2024-05-21 13:46:36 +02:00
|
|
|
{ pkgs, configs, ... }:
|
|
|
|
|
let
|
|
|
|
|
Host = "vps1.tail807ea.ts.net";
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
imports = [ ./gandicloud.nix ];
|
|
|
|
|
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
2024-05-21 14:59:29 +02:00
|
|
|
neovim curl htop bottom fastfetch
|
|
|
|
|
tailscale git
|
2024-05-21 13:46:36 +02:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
# Firewall
|
|
|
|
|
networking.firewall = {
|
|
|
|
|
allowedTCPPorts = [ 80 443 ];
|
|
|
|
|
allowedUDPPorts = [ 80 443 ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# tailscale
|
|
|
|
|
services.tailscale.enable = true;
|
2024-07-02 23:09:25 +02:00
|
|
|
|
2024-07-04 07:06:32 +02:00
|
|
|
# fail2ban/ssh
|
2024-07-02 23:09:25 +02:00
|
|
|
services.fail2ban.enable = true;
|
2024-07-04 07:06:32 +02:00
|
|
|
services.openssh.listenAddresses = [
|
|
|
|
|
{
|
|
|
|
|
addr = "100.96.189.104";
|
|
|
|
|
port = 22;
|
|
|
|
|
}
|
|
|
|
|
];
|
2024-07-02 23:09:25 +02:00
|
|
|
|
2024-05-21 13:46:36 +02:00
|
|
|
# nginx reverse proxy
|
|
|
|
|
services.nginx = {
|
|
|
|
|
enable = true;
|
|
|
|
|
recommendedGzipSettings = true;
|
|
|
|
|
recommendedOptimisation = true;
|
|
|
|
|
recommendedProxySettings = true;
|
|
|
|
|
recommendedTlsSettings = true;
|
|
|
|
|
|
|
|
|
|
virtualHosts = {
|
|
|
|
|
"audiobooks.geokkjer.eu" = {
|
|
|
|
|
default = false;
|
|
|
|
|
enableACME = true;
|
|
|
|
|
addSSL = true;
|
|
|
|
|
locations."/" = {
|
2024-05-21 14:35:09 +02:00
|
|
|
proxyPass = "http://apps:8000";
|
2024-05-21 13:46:36 +02:00
|
|
|
proxyWebsockets = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-07-02 22:56:48 +02:00
|
|
|
"git.geokkjer.eu" = {
|
|
|
|
|
default = true;
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
enableACME = true;
|
|
|
|
|
locations."/".proxyPass = "http://apps:3000";
|
|
|
|
|
};
|
2024-05-21 13:46:36 +02:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
# acme let's encrypt
|
|
|
|
|
security.acme = {
|
|
|
|
|
acceptTerms = true;
|
|
|
|
|
defaults = {
|
|
|
|
|
email = "geokkjer@gmail.com";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
