summary refs log tree commit diff stats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--configuration.nix29
-rw-r--r--modules/webserver.nix40
2 files changed, 50 insertions, 19 deletions
diff --git a/configuration.nix b/configuration.nix
index 361aff7..e95f0cb 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -2,23 +2,19 @@
 
 {
   imports =
-    [ # Include the results of the hardware scan.
+    [
       ./hardware-configuration.nix
+      ./modules/ssh.nix
+      ./modules/user.nix
       ./modules/minecraft-server.nix
+      ./modules/webserver.nix
+      ./modules/syncthing.nix
+      ./modules/mailserver.nix
     ];
 
-  boot.loader.grub.enable = true;
-  boot.loader.grub.device = "/dev/vda";
-
   networking.hostName = "nixos";
-
   time.timeZone = "Europe/Berlin";
-
-  users.users.admin = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" ];
-    openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZxiAIsF13XqqxG0QzGFhT3iLDMsu2snb0wJOPUUq8e chris@deskpin" ];
-  };
+  networking.firewall.enable = true;
 
   environment.systemPackages = with pkgs; [
     git
@@ -26,15 +22,10 @@
     openssh
     htop
     lazygit
-  ];
-
-  services.openssh.enable = true;
-  services.openssh.settings.PasswordAuthentication = false;
-  security.sudo.wheelNeedsPassword = false;
 
-  networking.firewall.enable = true;
-  networking.firewall.allowedTCPPorts = [ 22 ];
-  networking.firewall.allowedUDPPorts = [ ];
+    python312
+    python312Packages.flask
+  ];
 
   system.copySystemConfiguration = true;
   system.stateVersion = "24.11";
diff --git a/modules/webserver.nix b/modules/webserver.nix
new file mode 100644
index 0000000..50b28f4
--- /dev/null
+++ b/modules/webserver.nix
@@ -0,0 +1,40 @@
+{ config, libs, pkgs, ... }:
+{
+
+  users.users.nginx.extraGroups = [ "acme" ];
+  services.nginx = {
+    enable = true;
+    virtualHosts = {
+      "krinitsin.com" = {
+        forceSSL = true;
+        enableACME = true;
+        root = "/var/www/krinitsin.com";
+	serverAliases = [ "www.krinitsin.com" ];
+
+	locations."/shopping/".basicAuthFile = "/secret/shopping_auth";
+	locations."/shopping/api/".proxyPass = "http://krinitsin.com:5000";
+      };
+
+      "recipes.krinitsin.com" = {
+        forceSSL = true;
+	useACMEHost = "krinitsin.com";
+	root = "/var/www/recipes.krinitsin.com";
+	serverAliases = [ "rezepte.krinitsin.com" ]
+      };
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "christian@krinitsin.xyz";
+    certs."krinitsin.com".extraDomainNames = [ "shopping.krinitsin.com" "webmail.krinitsin.com" ];
+  };
+
+  systemd.services.flask = {
+    enable = true;
+    wantedBy = ["default.target"];
+    serviceConfig.ExecStart = ''/run/current-system/sw/bin/flask --app /var/www/krinitsin.com/shopping/app.py run -h krinitsin.com'';
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 5000 ];
+}