...

author: Gregor Kleen <gkleen@yggdrasil.li> 2020-04-19 19:35:54 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2020-04-19 19:35:54 +0200
commit: c6697ef0be380ffcef53c3ec346c0cc7fa399bbb (patch)
tree: a2211d8582f4176bf2eed802752be8b41fafbe99
parent: ed18e65772ffaab9b34190330a24c2d5a7fb66df (diff)
download: nixos-c6697ef0be380ffcef53c3ec346c0cc7fa399bbb.tar
nixos-c6697ef0be380ffcef53c3ec346c0cc7fa399bbb.tar.gz
nixos-c6697ef0be380ffcef53c3ec346c0cc7fa399bbb.tar.bz2
nixos-c6697ef0be380ffcef53c3ec346c0cc7fa399bbb.tar.xz
nixos-c6697ef0be380ffcef53c3ec346c0cc7fa399bbb.zip
2 files changed, 32 insertions, 3 deletions
diff --git a/ullr.nix b/ullr.nix
index 71c5ee23..6717e913 100644
--- a/ullr.nix
+++ b/ullr.nix
@@ -28,7 +28,9 @@
      enable = true;
      allowPing = true;
      allowedTCPPorts = [ 22 # ssh
+                          64738 # murmur
                        ];
+      allowedUDPPorts = [ 64738 # murmur
      allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh
                             ];
    };
@@ -89,6 +91,35 @@
  users.groups."games" = {};
  nixpkgs.config.allowUnfree = true;
+  services.murmur = {
+    enable = true;
+    bandwidth = 288000;
+    sslKey = "/var/lib/acme/yggdrasil.li/key.pem";
+    sslCert = "/var/lib/acme/yggdrasil.li/fullchain.pem";
+    passwort = builtins.readFile /etc/murmur-password;
+  };
+  users.groups."ssl" = {
+    members = [ "murmur" ];
+  };
+  security.acme = {
+    acceptTerms = true;
+    certs."ullr.yggdrasil.li" = {
+      allowKeysForGroup = true;
+      group = "ssl";
+    };
+  };
+  services.nginx.enable = true;
+  services.nginx.virtualHosts."ullr.yggdrasil.li" = {
+    default = true;
+    addSSL = true;
+    enableACME = true;
+    root = "/var/www/";
+    locations."/".return = "404";
+    useACMEHost= "ullr.yggdrasil.li";
+  };
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
diff --git a/ymir.nix b/ymir.nix
index 39f131d2..79f5c02c 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -183,13 +183,11 @@ in rec {
                          80 # http
                          443 # https
                          9418 # git
-                          64738 # murmur
                          53 # DNS
                          6523 # Obby
                          4190 # Managesieve
                        ];
-      allowedUDPPorts = [ 64738 # murmur
+      allowedUDPPorts = [ 53 # DNS
-                          53 # DNS
                        ];
      allowedTCPPortRanges = [ { from = 20000; to = 21000; } # ftp
                             ];
author	Gregor Kleen <gkleen@yggdrasil.li>	2020-04-19 19:35:54 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2020-04-19 19:35:54 +0200
commit	c6697ef0be380ffcef53c3ec346c0cc7fa399bbb (patch)
tree	a2211d8582f4176bf2eed802752be8b41fafbe99
parent	ed18e65772ffaab9b34190330a24c2d5a7fb66df (diff)
download	nixos-c6697ef0be380ffcef53c3ec346c0cc7fa399bbb.tar nixos-c6697ef0be380ffcef53c3ec346c0cc7fa399bbb.tar.gz nixos-c6697ef0be380ffcef53c3ec346c0cc7fa399bbb.tar.bz2 nixos-c6697ef0be380ffcef53c3ec346c0cc7fa399bbb.tar.xz nixos-c6697ef0be380ffcef53c3ec346c0cc7fa399bbb.zip

diff --git a/ullr.nix b/ullr.nix index 71c5ee23..6717e913 100644 --- a/ullr.nix +++ b/ullr.nix
@@ -28,7 +28,9 @@
28	enable = true;	28	enable = true;
29	allowPing = true;	29	allowPing = true;
30	allowedTCPPorts = [ 22 # ssh	30	allowedTCPPorts = [ 22 # ssh
		31	64738 # murmur
31	];	32	];
		33	allowedUDPPorts = [ 64738 # murmur
32	allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh	34	allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh
33	];	35	];
34	};	36	};
@@ -89,6 +91,35 @@
89	users.groups."games" = {};	91	users.groups."games" = {};
90	nixpkgs.config.allowUnfree = true;	92	nixpkgs.config.allowUnfree = true;
91		93
		94	services.murmur = {
		95	enable = true;
		96	bandwidth = 288000;
		97	sslKey = "/var/lib/acme/yggdrasil.li/key.pem";
		98	sslCert = "/var/lib/acme/yggdrasil.li/fullchain.pem";
		99	passwort = builtins.readFile /etc/murmur-password;
		100	};
		101	users.groups."ssl" = {
		102	members = [ "murmur" ];
		103	};
		104
		105	security.acme = {
		106	acceptTerms = true;
		107	certs."ullr.yggdrasil.li" = {
		108	allowKeysForGroup = true;
		109	group = "ssl";
		110	};
		111	};
		112
		113	services.nginx.enable = true;
		114	services.nginx.virtualHosts."ullr.yggdrasil.li" = {
		115	default = true;
		116	addSSL = true;
		117	enableACME = true;
		118	root = "/var/www/";
		119	locations."/".return = "404";
		120	useACMEHost= "ullr.yggdrasil.li";
		121	};
		122
92	# This value determines the NixOS release from which the default	123	# This value determines the NixOS release from which the default
93	# settings for stateful data, like file locations and database versions	124	# settings for stateful data, like file locations and database versions
94	# on your system were taken. It‘s perfectly fine and recommended to leave	125	# on your system were taken. It‘s perfectly fine and recommended to leave


diff --git a/ymir.nix b/ymir.nix index 39f131d2..79f5c02c 100644 --- a/ymir.nix +++ b/ymir.nix
@@ -183,13 +183,11 @@ in rec {
183	80 # http	183	80 # http
184	443 # https	184	443 # https
185	9418 # git	185	9418 # git
186	64738 # murmur
187	53 # DNS	186	53 # DNS
188	6523 # Obby	187	6523 # Obby
189	4190 # Managesieve	188	4190 # Managesieve
190	];	189	];
191	allowedUDPPorts = [ 64738 # murmur	190	allowedUDPPorts = [ 53 # DNS
192	53 # DNS
193	];	191	];
194	allowedTCPPortRanges = [ { from = 20000; to = 21000; } # ftp	192	allowedTCPPortRanges = [ { from = 20000; to = 21000; } # ftp
195	];	193	];