clouvider-lon01: add ZNC
This commit is contained in:
parent
129bdd0e69
commit
4da102053c
1 changed files with 38 additions and 0 deletions
|
@ -106,6 +106,10 @@ in {
|
|||
ipv6.addresses = [{ address = "2a0a:54c0:0:17::2"; prefixLength = 126; }];
|
||||
};
|
||||
firewall.allowPing = true;
|
||||
firewall.allowedTCPPorts = [
|
||||
80 443 # HTTP/nginx
|
||||
6697 # znc
|
||||
];
|
||||
};
|
||||
my.ip.tailscale = "100.79.173.25";
|
||||
|
||||
|
@ -124,6 +128,11 @@ in {
|
|||
users.users = {
|
||||
lukegb.extraGroups = [ "bird2" ];
|
||||
};
|
||||
users.groups = {
|
||||
znc-acme = {
|
||||
members = [ "znc" "nginx" ];
|
||||
};
|
||||
};
|
||||
|
||||
services.lukegbgp = let local = {
|
||||
asn = 205479;
|
||||
|
@ -152,5 +161,34 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
services.znc = {
|
||||
enable = true;
|
||||
mutable = true;
|
||||
dataDir = "/persist/etc/znc";
|
||||
useLegacyConfig = false;
|
||||
};
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
email = "letsencrypt@lukegb.com";
|
||||
certs."znc.lukegb.com" = {
|
||||
webroot = "/var/lib/acme/.challenges";
|
||||
group = "znc-acme";
|
||||
extraDomainNames = ["akiichiro.lukegb.com"];
|
||||
};
|
||||
};
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"clouvider-lon01.as205479.net" = {
|
||||
locations."/.well-known/acme-challenge" = {
|
||||
root = "/var/lib/acme/.challenges";
|
||||
};
|
||||
locations."/" = {
|
||||
return = "301 https://$host$request_uri";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "20.09";
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue