Projekt

Allgemein

Profil

Herunterladen (4,02 KB)

Aufgabe #1914 » configuration.nix

NixOS config für Dienst - GoeranHeinemann, 26.04.2024 10:46

 
{ config, pkgs, lib, ... }:
with lib;

{
imports = [
<nixpkgs/nixos/modules/virtualisation/proxmox-lxc.nix>
];

system.stateVersion = "23.11";

proxmoxLXC = {
#### mit dieser konfiguration wird network stuff durch nix gemanaged
manageNetwork = true;
manageHostName = true;
};

networking.useDHCP = false;
networking.interfaces.eth0.ipv4.addresses = [
{
address = "141.56.51.54";
prefixLength = 24;
}
];
networking.defaultGateway = "141.56.51.254";
networking.nameservers = [ "141.56.1.1" "141.56.1.2" ];

environment.systemPackages = [
pkgs.tmux
pkgs.vim
pkgs.lego
];


networking = {
hostName = "ask";
domain = "htw.stura-dresden.de";
firewall.allowedTCPPorts = [
80
#25
443
];
};

security.acme = {
acceptTerms = true;
defaults.email = "cert@stura.htw-dresden.de";
};
services.openssh.enable = false;
services.postfix = {
enable = true;
relayHost = "mail.stura.htw-dresden.de";
relayDomains = [
"stura.htw-dresden.de"
];
origin = "stura.htw-dresden.de";
};
# services.nullmailer = {
# enable = true;
# config = {
# me = "ask.htw.stura-dresden.de";
# remotes = "mail.stura.htw-dresden.de:25";
# defaulthost = "stura.htw-dresden.de";
# defaultdomain = "mail.stura.htw-dresden.de";
# };
# };

# von limesurvey separate apache-config wird gebraucht, da ohne explizite
# config von Port 80 die ACME-Challenge fehlschlägt
services.httpd = {
enable = true;
virtualHosts."${config.networking.fqdn}" = {
# wenn man nur port 80 angibt, wird port 443 nicht mehr automatisch geöffnet
listen = [
{
ip = "${(builtins.head config.networking.interfaces.eth0.ipv4.addresses).address}";
port = 80;
ssl = false;
}
{
ip = "${(builtins.head config.networking.interfaces.eth0.ipv4.addresses).address}";
port = 443;
ssl = true;
}
];
};
};

services.limesurvey = {
enable = true;
virtualHost = {
hostName = "${config.networking.fqdn}";
serverAliases = [ "${config.networking.fqdn}" ];
enableACME = true;
onlySSL = true;
};
encryptionNonce = "85f8becdd72d44023361cab2f194028b5d18bf3c7d49bd09";
encryptionKey = "760df91c261e1c70488dca559ecc7218925fd6ea4b3ad1d8478b3ebd58650eee";
config =
let
stateDir = "/var/lib/limesurvey";
cfg = config.services.limesurvey;
mysqlLocal = cfg.database.createLocally && cfg.database.type == "mysql";
pgsqlLocal = cfg.database.createLocally && cfg.database.type == "pgsql";
in {
runtimePath = "${stateDir}/tmp/runtime";
components = {
db = {
connectionString = "${cfg.database.type}:dbname=${cfg.database.name};host=${if pgsqlLocal then cfg.database.socket else cfg.database.host};port=${toString cfg.database.port}" +
optionalString mysqlLocal ";socket=${cfg.database.socket}";
username = cfg.database.user;
password = mkIf (cfg.database.passwordFile != null) "file_get_contents(\"${toString cfg.database.passwordFile}\");";
tablePrefix = "limesurvey_";
};
assetManager.basePath = "${stateDir}/tmp/assets";
urlManager = {
urlFormat = "path";
showScriptName = false;
};
};
config = {
tempdir = "${stateDir}/tmp";
uploaddir = "${stateDir}/upload";
encryptionnonce = cfg.encryptionNonce;
encryptionsecretboxkey = cfg.encryptionKey;
force_ssl = mkIf (cfg.virtualHost.addSSL || cfg.virtualHost.forceSSL || cfg.virtualHost.onlySSL) "on";
config.defaultlang = "en";
# siteadminmail = "admin@stura.htw-dresden.de";
# siteadminbounce = "admin@stura.htw-dresden.de";
# siteadminname = "Bereich Administration Rechentechnik";
emailmethod = "smtp";
emailsmtphost = "mail.stura.htw-dresden.de:25";
emailsmtpuser = "";
emailsmtppassword = "";
};
};
};
}

    (1-1/1)