felix/nixos
1
0
Fork 0
mirror of https://github.com/Stunkymonkey/nixos.git synced 2025-05-24 09:54:40 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

machine/serverle: enable nginx with separate network config

Browse source
This commit is contained in:
Felix Buehler 2023-02-23 20:02:46 +01:00
parent 7085003f2a
commit 6d0b676cce
3 changed files with 39 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

5
machines/serverle/configuration.nix
View file

@ -4,6 +4,7 @@
./hardware-configuration.nix
./disks.nix
./dyndns.nix
./network.nix
./services.nix
./syncthing.nix
./system.nix
@ -21,10 +22,6 @@
gnupg.sshKeyPaths = [ ];
};
networking.firewall.allowedTCPPorts = [
8080 # aria
];
# Nix
nix.gc = {
automatic = true;

11
machines/serverle/network.nix Normal file
View file

@ -0,0 +1,11 @@
{ config, lib, pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [
8080 # aria
];
networking = {
domain = "stunkymonkey.de";
search = [ "stunkymonkey.de" ];
};
}

27
machines/serverle/services.nix
View file

@ -4,8 +4,12 @@ let
secrets = config.sops.secrets;
in
{
sops.secrets."acme/inwx" = { };
sops.secrets."borgbackup/password" = { };
sops.secrets."borgbackup/ssh_key" = { };
sops.secrets."sso/auth-key" = { };
sops.secrets."sso/felix/password-hash" = { };
sops.secrets."sso/felix/totp-secret" = { };
# List services that you want to enable:
my.services = {
@ -23,5 +27,28 @@ in
jellyfin = {
enable = true;
};
# Dashboard
homer = {
enable = true;
};
# Webserver
nginx = {
enable = true;
acme = {
credentialsFile = secrets."acme/inwx".path;
};
sso = {
authKeyFile = secrets."sso/auth-key".path;
users = {
felix = {
passwordHashFile = secrets."sso/felix/password-hash".path;
totpSecretFile = secrets."sso/felix/totp-secret".path;
};
};
groups = {
root = [ "felix" ];
};
};
};
};
}