clouvider-lon01: add ZNC

This commit is contained in:
Luke Granger-Brown 2020-11-04 16:27:46 +00:00
parent 129bdd0e69
commit 4da102053c

View file

@ -106,6 +106,10 @@ in {
ipv6.addresses = [{ address = "2a0a:54c0:0:17::2"; prefixLength = 126; }]; ipv6.addresses = [{ address = "2a0a:54c0:0:17::2"; prefixLength = 126; }];
}; };
firewall.allowPing = true; firewall.allowPing = true;
firewall.allowedTCPPorts = [
80 443 # HTTP/nginx
6697 # znc
];
}; };
my.ip.tailscale = "100.79.173.25"; my.ip.tailscale = "100.79.173.25";
@ -124,6 +128,11 @@ in {
users.users = { users.users = {
lukegb.extraGroups = [ "bird2" ]; lukegb.extraGroups = [ "bird2" ];
}; };
users.groups = {
znc-acme = {
members = [ "znc" "nginx" ];
};
};
services.lukegbgp = let local = { services.lukegbgp = let local = {
asn = 205479; asn = 205479;
@ -152,5 +161,34 @@ in {
}; };
}; };
services.znc = {
enable = true;
mutable = true;
dataDir = "/persist/etc/znc";
useLegacyConfig = false;
};
security.acme = {
acceptTerms = true;
email = "letsencrypt@lukegb.com";
certs."znc.lukegb.com" = {
webroot = "/var/lib/acme/.challenges";
group = "znc-acme";
extraDomainNames = ["akiichiro.lukegb.com"];
};
};
services.nginx = {
enable = true;
virtualHosts = {
"clouvider-lon01.as205479.net" = {
locations."/.well-known/acme-challenge" = {
root = "/var/lib/acme/.challenges";
};
locations."/" = {
return = "301 https://$host$request_uri";
};
};
};
};
system.stateVersion = "20.09"; system.stateVersion = "20.09";
} }