summaryrefslogtreecommitdiffstats
path: root/lass/2configs/websites/fritz.nix
blob: 52914f444ad2effc72ce9cc16ed45821899451e3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
{ config, pkgs, lib, ... }:

with lib;
let
  inherit (import <stockholm/lib>)
    genid
    head
  ;
  inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
    manageCerts
    ssl
    servePage
    serveWordpress
  ;

  msmtprc = pkgs.writeText "msmtprc" ''
    account localhost
      host localhost
    account default: localhost
  '';

  sendmail = pkgs.writeDash "msmtp" ''
    exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
  '';

in {
  imports = [
    ./sqlBackup.nix
    (ssl [ "biostase.de" "www.biostase.de" ])
    (serveWordpress [ "biostase.de" "www.biostase.de" ])

    (ssl [ "radical-dreamers.de" "www.radical-dreamers.de" ])
    (serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ])

    (ssl [ "gs-maubach.de" "www.gs-maubach.de" ])
    (serveWordpress [ "gs-maubach.de" "www.gs-maubach.de" ])

    (ssl [ "spielwaren-kern.de" "www.spielwaren-kern.de" ])
    (serveWordpress [ "spielwaren-kern.de" "www.spielwaren-kern.de" ])

    (ssl [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ])
    (servePage [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ])

    (ssl [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ])
    (serveWordpress [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ])

    (ssl [ "eastuttgart.de" "www.eastuttgart.de" ])
    (serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ])

    (ssl [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
    (servePage [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])

    (manageCerts [ "goldbarrendiebstahl.radical-dreamers.de" ])
    (serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ])
  ];

  lass.mysqlBackup.config.all.databases = [
    "biostase_de"
    "eastuttgart_de"
    "radical_dreamers_de"
    "spielwaren_kern_de"
    "ttf_kleinaspach_de"
  ];

  #password protect some dirs
  krebs.nginx.servers."biostase.de".locations = [
    (nameValuePair "/old_biostase.de" ''
      auth_basic "Administrator Login";
      auth_basic_user_file /srv/http/biostase.de/old_biostase.de/.htpasswd;
    '')
    (nameValuePair "/mysqldumper" ''
      auth_basic "Administrator Login";
      auth_basic_user_file /srv/http/biostase.de/mysqldumper/.htpasswd;
    '')
  ];

  users.users.root.openssh.authorizedKeys.keys = [
    config.krebs.users.fritz.pubkey
  ];

  users.users.goldbarrendiebstahl = {
    home = "/srv/http/goldbarrendiebstahl.radical-dreamers.de";
    uid = genid "goldbarrendiebstahl";
    createHome = true;
    useDefaultShell = true;
    openssh.authorizedKeys.keys = [
      config.krebs.users.fritz.pubkey
    ];
  };

  services.phpfpm.phpOptions = ''
    sendmail_path = ${sendmail} -t
  '';
}