113 lines
2.2 KiB
Nix
113 lines
2.2 KiB
Nix
{ lib, config, pkgs, ... }:
|
|
|
|
let
|
|
hostname = config.networking.hostName;
|
|
|
|
www-root = "/var/www";
|
|
|
|
index = pkgs.writeTextFile {
|
|
name = "index.html";
|
|
|
|
text = ''
|
|
<html>
|
|
<head>
|
|
<title>${hostname}</title>
|
|
</head>
|
|
<body>
|
|
<h1>${hostname}</title>
|
|
</body>
|
|
</html>
|
|
'';
|
|
destination = www-root + ("/" + hostname);
|
|
};
|
|
|
|
in {
|
|
|
|
config = {
|
|
time.timeZone = "America/Winnipeg";
|
|
|
|
services.cron = {
|
|
mailto = "admin@fudo.org";
|
|
};
|
|
|
|
networking = {
|
|
domain = "fudo.org";
|
|
|
|
search = ["fudo.org"];
|
|
|
|
firewall.enable = false;
|
|
|
|
networkmanager.enable = pkgs.lib.mkForce false;
|
|
|
|
defaultGateway = "208.81.3.113";
|
|
|
|
nameservers = [ "1.1.1.1" "208.81.7.14" "2606:4700:4700::1111" ];
|
|
};
|
|
|
|
security.acme.certs."${hostname}" = {
|
|
email = "admin@fudo.org";
|
|
|
|
plugins = [
|
|
"fullchain.pem"
|
|
"full.pem"
|
|
"key.pem"
|
|
"chain.pem"
|
|
"cert.pem"
|
|
];
|
|
};
|
|
|
|
services = {
|
|
prometheus.exporters.node = {
|
|
enable = true;
|
|
enabledCollectors = [ "systemd" ];
|
|
user = "node";
|
|
};
|
|
|
|
nginx = {
|
|
enable = true;
|
|
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedTlsSettings = true;
|
|
|
|
virtualHosts = {
|
|
|
|
"${hostname}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
root = www-root + ("/" + hostname);
|
|
|
|
listen = [
|
|
{
|
|
addr = hostname;
|
|
port = 80;
|
|
ssl = false;
|
|
}
|
|
{
|
|
addr = hostname;
|
|
port = 443;
|
|
ssl = true;
|
|
}
|
|
];
|
|
|
|
locations."/metrics/node" = {
|
|
extraConfig = ''
|
|
allow 208.81.1.128/28;
|
|
allow 208.81.3.112/28;
|
|
allow 127.0.0.0/16;
|
|
deny all;
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header Host $host;
|
|
'';
|
|
# proxy_set_header Host $http_host;
|
|
|
|
proxyPass = "http://127.0.0.1:9100/metrics";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|