ivandimitrov8080/mail.idimitrov.dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

making website/mail as options

Browse Source
This commit is contained in:
Ivan Dimitrov 2023-09-20 14:14:25 +03:00
parent b5e5477924
commit 701565e7ac
5 changed files with 47 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
flake.lock
View File

@ -80,7 +80,8 @@
"inputs": {
"nixpkgs": "nixpkgs",
"simple-nixos-mailserver": "simple-nixos-mailserver",
"vpsadminos": "vpsadminos"
"vpsadminos": "vpsadminos",
"webshite": "webshite"
}
},
"simple-nixos-mailserver": {
@ -108,6 +109,20 @@
"type": "gitlab"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"id": "systems",
"type": "indirect"
}
},
"utils": {
"locked": {
"lastModified": 1605370193,
@ -137,6 +152,27 @@
"repo": "vpsadminos",
"type": "github"
}
},
"webshite": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1695208109,
"narHash": "sha256-SlkxioYOVSyVJRmrgGaR2xuZOzVn6y+RMoXjiaMASAI=",
"owner": "ivandimitrov8080",
"repo": "idimitrov.dev",
"rev": "bec7862f632db84d4ee279157a4d0e8b7288c45c",
"type": "github"
},
"original": {
"owner": "ivandimitrov8080",
"repo": "idimitrov.dev",
"type": "github"
}
}
},
"root": "root",

6
flake.nix
View File

@ -6,6 +6,10 @@
inputs.nixpkgs.follows = "nixpkgs";
};
vpsadminos.url = "github:vpsfreecz/vpsadminos";
webshite = {
url = "github:ivandimitrov8080/idimitrov.dev";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
@ -13,6 +17,7 @@
, nixpkgs
, simple-nixos-mailserver
, vpsadminos
, webshite
, ...
}: {
nixosConfigurations = {
@ -21,6 +26,7 @@
modules = [
simple-nixos-mailserver.nixosModule
vpsadminos.nixosConfigurations.container
webshite.nixosModules.default
./mailserver
];
};

3
mailserver/configuration.nix
View File

@ -1,5 +1,8 @@
{ config, pkgs, ... }:
{
website.enable = true;
mailserver.enable = true;
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "yes";
#users.extraUsers.root.openssh.authorizedKeys.keys =

3
mailserver/default.nix
View File

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
imports = [ ./configuration.nix ./web.nix ];
imports = [ ./configuration.nix ];
nix = {
extraOptions = ''
@ -10,7 +10,6 @@
};
mailserver = {
enable = true;
fqdn = "mail.idimitrov.dev";
domains = [ "idimitrov.dev" "mail.idimitrov.dev" ];

54
mailserver/web.nix
View File

@ -1,54 +0,0 @@
{ config, pkgs, ... }: {
services = {
nginx = {
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
appendHttpConfig = ''
# Add HSTS header with preloading to HTTPS requests.
# Adding this header to HTTP requests is discouraged
map $scheme $hsts_header {
https "max-age=31536000; includeSubdomains; preload";
}
add_header Strict-Transport-Security $hsts_header;
# Enable CSP for your services.
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
# Minimize information leaked to other domains
add_header 'Referrer-Policy' 'origin-when-cross-origin';
# Disable embedding as a frame
add_header X-Frame-Options DENY;
# Prevent injection of code in other mime types (XSS Attacks)
add_header X-Content-Type-Options nosniff;
# This might create errors
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
'';
virtualHosts =
let
base = locations: {
inherit locations;
forceSSL = true;
enableACME = true;
};
proxy = port: base {
"/".proxyPass = "http://127.0.0.1:" + toString (port) + "/";
};
in
{
"idimitrov.dev" = proxy 3000 // { default = true; };
};
};
};
networking.firewall = {
enable = true;
allowedTCPPorts = [ 80 443 ];
};
}