summaryrefslogtreecommitdiffstats
path: root/lass/2configs/websites/domsen.nix
diff options
context:
space:
mode:
Diffstat (limited to 'lass/2configs/websites/domsen.nix')
-rw-r--r--lass/2configs/websites/domsen.nix96
1 files changed, 95 insertions, 1 deletions
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 4935268a..9980e050 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -26,6 +26,7 @@ in {
./default.nix
./sqlBackup.nix
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
+ (servePage [ "jarugadesign.de" "www.jarugadesign.de" ])
(servePage [
"freemonkey.art"
"www.freemonkey.art"
@@ -88,6 +89,21 @@ in {
file_uploads = on
'';
+ services.nextcloud = {
+ enable = true;
+ hostName = "o.xanf.org";
+ config = {
+ adminpassFile = toString <secrets> + "/nextcloud_pw";
+ overwriteProtocol = "https";
+ };
+ https = true;
+ nginx.enable = true;
+ };
+ services.nginx.virtualHosts."o.xanf.org" = {
+ enableACME = true;
+ forceSSL = true;
+ };
+
# MAIL STUFF
# TODO: make into its own module
services.dovecot2 = {
@@ -105,7 +121,7 @@ in {
authenticators.PLAIN = ''
driver = plaintext
public_name = PLAIN
- server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}}
+ server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}}
'';
authenticators.LOGIN = ''
driver = plaintext
@@ -126,6 +142,8 @@ in {
{ from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; }
{ from = "akayguen@freemonkey.art"; to ="akayguen"; }
{ from = "bui@freemonkey.art"; to ="bui"; }
+ { from = "kontakt@alewis.de"; to ="klabusterbeere"; }
+ { from = "hallo@jarugadesign.de"; to ="kasia"; }
{ from = "testuser@lassul.us"; to = "testuser"; }
{ from = "testuser@ubikmedia.eu"; to = "testuser"; }
@@ -134,11 +152,20 @@ in {
"jla-trading.com"
"ubikmedia.eu"
"ubikmedia.de"
+ "alewis.de"
+ "jarugadesign.de"
];
ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
ssl_key = "/var/lib/acme/lassul.us/key.pem";
};
+ users.users.UBIK-SFTP = {
+ uid = genid_uint31 "UBIK-SFTP";
+ home = "/home/UBIK-SFTP";
+ useDefaultShell = true;
+ createHome = true;
+ };
+
users.users.xanf = {
uid = genid_uint31 "xanf";
home = "/home/xanf";
@@ -204,5 +231,72 @@ in {
createHome = true;
};
+ users.users.klabusterbeere = {
+ uid = genid_uint31 "klabusterbeere";
+ home = "/home/klabusterbeere";
+ useDefaultShell = true;
+ createHome = true;
+ };
+
+ users.users.kasia = {
+ uid = genid_uint31 "kasia";
+ home = "/home/kasia";
+ useDefaultShell = true;
+ createHome = true;
+ };
+
+ krebs.on-failure.plans.restic-backups-domsen = {
+ journalctl = {
+ lines = 1000;
+ };
+ };
+ services.restic.backups.domsen = {
+ initialize = true;
+ extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr2.duckdns.org -S none -v -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ];
+ repository = "sftp:efOVcMWSZ@wilhelmstr2.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES";
+ passwordFile = toString <secrets> + "/domsen_backup_pw";
+ timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; };
+ paths = [
+ "/srv/http"
+ "/home/domsen/Mail"
+ "/home/ms/Mail"
+ "/home/klabusterbeere/Mail"
+ "/home/jms/Mail"
+ "/home/kasia/Mail"
+ "/home/bruno/Mail"
+ "/home/akayguen/Mail"
+ "/backups/sql_dumps"
+ ];
+ };
+
+ boot.kernel.sysctl."fs.inotify.max_user_watches" = "1048576";
+ krebs.permown = {
+ "/srv/http/ubikmedia.de" = {
+ owner = "domsen";
+ group = "nginx";
+ umask = "0007";
+ };
+ "/srv/http/o.ubikmedia.de" = {
+ owner = "domsen";
+ group = "nginx";
+ umask = "0007";
+ };
+ "/srv/http/freemonkey.art" = {
+ owner = "domsen";
+ group = "nginx";
+ umask = "0002";
+ };
+ "/srv/http/jarugadesign.de" = {
+ owner = "domsen";
+ group = "nginx";
+ umask = "0002";
+ };
+ "/srv/http/reich-gebaeudereinigung.de" = {
+ owner = "domsen";
+ group = "nginx";
+ umask = "0002";
+ };
+ };
+
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-02 00:01:36 +0000