This commit is contained in:
Rustam Efimov
commit
30ce0dafc2
195 changed files with 8902 additions and 0 deletions
161
hosts/velarion/machine.nix
Normal file
161
hosts/velarion/machine.nix
Normal file
|
|
@ -0,0 +1,161 @@
|
|||
{dns, ...}: let
|
||||
domain = "ruject.fun";
|
||||
database = {
|
||||
host = "127.0.0.1";
|
||||
port = 5432;
|
||||
};
|
||||
ipv4 = "94.156.112.0";
|
||||
in {
|
||||
services.nginx.enable = true;
|
||||
machine = {
|
||||
gateway = "10.0.0.1";
|
||||
inherit ipv4;
|
||||
bind = {
|
||||
enable = true;
|
||||
inherit domain;
|
||||
zones = with dns.lib.combinators; {
|
||||
${domain} = {
|
||||
SOA = {
|
||||
nameServer = "ns1";
|
||||
adminEmail = "hostmaster";
|
||||
serial = 2019030800;
|
||||
refresh = 3 * 60 * 60; # 3 hours
|
||||
retry = 1 * 60 * 60; # 1 hour
|
||||
expire = 7 * 24 * 60 * 60; # 7 days
|
||||
};
|
||||
useOrigin = false;
|
||||
NS = [
|
||||
"ns1"
|
||||
"ns2"
|
||||
];
|
||||
|
||||
A = [ipv4];
|
||||
|
||||
subdomains = rec {
|
||||
ns1 = host ipv4 null;
|
||||
ns2 = ns1;
|
||||
"3x-ui" = ns1;
|
||||
"sub.3x-ui" = ns1;
|
||||
git = ns1;
|
||||
music = ns1;
|
||||
bitwarden = ns1;
|
||||
roundcube = ns1;
|
||||
status = ns1;
|
||||
irc = ns1;
|
||||
"upload.irc" = ns1;
|
||||
nextcloud = ns1;
|
||||
code = ns1;
|
||||
mail = ns1;
|
||||
matrix = ns1;
|
||||
chat = ns1;
|
||||
turn = ns1;
|
||||
};
|
||||
|
||||
TXT = [
|
||||
(with spf; strict ["a:mail.ruject.fun"])
|
||||
];
|
||||
|
||||
MX = with mx; [(mx 10 "mail.ruject.fun.")];
|
||||
|
||||
DMARC = [
|
||||
{
|
||||
p = "quarantine";
|
||||
adkim = "strict";
|
||||
aspf = "strict";
|
||||
}
|
||||
];
|
||||
DKIM = [
|
||||
{
|
||||
selector = "mail";
|
||||
k = "rsa";
|
||||
p = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0L14rM/ObA5WwVlPpCMiy3ESOhqo9Ye0edtc52sjt+YxJxpDgT1oo1yCdoXWbF38/f2RfqgmBCKg0+N9YQFsAL8FbBcAlkERXbt52T/5A5gBkfUnwB1I646WQdT43JsCWiSYgDc4IcVM/tG8Quj/oKois+b8W6dco6NWLET7bBcnBCEfJYL7TLnG+O83poB+gHef3g0WqwMMqXqbgvJutGb4uevJ327Ywa77fcUp7oYrMvgz6ESmetgmsizTwJadwuXC2k4E50ZmlM3tdjpisQgaUImJBqEa311SXfkhD9AbKjfp5tmOjinPMZwqVM09GFkIn89X7U6LDykh85zBNwIDAQAB";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
code-server = {
|
||||
enable = true;
|
||||
port = 4444;
|
||||
domain = "code.${domain}";
|
||||
user = "rus07tam";
|
||||
hashedPassword = "$argon2i$v=19$m=4096,t=3,p=1$Z29zNjNOalFobUwyak1YY3pwYlYwL0IrN053PQ$hmRE46O8UM9zTgINjt5/xn35xypU+MMxNNq1r7xPXqo";
|
||||
};
|
||||
coturn = {
|
||||
enable = true;
|
||||
startPort = 49000;
|
||||
endPort = 50000;
|
||||
realm = "turn.${domain}";
|
||||
};
|
||||
forgejo = {
|
||||
enable = true;
|
||||
enableRunner = true;
|
||||
domain = "git.${domain}";
|
||||
port = 3000;
|
||||
inherit database;
|
||||
};
|
||||
mail = {
|
||||
enable = true;
|
||||
inherit domain;
|
||||
fqdn = "mail.${domain}";
|
||||
};
|
||||
minecraft-server = {
|
||||
enable = false;
|
||||
port = 25565;
|
||||
};
|
||||
mysql = {
|
||||
enable = true;
|
||||
port = 3306;
|
||||
};
|
||||
navidrome = {
|
||||
enable = true;
|
||||
domain = "music.${domain}";
|
||||
port = 4533;
|
||||
folder = "/mnt/music";
|
||||
};
|
||||
postgresql = {
|
||||
enable = true;
|
||||
port = 5432;
|
||||
};
|
||||
prosody = {
|
||||
enable = true;
|
||||
port = 5347;
|
||||
domain = "irc.${domain}";
|
||||
};
|
||||
nextcloud = {
|
||||
enable = true;
|
||||
host = "nextcloud.${domain}";
|
||||
};
|
||||
redis = {
|
||||
enable = true;
|
||||
port = 6379;
|
||||
};
|
||||
roundcube = {
|
||||
enable = true;
|
||||
domain = "roundcube.${domain}";
|
||||
};
|
||||
synapse = {
|
||||
enable = true;
|
||||
element = {
|
||||
enable = true;
|
||||
domain = "chat.${domain}";
|
||||
};
|
||||
domain = "matrix.${domain}";
|
||||
port = 8008;
|
||||
metrics = {
|
||||
enable = true;
|
||||
port = 9000;
|
||||
};
|
||||
};
|
||||
uptime-kuma = {
|
||||
enable = true;
|
||||
domain = "status.${domain}";
|
||||
port = 4000;
|
||||
};
|
||||
vaultwarden = {
|
||||
enable = true;
|
||||
domain = "bitwarden.${domain}";
|
||||
port = 4534;
|
||||
};
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue