nixos/applications/skynet_users.nix

72 lines
No EOL
1.4 KiB
Nix

{ config, pkgs, lib, inputs, ... }:
with lib;
let
cfg = config.services.skynet_users;
in {
imports = [
./acme.nix
./dns.nix
./nginx.nix
];
options.services.skynet_users = {
host = {
ip = mkOption {
type = types.str;
};
name = mkOption {
type = types.str;
};
};
};
config = {
# ssh access
# allow more than admins access
services.skynet_ldap_client = {
groups = [
"skynet-admins-linux"
"skynet-users-linux"
];
};
# Website config
skynet_acme.domains = [
"users.skynet.ie"
"*.users.skynet.ie"
];
skynet_dns.records = [
{record ="users"; r_type="CNAME"; value=cfg.host.name;}
{record="*.users"; r_type="CNAME"; value=cfg.host.name;}
];
networking.firewall.allowedTCPPorts = [80 443];
# normally services cannot read home dirs
systemd.services.nginx.serviceConfig.ProtectHome="read-only";
services.nginx.virtualHosts = {
# main site
"*.users.skynet.ie" = {
forceSSL = true;
useACMEHost = "skynet";
serverName = "~^(?<user>.+)\.users\.skynet\.ie";
# username.users.skynet.ie/
# user goes:
# chmod 711 ~
# chmod -R 755 ~/public_html
locations."/" = {
alias = "/home/$user/public_html/";
index = "index.html";
extraConfig = "autoindex on;";
};
};
};
};
}