nix-conf/hosts/mikan/config.nix

{...}: {
  services.openssh = {
    enable = true;
    ports = [2291];
    extraConfig = "AuthorizedKeysFile %h/.local/ssh/authorized_keys";
    settings = {
      PasswordAuthentication = false;
      PermitRootLogin = "no";
    };
  };
  networking.firewall.allowedTCPPorts = [2291 80 443];
  services.qemuGuest.enable = true;
  services.forgejo = {
    enable = true;
    database.type = "sqlite3";
    settings = {
      DEFAULT.APP_NAME = "g.twoha.cc";
      server = {
        DOMAIN = "g.twoha.cc";
        ROOT_URL = "https://g.twoha.cc";
        HTTP_PORT = 3333;
        LANDING_PAGE = "explore";
      };
      service.DISABLE_REGISTRATION = true;
    };
  };
  security.acme = {
    acceptTerms = true;
    defaults.email = "admin+acme@twoha.cc";
    certs."twoha.cc" = {
      dnsProvider = "porkbun";
      environmentFile = "/root/porkbun-creds";
      extraDomainNames = ["*.twoha.cc"];
    };
  };
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    virtualHosts."twoha.cc" = {
      useACMEHost = "twoha.cc";
      forceSSL = true;
      serverName = "twoha.cc";
      locations."/".return = 502;
    };
    virtualHosts."u.twoha.cc" = {
      useACMEHost = "twoha.cc";
      forceSSL = true;
      serverName = "u.twoha.cc";
      root = "/var/www/u";
      locations."/".extraConfig = ''
        disable_symlinks off;
        if ($request_uri ~ ^/(.*)\.html) {
          return 302 /$1;
        }
        try_files $uri $uri.html $uri/ =404;
      '';
      locations."/_/".proxyPass = "http://127.0.0.1:5000";
    };
    virtualHosts."mu.twoha.cc" = {
      useACMEHost = "twoha.cc";
      forceSSL = true;
      serverName = "mu.twoha.cc";
      root = "/var/www/mu";
      locations."/".extraConfig = ''
        disable_symlinks off;
        if ($request_uri ~ ^/(.*)\.html) {
          return 302 /$1;
        }
        try_files $uri $uri.html $uri/ =404;
      '';
    };
    virtualHosts."*.twoha.cc" = {
      useACMEHost = "twoha.cc";
      serverName = "*.twoha.cc";
      forceSSL = true;
      locations."/".return = 502;
    };
    virtualHosts."g.twoha.cc" = {
      forceSSL = true;
      useACMEHost = "twoha.cc";
      serverName = "g.twoha.cc";
      extraConfig = ''
        client_max_body_size 512M;
      '';
      locations."/".proxyPass = "http://localhost:3333";
    };
  };
  users.users.nginx.extraGroups = ["acme"];
}
init mikan 2024-12-25 17:51:47 -05:00			`{...}: {`
			`services.openssh = {`
			`enable = true;`
			`ports = [2291];`
			`extraConfig = "AuthorizedKeysFile %h/.local/ssh/authorized_keys";`
			`settings = {`
			`PasswordAuthentication = false;`
			`PermitRootLogin = "no";`
			`};`
			`};`
			`networking.firewall.allowedTCPPorts = [2291 80 443];`
			`services.qemuGuest.enable = true;`
			`services.forgejo = {`
			`enable = true;`
			`database.type = "sqlite3";`
			`settings = {`
			`DEFAULT.APP_NAME = "g.twoha.cc";`
			`server = {`
			`DOMAIN = "g.twoha.cc";`
			`ROOT_URL = "https://g.twoha.cc";`
			`HTTP_PORT = 3333;`
			`LANDING_PAGE = "explore";`
			`};`
			`service.DISABLE_REGISTRATION = true;`
			`};`
			`};`
			`security.acme = {`
			`acceptTerms = true;`
			`defaults.email = "admin+acme@twoha.cc";`
			`certs."twoha.cc" = {`
			`dnsProvider = "porkbun";`
			`environmentFile = "/root/porkbun-creds";`
			`extraDomainNames = ["*.twoha.cc"];`
			`};`
			`};`
			`services.nginx = {`
			`enable = true;`
			`recommendedGzipSettings = true;`
			`recommendedOptimisation = true;`
			`recommendedProxySettings = true;`
			`recommendedTlsSettings = true;`
			`virtualHosts."twoha.cc" = {`
			`useACMEHost = "twoha.cc";`
			`forceSSL = true;`
			`serverName = "twoha.cc";`
			`locations."/".return = 502;`
			`};`
			`virtualHosts."u.twoha.cc" = {`
			`useACMEHost = "twoha.cc";`
			`forceSSL = true;`
			`serverName = "u.twoha.cc";`
			`root = "/var/www/u";`
			`locations."/".extraConfig = ''`
			`disable_symlinks off;`
			`if ($request_uri ~ ^/(.*)\.html) {`
			`return 302 /$1;`
			`}`
			`try_files $uri $uri.html $uri/ =404;`
			`'';`
			`locations."/_/".proxyPass = "http://127.0.0.1:5000";`
			`};`
			`virtualHosts."mu.twoha.cc" = {`
			`useACMEHost = "twoha.cc";`
			`forceSSL = true;`
			`serverName = "mu.twoha.cc";`
			`root = "/var/www/mu";`
			`locations."/".extraConfig = ''`
			`disable_symlinks off;`
			`if ($request_uri ~ ^/(.*)\.html) {`
			`return 302 /$1;`
			`}`
			`try_files $uri $uri.html $uri/ =404;`
			`'';`
			`};`
			`virtualHosts."*.twoha.cc" = {`
			`useACMEHost = "twoha.cc";`
			`serverName = "*.twoha.cc";`
			`forceSSL = true;`
			`locations."/".return = 502;`
			`};`
			`virtualHosts."g.twoha.cc" = {`
			`forceSSL = true;`
			`useACMEHost = "twoha.cc";`
			`serverName = "g.twoha.cc";`
			`extraConfig = ''`
			`client_max_body_size 512M;`
			`'';`
			`locations."/".proxyPass = "http://localhost:3333";`
			`};`
			`};`
			`users.users.nginx.extraGroups = ["acme"];`
			`}`