161 lines
3.7 KiB
Nix
161 lines
3.7 KiB
Nix
{dns, ...}: let
|
|
domain = "ruject.fun";
|
|
database = {
|
|
host = "127.0.0.1";
|
|
port = 5432;
|
|
};
|
|
ipv4 = "94.156.112.0";
|
|
in {
|
|
services.nginx.enable = true;
|
|
machine = {
|
|
gateway = "10.0.0.1";
|
|
inherit ipv4;
|
|
bind = {
|
|
enable = true;
|
|
inherit domain;
|
|
zones = with dns.lib.combinators; {
|
|
${domain} = {
|
|
SOA = {
|
|
nameServer = "ns1";
|
|
adminEmail = "hostmaster";
|
|
serial = 2019030800;
|
|
refresh = 3 * 60 * 60; # 3 hours
|
|
retry = 1 * 60 * 60; # 1 hour
|
|
expire = 7 * 24 * 60 * 60; # 7 days
|
|
};
|
|
useOrigin = false;
|
|
NS = [
|
|
"ns1"
|
|
"ns2"
|
|
];
|
|
|
|
A = [ipv4];
|
|
|
|
subdomains = rec {
|
|
ns1 = host ipv4 null;
|
|
ns2 = ns1;
|
|
"3x-ui" = ns1;
|
|
"sub.3x-ui" = ns1;
|
|
git = ns1;
|
|
music = ns1;
|
|
bitwarden = ns1;
|
|
roundcube = ns1;
|
|
status = ns1;
|
|
irc = ns1;
|
|
"upload.irc" = ns1;
|
|
nextcloud = ns1;
|
|
code = ns1;
|
|
mail = ns1;
|
|
matrix = ns1;
|
|
chat = ns1;
|
|
turn = ns1;
|
|
};
|
|
|
|
TXT = [
|
|
(with spf; strict ["a:mail.ruject.fun"])
|
|
];
|
|
|
|
MX = with mx; [(mx 10 "mail.ruject.fun.")];
|
|
|
|
DMARC = [
|
|
{
|
|
p = "quarantine";
|
|
adkim = "strict";
|
|
aspf = "strict";
|
|
}
|
|
];
|
|
DKIM = [
|
|
{
|
|
selector = "mail";
|
|
k = "rsa";
|
|
p = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0L14rM/ObA5WwVlPpCMiy3ESOhqo9Ye0edtc52sjt+YxJxpDgT1oo1yCdoXWbF38/f2RfqgmBCKg0+N9YQFsAL8FbBcAlkERXbt52T/5A5gBkfUnwB1I646WQdT43JsCWiSYgDc4IcVM/tG8Quj/oKois+b8W6dco6NWLET7bBcnBCEfJYL7TLnG+O83poB+gHef3g0WqwMMqXqbgvJutGb4uevJ327Ywa77fcUp7oYrMvgz6ESmetgmsizTwJadwuXC2k4E50ZmlM3tdjpisQgaUImJBqEa311SXfkhD9AbKjfp5tmOjinPMZwqVM09GFkIn89X7U6LDykh85zBNwIDAQAB";
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
code-server = {
|
|
enable = true;
|
|
port = 4444;
|
|
domain = "code.${domain}";
|
|
user = "rus07tam";
|
|
hashedPassword = "$argon2i$v=19$m=4096,t=3,p=1$Z29zNjNOalFobUwyak1YY3pwYlYwL0IrN053PQ$hmRE46O8UM9zTgINjt5/xn35xypU+MMxNNq1r7xPXqo";
|
|
};
|
|
coturn = {
|
|
enable = true;
|
|
startPort = 49000;
|
|
endPort = 50000;
|
|
realm = "turn.${domain}";
|
|
};
|
|
forgejo = {
|
|
enable = true;
|
|
enableRunner = true;
|
|
domain = "git.${domain}";
|
|
port = 3000;
|
|
inherit database;
|
|
};
|
|
mail = {
|
|
enable = true;
|
|
inherit domain;
|
|
fqdn = "mail.${domain}";
|
|
};
|
|
minecraft-server = {
|
|
enable = false;
|
|
port = 25565;
|
|
};
|
|
mysql = {
|
|
enable = true;
|
|
port = 3306;
|
|
};
|
|
navidrome = {
|
|
enable = true;
|
|
domain = "music.${domain}";
|
|
port = 4533;
|
|
folder = "/mnt/music";
|
|
};
|
|
postgresql = {
|
|
enable = true;
|
|
port = 5432;
|
|
};
|
|
prosody = {
|
|
enable = true;
|
|
port = 5347;
|
|
domain = "irc.${domain}";
|
|
};
|
|
nextcloud = {
|
|
enable = true;
|
|
host = "nextcloud.${domain}";
|
|
};
|
|
redis = {
|
|
enable = true;
|
|
port = 6379;
|
|
};
|
|
roundcube = {
|
|
enable = true;
|
|
domain = "roundcube.${domain}";
|
|
};
|
|
synapse = {
|
|
enable = true;
|
|
element = {
|
|
enable = true;
|
|
domain = "chat.${domain}";
|
|
};
|
|
domain = "matrix.${domain}";
|
|
port = 8008;
|
|
metrics = {
|
|
enable = true;
|
|
port = 9000;
|
|
};
|
|
};
|
|
uptime-kuma = {
|
|
enable = true;
|
|
domain = "status.${domain}";
|
|
port = 4000;
|
|
};
|
|
vaultwarden = {
|
|
enable = true;
|
|
domain = "bitwarden.${domain}";
|
|
port = 4534;
|
|
};
|
|
};
|
|
}
|