nix
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nixos-config/config/hosts/france.nix

180 lines
4.3 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
let
primary-ip = "208.81.3.117";
hostname = config.instance.hostname;
domain-name = config.fudo.hosts.${hostname}.domain;
domain = config.fudo.domains.${domain-name};
host-fqdn = "${hostname}.${domain-name}";
mail-hostname = "mail.fudo.org";
in {
imports = [ ./france/postgresql.nix ];
config = {
fudo = {
auth = {
ldap = {
enable = true;
base = "dc=fudo,dc=org";
organization = "Fudo";
rootpw-file = "FIXME";
kerberos-host = host-fqdn;
kerberos-keytab = "FIXME";
sslCert = "FIXME";
sslKey = "FIXME";
sslCaCert = "FIXME";
listen-uris = [ "ldap:///" "ldaps:///" "ldapi:///" ];
users = config.fudo.users;
groups = config.fudo.groups;
system-users = config.fudo.system-users;
};
kdc = let realm = "FUDO.ORG";
in {
enable = true;
database-path = "FIXME";
realm = realm;
mkey-file = "FIXME";
acl = [
{
principal = "pam_migrate/*.fudo.org@${realm}";
access = "add";
}
{
principal = "host/*.fudo.org@${realm}";
access = "add";
}
] ++ (concatMap (user: [
{
principal = "${user}@${realm}";
access = "add,list,modify";
}
{
principal = "${user}/root@${realm}";
access = "all";
}
]) domain.admin-users);
bind-addresses = [ primary-ip "127.0.0.1" "127.0.1.1" "::1" ];
};
};
prometheus = {
enable = true;
hostname = "metrics.fudo.org";
service-discovery-dns = let dns-root = "_metrics._tcp.fudo.org";
in {
node = [ "node.${dns-root}" ];
postfix = [ "postfix.${dns-root}" ];
dovecot = [ "dovecot.${dns-root}" ];
rspamd = [ "rspamd.${dns-root}" ];
};
};
postgresql = {
enable = true;
# FIXME: ssl-private-key && ssl certificate
keytab = "/srv/postgres/secure/postgres.keytab";
local-networks = getHostLocalNetworks hostname;
admin-users = domain.admin-users;
};
client.dns = {
enable = true;
ipv4 = true;
ipv6 = true;
user = "FIXME";
external-interface = "extif0";
password-file = "FIXME";
};
mail-server = domain.mail-config // {
enableContainer = true;
monitoring = true;
hostname = mail-hostname;
state-directory = "FIXME";
mail-directory = "FIXME";
dovecot.ldap = {
reader-dn = "FIXME";
reader-password = "FIXME";
server-urls = [ "FIXME" ];
};
clamav.enable = true;
dkim.signing = true;
};
git = {
enable = true;
hostname = "git.fudo.org";
site-name = "Fudo Git";
user = "FIXME";
database = {
user = "FIXME";
password-file = "FIXME";
hostname = "127.0.0.1";
name = "FIXME";
};
repository-dir = "FIXME";
state-dir = "FIXME";
ssh = {
listen-ip = git-server-ip;
listen-port = 22;
};
};
minecraft-server = {
enable = true;
package = pkgs.minecraft-current;
data-dir = "FIXME";
world-name = "selbyland";
motd = "Welcome to the Selby Minecraft server.";
};
};
networking = {
intif0 = {
ipv4.addresses = [{
address = "192.168.11.1";
prefixLength = 24;
}];
};
extif0 = {
ipv4.addresses = [
{
address = primary-ip;
prefixLength = 28;
}
{
address = git-server-ip;
prefixLength = 32;
}
];
};
};
services = {
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisations = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"mail.fudo.org" = {
enableACME = true;
locations."/".return = "301 https://webmail.fudo.org$request_uri";
};
};
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink