From c6697ef0be380ffcef53c3ec346c0cc7fa399bbb Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sun, 19 Apr 2020 19:35:54 +0200 Subject: ... --- ullr.nix | 31 +++++++++++++++++++++++++++++++ ymir.nix | 4 +--- 2 files changed, 32 insertions(+), 3 deletions(-) diff --git a/ullr.nix b/ullr.nix index 71c5ee23..6717e913 100644 --- a/ullr.nix +++ b/ullr.nix @@ -28,7 +28,9 @@ enable = true; allowPing = true; allowedTCPPorts = [ 22 # ssh + 64738 # murmur ]; + allowedUDPPorts = [ 64738 # murmur allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh ]; }; @@ -89,6 +91,35 @@ users.groups."games" = {}; nixpkgs.config.allowUnfree = true; + services.murmur = { + enable = true; + bandwidth = 288000; + sslKey = "/var/lib/acme/yggdrasil.li/key.pem"; + sslCert = "/var/lib/acme/yggdrasil.li/fullchain.pem"; + passwort = builtins.readFile /etc/murmur-password; + }; + users.groups."ssl" = { + members = [ "murmur" ]; + }; + + security.acme = { + acceptTerms = true; + certs."ullr.yggdrasil.li" = { + allowKeysForGroup = true; + group = "ssl"; + }; + }; + + services.nginx.enable = true; + services.nginx.virtualHosts."ullr.yggdrasil.li" = { + default = true; + addSSL = true; + enableACME = true; + root = "/var/www/"; + locations."/".return = "404"; + useACMEHost= "ullr.yggdrasil.li"; + }; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/ymir.nix b/ymir.nix index 39f131d2..79f5c02c 100644 --- a/ymir.nix +++ b/ymir.nix @@ -183,13 +183,11 @@ in rec { 80 # http 443 # https 9418 # git - 64738 # murmur 53 # DNS 6523 # Obby 4190 # Managesieve ]; - allowedUDPPorts = [ 64738 # murmur - 53 # DNS + allowedUDPPorts = [ 53 # DNS ]; allowedTCPPortRanges = [ { from = 20000; to = 21000; } # ftp ]; -- cgit v1.2.3