Merge remote-tracking branch 'cd/master'

1 files changed, 59 insertions, 0 deletions

diff --git a/lass/2configs/wordpress.nix b/lass/2configs/wordpress.nix
new file mode 100644
index 000000000..9458deb38
--- /dev/null
+++ b/lass/2configs/wordpress.nix
@@ -0,0 +1,59 @@
+{ config, pkgs, ... }:
+
+{
+  containers.wordpress = {
+    privateNetwork = true;
+    hostAddress = "192.168.101.1";
+    localAddress = "192.168.101.2";
+
+    config = {
+      imports = [
+        ../3modules/iptables.nix
+      ];
+
+      lass.iptables = {
+        enable = true;
+        tables = {
+          filter.INPUT.policy = "DROP";
+          filter.FORWARD.policy = "DROP";
+          filter.INPUT.rules = [
+            { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
+            { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
+            { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
+            { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
+            { predicate = "-p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
+          ];
+        };
+      };
+
+      environment.systemPackages = with pkgs; [
+        iptables
+      ];
+
+      services.postgresql = {
+        enable = true;
+        package = pkgs.postgresql;
+      };
+
+      services.httpd = {
+        enable = true;
+        adminAddr = "root@apanowicz.de";
+        extraModules = [
+          { name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; }
+        ];
+        virtualHosts = [
+          {
+            hostName = "wordpress";
+            serverAliases = [ "wordpress" "www.wordpress" ];
+
+            extraSubservices = [
+              {
+                serviceName = "wordpress";
+              }
+            ];
+          }
+        ];
+      };
+    };
+  };
+}