summaryrefslogtreecommitdiffstats
path: root/lass/2configs/websites/lassulus.nix
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-10-20 20:22:29 +0200
committertv <tv@krebsco.de>2016-10-20 20:22:29 +0200
commit9329c1e47ddda0653d7e9824a01632ce3766e8f0 (patch)
tree2bfb70737a757d0bd61ca0aa895c77d740b21e73 /lass/2configs/websites/lassulus.nix
parent844d347ce7cf0b7646e9ecba3fbdc0b90e608501 (diff)
parent0f2a9778315c3126794c0f1ad63710d38e7a67f7 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/2configs/websites/lassulus.nix')
-rw-r--r--lass/2configs/websites/lassulus.nix91
1 files changed, 91 insertions, 0 deletions
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
new file mode 100644
index 000000000..04c19fad0
--- /dev/null
+++ b/lass/2configs/websites/lassulus.nix
@@ -0,0 +1,91 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+let
+ inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
+ genid
+ ;
+
+in {
+ imports = [
+ ../git.nix
+ ];
+
+ security.acme = {
+ certs."lassul.us" = {
+ email = "lass@lassul.us";
+ webroot = "/var/lib/acme/challenges/lassul.us";
+ plugins = [
+ "account_key.json"
+ "key.pem"
+ "fullchain.pem"
+ "full.pem"
+ ];
+ allowKeysForGroup = true;
+ group = "lasscert";
+ };
+ certs."cgit.lassul.us" = {
+ email = "lassulus@gmail.com";
+ webroot = "/var/lib/acme/challenges/cgit.lassul.us";
+ plugins = [
+ "account_key.json"
+ "key.pem"
+ "fullchain.pem"
+ ];
+ group = "nginx";
+ allowKeysForGroup = true;
+ };
+ };
+
+ users.groups.lasscert.members = [
+ "dovecot2"
+ "ejabberd"
+ "exim"
+ "nginx"
+ ];
+
+ krebs.nginx.servers."lassul.us" = {
+ server-names = [ "lassul.us" ];
+ locations = [
+ (nameValuePair "/" ''
+ root /srv/http/lassul.us;
+ '')
+ (nameValuePair "/.well-known/acme-challenge" ''
+ root /var/lib/acme/challenges/lassul.us/;
+ '')
+ ];
+ ssl = {
+ enable = true;
+ certificate = "/var/lib/acme/lassul.us/fullchain.pem";
+ certificate_key = "/var/lib/acme/lassul.us/key.pem";
+ };
+ };
+
+ krebs.nginx.servers.cgit = {
+ server-names = [
+ "cgit.lassul.us"
+ ];
+ locations = [
+ (nameValuePair "/.well-known/acme-challenge" ''
+ root /var/lib/acme/challenges/cgit.lassul.us/;
+ '')
+ ];
+ ssl = {
+ enable = true;
+ certificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
+ certificate_key = "/var/lib/acme/cgit.lassul.us/key.pem";
+ };
+ };
+
+ users.users.blog = {
+ uid = genid "blog";
+ description = "lassul.us blog deployment";
+ home = "/srv/http/lassul.us";
+ useDefaultShell = true;
+ createHome = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
+ ];
+ };
+}
+