AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'mailserver-setup'

Browse Source
This commit is contained in:
Dmitriy Kholkin 2021-11-12 05:32:52 +03:00
commit 5b0bb1a74e
7 changed files with 201 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
flake.lock generated
View File

@ -118,6 +118,21 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"locked": {
"lastModified": 1634851050,
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c91f3de5adaf1de973b797ef7485e441a65b8935",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -138,6 +153,27 @@
"type": "github" "type": "github"
} }
}, },
"home-manager_2": {
"inputs": {
"nixpkgs": [
"vscode-server-fixup",
"nixpkgs"
]
},
"locked": {
"lastModified": 1635839387,
"narHash": "sha256-2B6DqfTiwY5w2TljC4+AxEUuVYMTP5Fo2h5iGNIONvk=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "288faaa5a65e72e37e6027024829b15c8bb69286",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"i3lock-fancy-rapid": { "i3lock-fancy-rapid": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -321,6 +357,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-nixos-test": {
"locked": {
"lastModified": 1632909223,
"narHash": "sha256-f8J2eG5n8eORyV1HLBA1PWojzSUbpvkYyuLSMHrGQKU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e1fc1a80a071c90ab65fb6eafae5520579163783",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e1fc1a80a071c90ab65fb6eafae5520579163783",
"type": "github"
}
},
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1632411313, "lastModified": 1632411313,
@ -420,6 +472,7 @@
"qbittorrent-ee": "qbittorrent-ee", "qbittorrent-ee": "qbittorrent-ee",
"rycee": "rycee", "rycee": "rycee",
"simple-nixos-mailserver": "simple-nixos-mailserver", "simple-nixos-mailserver": "simple-nixos-mailserver",
"vscode-server-fixup": "vscode-server-fixup",
"zsh-autosuggestions": "zsh-autosuggestions", "zsh-autosuggestions": "zsh-autosuggestions",
"zsh-cod": "zsh-cod", "zsh-cod": "zsh-cod",
"zsh-nix-shell": "zsh-nix-shell", "zsh-nix-shell": "zsh-nix-shell",
@ -480,6 +533,29 @@
"type": "github" "type": "github"
} }
}, },
"vscode-server-fixup": {
"inputs": {
"flake-utils": "flake-utils_2",
"home-manager": "home-manager_2",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-nixos-test": "nixpkgs-nixos-test"
},
"locked": {
"lastModified": 1636482527,
"narHash": "sha256-/o4DCLlVPx6lk7tnS/5t109vUPhY4rzEN00iGMG43sE=",
"owner": "yaxitech",
"repo": "vscode-server-fixup",
"rev": "c78b489936ba7e06dd13c751b01932e36f07cd33",
"type": "github"
},
"original": {
"owner": "yaxitech",
"repo": "vscode-server-fixup",
"type": "github"
}
},
"zsh-autosuggestions": { "zsh-autosuggestions": {
"flake": false, "flake": false,
"locked": { "locked": {

4
flake.nix
View File

@ -64,6 +64,10 @@
url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
vscode-server-fixup = {
url = "github:yaxitech/vscode-server-fixup";
inputs.nixpkgs.follows = "nixpkgs";
};
zsh-autosuggestions = { zsh-autosuggestions = {
url = "github:zsh-users/zsh-autosuggestions"; url = "github:zsh-users/zsh-autosuggestions";
flake = false; flake = false;

105
profiles/servers/caddy.nix
View File

@ -1,105 +0,0 @@
{ pkgs, config, lib, ... }: {
users.groups.cert.members = [ "turnserver" "caddy" "dovecot2" ];
secrets."ataraxiadev.com.pem" = {
owner = "root:cert";
permissions = "440";
};
secrets."ataraxiadev.com.key" = {
owner = "root:cert";
permissions = "440";
};
secrets."origin-pull-ca.pem" = {
owner = "root:cert";
permissions = "440";
};
## DNS-over-TLS
services.stubby = {
enable = true;
listenAddresses = [ "0::1" "127.0.0.1" ];
roundRobinUpstreams = false;
upstreamServers = ''
## Quad9
- address_data: 2620:fe::fe
tls_auth_name: "dns.quad9.net"
- address_data: 2620:fe::9
tls_auth_name: "dns.quad9.net"
- address_data: 9.9.9.9
tls_auth_name: "dns.quad9.net"
- address_data: 149.112.112.112
tls_auth_name: "dns.quad9.net"
## Cloudflare
- address_data: 2606:4700:4700::1112
tls_auth_name: "cloudflare-dns.com"
- address_data: 2606:4700:4700::1002
tls_auth_name: "cloudflare-dns.com"
- address_data: 1.1.1.2
tls_auth_name: "cloudflare-dns.com"
- address_data: 1.0.0.2
tls_auth_name: "cloudflare-dns.com"
'';
extraConfig = ''
# Set TLS 1.3 as minimum acceptable version
tls_min_version: GETDNS_TLS1_3
# Require DNSSEC validation
dnssec: GETDNS_EXTENSION_TRUE
'';
};
networking.nameservers = [ "::1" "127.0.0.1" ];
services.resolved = {
enable = true;
fallbackDns = [ "2606:4700:4700::1111" "2606:4700:4700::1001" "1.1.1.1" "1.0.0.1" ];
};
services.caddy = {
enable = true;
email = "ataraxiadev@ataraxiadev.com";
group = "cert";
ca = null;
config = ''
(matrix-well-known-header) {
# Headers
header Access-Control-Allow-Origin "*"
header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
header Content-Type "application/json"
}
ataraxiadev.com {
handle /.well-known/matrix/server {
import matrix-well-known-header
respond `{"m.server":"matrix.ataraxiadev.com:443"}`
}
reverse_proxy /_matrix/* http://localhost:13748
tls ${config.secrets."ataraxiadev.com.pem".decrypted} ${config.secrets."ataraxiadev.com.key".decrypted} {
protocols tls1.3
client_auth {
mode require_and_verify
trusted_ca_cert MIIGCjCCA/KgAwIBAgIIV5G6lVbCLmEwDQYJKoZIhvcNAQENBQAwgZAxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMRQwEgYDVQQLEwtPcmlnaW4gUHVsbDEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5pYTEjMCEGA1UEAxMab3JpZ2luLXB1bGwuY2xvdWRmbGFyZS5uZXQwHhcNMTkxMDEwMTg0NTAwWhcNMjkxMTAxMTcwMDAwWjCBkDELMAkGA1UEBhMCVVMxGTAXBgNVBAoTEENsb3VkRmxhcmUsIEluYy4xFDASBgNVBAsTC09yaWdpbiBQdWxsMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMSMwIQYDVQQDExpvcmlnaW4tcHVsbC5jbG91ZGZsYXJlLm5ldDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAN2y2zojYfl0bKfhp0AJBFeV+jQqbCw3sHmvEPwLmqDLqynI42tZXR5y914ZB9ZrwbL/K5O46exd/LujJnV2b3dzcx5rtiQzso0xzljqbnbQT20eihx/WrF4OkZKydZzsdaJsWAPuplDH5P7J82q3re88jQdgE5hqjqFZ3clCG7lxoBwhLaazm3NJJlUfzdk97ouRvnFGAuXd5cQVx8jYOOeU60sWqmMe4QHdOvpqB91bJoYQSKVFjUgHeTpN8tNpKJfb9LIn3pun3bC9NKNHtRKMNX3Kl/sAPq7q/AlndvA2Kw3Dkum2mHQUGdzVHqcOgea9BGjLK2h7SuX93zTWL02u799dr6Xkrad/WShHchfjjRnaL35niJUDr02YJtPgxWObsrfOU63B8juLUphW/4BOjjJyAG5l9j1//aUGEi/sEe5lqVv0P78QrxoxR+MMXiJwQab5FB8TG/ac6mRHgF9CmkX90uaRh+OC07XjTdfSKGRPpM9hB2ZhLol/nf8qmoLdoD5HvODZuKu2+muKeVHXgw2/A6wM7OwrinxZiyBk5HhCvaADH7PZpU6z/zv5NU5HSvXiKtCzFuDu4/Zfi34RfHXeCUfHAb4KfNRXJwMsxUa+4ZpSAX2G6RnGU5meuXpU5/V+DQJp/e69XyyY6RXDoMywaEFlIlXBqjRRA2pAgMBAAGjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBRDWUsraYuA4REzalfNVzjann3F6zAfBgNVHSMEGDAWgBRDWUsraYuA4REzalfNVzjann3F6zANBgkqhkiG9w0BAQ0FAAOCAgEAkQ+T9nqcSlAuW/90DeYmQOW1QhqOor5psBEGvxbNGV2hdLJY8h6QUq48BCevcMChg/L1CkznBNI40i3/6heDn3ISzVEwXKf34pPFCACWVMZxbQjkNRTiH8iRur9EsaNQ5oXCPJkhwg2+IFyoPAAYURoXVcI9SCDUa45clmYHJ/XYwV1icGVI8/9b2JUqklnOTa5tugwIUi5sTfipNcJXHhgz6BKYDl0/UP0lLKbsUETXeTGDiDpxZYIgbcFrRDDkHC6BSvdWVEiH5b9mH2BON60z0O0j8EEKTwi9jnafVtZQXP/D8yoVowdFDjXcKkOPF/1gIh9qrFR6GdoPVgB3SkLc5ulBqZaCHm563jsvWb/kXJnlFxW+1bsO9BDD6DweBcGdNurgmH625wBXksSdD7y/fakk8DagjbjKShYlPEFOAqEcliwjF45eabL0t27MJV61O/jHzHL3dknXeE4BDa2jbA+JbyJeUMtU7KMsxvx82RmhqBEJJDBCJ3scVptvhDMRrtqDBW5JShxoAOcpFQGmiYWicn46nPDjgTU0bX1ZPpTpryXbvciVL5RkVBuyX2ntcOLDPlZWgxZCBp96x07FAnOzKgZk4RzZPNAxCXERVxajn/FLcOhglVAKo5H0ac+AitlQ0ip55D2/mf8o72tMfVQ6VpyjEXdiIXWUq/o=
}
}
}
matrix.ataraxiadev.com {
reverse_proxy /* http://localhost:13748
reverse_proxy /mautrix-telegram/* http://localhost:29317
tls ${config.secrets."ataraxiadev.com.pem".decrypted} ${config.secrets."ataraxiadev.com.key".decrypted} {
protocols tls1.3
client_auth {
mode require_and_verify
trusted_ca_cert MIIGCjCCA/KgAwIBAgIIV5G6lVbCLmEwDQYJKoZIhvcNAQENBQAwgZAxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMRQwEgYDVQQLEwtPcmlnaW4gUHVsbDEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5pYTEjMCEGA1UEAxMab3JpZ2luLXB1bGwuY2xvdWRmbGFyZS5uZXQwHhcNMTkxMDEwMTg0NTAwWhcNMjkxMTAxMTcwMDAwWjCBkDELMAkGA1UEBhMCVVMxGTAXBgNVBAoTEENsb3VkRmxhcmUsIEluYy4xFDASBgNVBAsTC09yaWdpbiBQdWxsMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMSMwIQYDVQQDExpvcmlnaW4tcHVsbC5jbG91ZGZsYXJlLm5ldDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAN2y2zojYfl0bKfhp0AJBFeV+jQqbCw3sHmvEPwLmqDLqynI42tZXR5y914ZB9ZrwbL/K5O46exd/LujJnV2b3dzcx5rtiQzso0xzljqbnbQT20eihx/WrF4OkZKydZzsdaJsWAPuplDH5P7J82q3re88jQdgE5hqjqFZ3clCG7lxoBwhLaazm3NJJlUfzdk97ouRvnFGAuXd5cQVx8jYOOeU60sWqmMe4QHdOvpqB91bJoYQSKVFjUgHeTpN8tNpKJfb9LIn3pun3bC9NKNHtRKMNX3Kl/sAPq7q/AlndvA2Kw3Dkum2mHQUGdzVHqcOgea9BGjLK2h7SuX93zTWL02u799dr6Xkrad/WShHchfjjRnaL35niJUDr02YJtPgxWObsrfOU63B8juLUphW/4BOjjJyAG5l9j1//aUGEi/sEe5lqVv0P78QrxoxR+MMXiJwQab5FB8TG/ac6mRHgF9CmkX90uaRh+OC07XjTdfSKGRPpM9hB2ZhLol/nf8qmoLdoD5HvODZuKu2+muKeVHXgw2/A6wM7OwrinxZiyBk5HhCvaADH7PZpU6z/zv5NU5HSvXiKtCzFuDu4/Zfi34RfHXeCUfHAb4KfNRXJwMsxUa+4ZpSAX2G6RnGU5meuXpU5/V+DQJp/e69XyyY6RXDoMywaEFlIlXBqjRRA2pAgMBAAGjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBRDWUsraYuA4REzalfNVzjann3F6zAfBgNVHSMEGDAWgBRDWUsraYuA4REzalfNVzjann3F6zANBgkqhkiG9w0BAQ0FAAOCAgEAkQ+T9nqcSlAuW/90DeYmQOW1QhqOor5psBEGvxbNGV2hdLJY8h6QUq48BCevcMChg/L1CkznBNI40i3/6heDn3ISzVEwXKf34pPFCACWVMZxbQjkNRTiH8iRur9EsaNQ5oXCPJkhwg2+IFyoPAAYURoXVcI9SCDUa45clmYHJ/XYwV1icGVI8/9b2JUqklnOTa5tugwIUi5sTfipNcJXHhgz6BKYDl0/UP0lLKbsUETXeTGDiDpxZYIgbcFrRDDkHC6BSvdWVEiH5b9mH2BON60z0O0j8EEKTwi9jnafVtZQXP/D8yoVowdFDjXcKkOPF/1gIh9qrFR6GdoPVgB3SkLc5ulBqZaCHm563jsvWb/kXJnlFxW+1bsO9BDD6DweBcGdNurgmH625wBXksSdD7y/fakk8DagjbjKShYlPEFOAqEcliwjF45eabL0t27MJV61O/jHzHL3dknXeE4BDa2jbA+JbyJeUMtU7KMsxvx82RmhqBEJJDBCJ3scVptvhDMRrtqDBW5JShxoAOcpFQGmiYWicn46nPDjgTU0bX1ZPpTpryXbvciVL5RkVBuyX2ntcOLDPlZWgxZCBp96x07FAnOzKgZk4RzZPNAxCXERVxajn/FLcOhglVAKo5H0ac+AitlQ0ip55D2/mf8o72tMfVQ6VpyjEXdiIXWUq/o=
}
}
}
'';
};
}
# handle /.well-known/matrix/client {
# import matrix-well-known-header
# respond `{"m.homeserver":{"base_url":"https://matrix.ataraxiadev.com"},"m.identity_server":{"base_url":"https://identity.ataraxiadev.com"}}`
# }
# reverse_proxy /_synapse/client/* http://localhost:8008

158
profiles/servers/mailserver.nix
View File

@ -14,82 +14,90 @@ in {
security.acme = { security.acme = {
email = "ataraxiadev@ataraxiadev.com"; email = "ataraxiadev@ataraxiadev.com";
acceptTerms = true; acceptTerms = true;
certs."mail.ataraxiadev.com" = { }; certs."mail.ataraxiadev.com" = {
group = "cert";
webroot = "/var/lib/acme/acme-challenge";
postRun = ''
systemctl reload postfix
systemctl reload dovecot2
'';
};
}; };
services.postfix = { services.postfix = {
relayHost = "smtp.email.eu-zurich-1.oci.oraclecloud.com"; mapFiles."sasl_passwd" = config.secrets.sasl_passwd.decrypted;
relayPort = 587; extraConfig =
enableSubmission = true; ''
submissionOptions = { smtp_tls_security_level = may
smtp_tls_security_level = "may"; smtp_sasl_auth_enable = yes
smtp_sasl_auth_enable = "yes"; smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_password_maps = "hash:/var/lib/postfix/conf/sasl_passwd"; smtp_sasl_security_options =
smtp_sasl_security_options = ""; smtp_sasl_tls_security_options =
relayhost = [smtp.email.eu-zurich-1.oci.oraclecloud.com]:587
'';
dnsBlacklists = [
"all.s5h.net"
"b.barracudacentral.org"
"bl.spamcop.net"
"blacklist.woody.ch"
"bogons.cymru.com"
"cbl.abuseat.org"
"combined.abuse.ch"
"db.wpbl.info"
"dnsbl-1.uceprotect.net"
"dnsbl-2.uceprotect.net"
"dnsbl-3.uceprotect.net"
"dnsbl.anticaptcha.net"
"dnsbl.dronebl.org"
"dnsbl.inps.de"
"dnsbl.sorbs.net"
"dnsbl.spfbl.net"
"drone.abuse.ch"
"duinv.aupads.org"
"dul.dnsbl.sorbs.net"
"dyna.spamrats.com"
"dynip.rothen.com"
"http.dnsbl.sorbs.net"
"ips.backscatterer.org"
"ix.dnsbl.manitu.net"
"korea.services.net"
"misc.dnsbl.sorbs.net"
"noptr.spamrats.com"
"orvedb.aupads.org"
"pbl.spamhaus.org"
"proxy.bl.gweep.ca"
"psbl.surriel.com"
"relays.bl.gweep.ca"
"relays.nether.net"
"sbl.spamhaus.org"
"singular.ttk.pte.hu"
"smtp.dnsbl.sorbs.net"
"socks.dnsbl.sorbs.net"
"spam.abuse.ch"
"spam.dnsbl.anonmails.de"
"spam.dnsbl.sorbs.net"
"spam.spamrats.com"
"spambot.bls.digibase.ca"
"spamrbl.imp.ch"
"spamsources.fabel.dk"
"ubl.lashback.com"
"ubl.unsubscore.com"
"virus.rbl.jp"
"web.dnsbl.sorbs.net"
"wormrbl.imp.ch"
"xbl.spamhaus.org"
"z.mailspike.net"
"zen.spamhaus.org"
"zombie.dnsbl.sorbs.net"
];
dnsBlacklistOverrides = ''
ataraxiadev.com OK
mail.ataraxiadev.com OK
192.168.0.0/16 OK
${lib.concatMapStringsSep "\n" (machine: "${machine}.lan OK") (builtins.attrNames inputs.self.nixosConfigurations)}
'';
}; };
mapFiles = { sasl_passwd = config.secrets.sasl_passwd.decrypted; }; mailserver = rec {
# dnsBlacklists = [
# "all.s5h.net"
# "b.barracudacentral.org"
# "bl.spamcop.net"
# "blacklist.woody.ch"
# "bogons.cymru.com"
# "cbl.abuseat.org"
# "combined.abuse.ch"
# "db.wpbl.info"
# "dnsbl-1.uceprotect.net"
# "dnsbl-2.uceprotect.net"
# "dnsbl-3.uceprotect.net"
# "dnsbl.anticaptcha.net"
# "dnsbl.dronebl.org"
# "dnsbl.inps.de"
# "dnsbl.sorbs.net"
# "dnsbl.spfbl.net"
# "drone.abuse.ch"
# "duinv.aupads.org"
# "dul.dnsbl.sorbs.net"
# "dyna.spamrats.com"
# "dynip.rothen.com"
# "http.dnsbl.sorbs.net"
# "ips.backscatterer.org"
# "ix.dnsbl.manitu.net"
# "korea.services.net"
# "misc.dnsbl.sorbs.net"
# "noptr.spamrats.com"
# "orvedb.aupads.org"
# "pbl.spamhaus.org"
# "proxy.bl.gweep.ca"
# "psbl.surriel.com"
# "relays.bl.gweep.ca"
# "relays.nether.net"
# "sbl.spamhaus.org"
# "singular.ttk.pte.hu"
# "smtp.dnsbl.sorbs.net"
# "socks.dnsbl.sorbs.net"
# "spam.abuse.ch"
# "spam.dnsbl.anonmails.de"
# "spam.dnsbl.sorbs.net"
# "spam.spamrats.com"
# "spambot.bls.digibase.ca"
# "spamrbl.imp.ch"
# "spamsources.fabel.dk"
# "ubl.lashback.com"
# "ubl.unsubscore.com"
# "virus.rbl.jp"
# "web.dnsbl.sorbs.net"
# "wormrbl.imp.ch"
# "xbl.spamhaus.org"
# "z.mailspike.net"
# "zen.spamhaus.org"
# "zombie.dnsbl.sorbs.net"
# ];
# dnsBlacklistOverrides = ''
# ataraxiadev.com OK
# 192.168.0.0/16 OK
# ${lib.concatMapStringsSep "\n" (machine: "${machine}.lan OK") (builtins.attrNames inputs.self.nixosConfigurations)}
# '';
};
mailserver = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
fqdn = "mail.ataraxiadev.com"; fqdn = "mail.ataraxiadev.com";
@ -103,10 +111,12 @@ in {
}; };
localDnsResolver = false; localDnsResolver = false;
certificateScheme = 1; certificateScheme = 1;
# certificateFile = config.secrets."ataraxiadev.com.pem".decrypted; certificateFile = "${config.security.acme.certs.${fqdn}.directory}/fullchain.pem";
# keyFile = config.secrets."ataraxiadev.com.key".decrypted; keyFile = "${config.security.acme.certs.${fqdn}.directory}/key.pem";
enableImap = true; enableImap = true;
enableImapSsl = true; enableImapSsl = true;
enableSubmission = true;
enableSubmissionSsl = true;
virusScanning = false; virusScanning = false;
}; };
} }

31
profiles/servers/nginx.nix
View File

@ -73,20 +73,41 @@
locations."/" = { locations."/" = {
root = "/var/lib/ataraxiadev.com"; root = "/var/lib/ataraxiadev.com";
}; };
locations."/.well-known" = { locations."/.well-known/acme-challenge" = {
proxyPass = "http://localhost:13748"; root = "/var/lib/acme/acme-challenge";
}; };
locations."/.well-known/matrix/server".extraConfig =
let
server = { "m.server" = "matrix.ataraxiadev.com:443"; };
in ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
locations."/.well-known/matrix/client".extraConfig =
let
client = {
"m.homeserver" = { "base_url" = "https://matrix.ataraxiadev.com"; };
"m.identity_server" = { "base_url" = "https://vector.im"; };
};
in ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
locations."/_matrix" = { locations."/_matrix" = {
proxyPass = "http://localhost:13748"; proxyPass = "http://localhost:13748";
}; };
} // default; } // default;
"matrix.ataraxiadev.com" = { "matrix.ataraxiadev.com" = {
locations."/" = { locations."/".extraConfig = ''
proxyPass = "http://localhost:13748"; return 404;
}; '';
locations."/mautrix-telegram/" = { locations."/mautrix-telegram/" = {
proxyPass = "http://localhost:29317"; proxyPass = "http://localhost:29317";
}; };
locations."/_matrix" = {
proxyPass = "http://localhost:13748";
};
} // default; } // default;
}; };
}; };

9
profiles/servers/vscode-server.nix Normal file
View File

@ -0,0 +1,9 @@
{ config, lib, pkgs, inputs, ... }: {
home-manager.sharedModules = [
inputs.vscode-server-fixup.nixosModules.home
];
home-manager.users.alukard = {
services.vscode-server-fixup.enable = true;
};
}

4
roles/server.nix
View File

@ -12,7 +12,7 @@
coturn coturn
mailserver mailserver
matrix-synapse matrix-synapse
# nginx nginx
caddy vscode-server
]; ];
} }