo.org";`

Partway to getting France back in the fold. Stuck on ACME certs. 2021-10-28 09:32:35 -07:00			`france-secrets = config.fudo.secrets.host-secrets.france;`

			`acme-private-key = hostname: "/var/lib/acme/${hostname}/key.pem";`
			`acme-certificate = hostname: "/var/lib/acme/${hostname}/fullchain.pem";`

Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00			`in {`
Partway to getting France back in the fold. Stuck on ACME certs. 2021-10-28 09:32:35 -07:00			`imports = let`
			`is-regular-file = filename: type: type == "regular" \|\| type == "link";`
			`regular-files = path:`
			`attrNames (filterAttrs is-regular-file (builtins.readDir path));`
			`is-nix-file = filename: (builtins.match "^(.+)\.nix$" filename) != null;`
			`nix-files = path:`
			`map`
			`(file: path + "/${file}")`
			`(filter is-nix-file (regular-files path));`
			`in nix-files ./france;`
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00
			`config = {`
			`fudo = {`
Partway to getting France back in the fold. Stuck on ACME certs. 2021-10-28 09:32:35 -07:00			`hosts.france.external-interfaces = [ "extif0" ];`
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00
			`client.dns = {`
			`enable = true;`
			`ipv4 = true;`
			`ipv6 = true;`
Partway to getting France back in the fold. Stuck on ACME certs. 2021-10-28 09:32:35 -07:00			`user = "fudo-client";`
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00			`external-interface = "extif0";`
			`};`

Partway to getting France back in the fold. Stuck on ACME certs. 2021-10-28 09:32:35 -07:00			`france = {`
			`mail = {`
			`mail-directory = "/state/mail-server/mail";`
			`state-directory = "/state/mail-server/var";`
			`ldap-server-urls = [`
			`"ldap://france.fudo.org"`
			`];`
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00			`};`

Partway to getting France back in the fold. Stuck on ACME certs. 2021-10-28 09:32:35 -07:00			`webmail = {`
			`# TODO: this is not using the database!`
			`mail-server = mail-hostname;`
			`database.hostname = "localhost";`
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00			`};`
Partway to getting France back in the fold. Stuck on ACME certs. 2021-10-28 09:32:35 -07:00
			`git = {`
			`repository-directory = "/state/gitea/repo";`
			`state-directory = "/state/gitea/state";`
			`ssh.listen-ip = git-server-ip;`
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00			`};`
			`};`

			`minecraft-server = {`
			`enable = true;`
			`package = pkgs.minecraft-current;`
Partway to getting France back in the fold. Stuck on ACME certs. 2021-10-28 09:32:35 -07:00			`data-dir = "/state/minecraft/selbyland";`
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00			`world-name = "selbyland";`
			`motd = "Welcome to the Selby Minecraft server.";`
			`};`
			`};`

			`networking = {`
			`intif0 = {`
			`ipv4.addresses = [{`
			`address = "192.168.11.1";`
			`prefixLength = 24;`
			`}];`
			`};`
			`extif0 = {`
			`ipv4.addresses = [`
			`{`
			`address = primary-ip;`
			`prefixLength = 28;`
			`}`
			`{`
			`address = git-server-ip;`
			`prefixLength = 32;`
			`}`
			`];`
			`};`
			`};`

			`services = {`
			`nginx = {`
			`enable = true;`
			`recommendedGzipSettings = true;`
			`recommendedOptimisations = true;`
			`recommendedTlsSettings = true;`
			`recommendedProxySettings = true;`

			`virtualHosts = {`
			`"mail.fudo.org" = {`
			`enableACME = true;`
			`locations."/".return = "301 https://webmail.fudo.org$request_uri";`
			`};`
			`};`
			`};`
			`};`
			`};`
			`}`