{ lib, config, pkgs, ... }:
let
hostname = config.networking.hostName;
www-root = "/var/www";
index = pkgs.writeTextFile {
name = "index.html";
text = ''
${hostname}
${hostname}
'';
destination = www-root + ("/" + hostname);
};
in {
config = {
time.timeZone = "America/Winnipeg";
services.cron = {
mailto = "admin@fudo.org";
};
networking = {
domain = "fudo.org";
search = ["fudo.org"];
firewall.enable = false;
networkmanager.enable = pkgs.lib.mkForce false;
defaultGateway = "208.81.3.113";
nameservers = [ "1.1.1.1" "208.81.7.14" "2606:4700:4700::1111" ];
};
security.acme.certs."${hostname}" = {
email = "admin@fudo.org";
plugins = [
"fullchain.pem"
"full.pem"
"key.pem"
"chain.pem"
"cert.pem"
];
};
services = {
prometheus.exporters.node = {
enable = true;
enabledCollectors = [ "systemd" ];
user = "node";
};
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
virtualHosts = {
"${hostname}" = {
enableACME = true;
forceSSL = true;
root = www-root + ("/" + hostname);
listen = [
{
addr = hostname;
port = 80;
ssl = false;
}
{
addr = hostname;
port = 443;
ssl = true;
}
];
locations."/metrics/node" = {
extraConfig = ''
allow 208.81.1.128/28;
allow 208.81.3.112/28;
allow 127.0.0.0/16;
deny all;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
'';
# proxy_set_header Host $http_host;
proxyPass = "http://127.0.0.1:9100/metrics";
};
};
};
};
};
};
}