nixos/applications/skynet_users.nix

97 lines
1.9 KiB
Nix

{
config,
pkgs,
lib,
inputs,
...
}:
with lib; let
cfg = config.services.skynet_users;
in {
imports = [
./acme.nix
./dns.nix
./nginx.nix
];
options.services.skynet_users = {
host = {
ip = mkOption {
type = types.str;
};
name = mkOption {
type = types.str;
};
};
};
config = {
# ssh access
# allow more than admins access
services.skynet_ldap_client = {
groups = [
"skynet-admins-linux"
"skynet-users-linux"
];
};
# Website config
skynet_acme.domains = [
"users.skynet.ie"
"*.users.skynet.ie"
];
skynet_dns.records = [
{
record = "users";
r_type = "CNAME";
value = cfg.host.name;
}
{
record = "*.users";
r_type = "CNAME";
value = cfg.host.name;
}
];
environment.systemPackages = [pkgs.vim];
networking = {
defaultGateway = {
address = lib.mkDefault "193.1.96.161";
interface = lib.mkDefault "eth1";
};
};
# normally services cannot read home dirs
systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
services.nginx.virtualHosts = {
"${cfg.host.ip}" = {
forceSSL = true;
useACMEHost = "skynet";
locations."/".return = "307 https://skynet.ie";
};
# main site
"*.users.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
serverName = "~^(?<user>.+)\.users\.skynet\.ie";
# username.users.skynet.ie/
# user goes:
# chmod 711 ~
# chmod -R 755 ~/public_html
locations."/" = {
alias = "/home/$user/public_html/";
index = "index.html";
extraConfig = "autoindex on;";
tryFiles = "$uri$args $uri$args/ /index.html";
};
};
};
};
}