diff options
author | lassulus <lass@aidsballs.de> | 2015-08-13 22:32:03 +0200 |
---|---|---|
committer | lassulus <lass@aidsballs.de> | 2015-08-13 22:32:03 +0200 |
commit | 434581244077cf97cec96cca5e5cb5a18cd15ad1 (patch) | |
tree | e4176df4b8d3c4fbc22d8ec40386fd3d512fc9a1 /lass/2configs/wordpress.nix | |
parent | aee18a93d39b617d3f857cc9c8db3c82474ba10b (diff) |
lass 2: add wordpress.nix
Diffstat (limited to 'lass/2configs/wordpress.nix')
-rw-r--r-- | lass/2configs/wordpress.nix | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/lass/2configs/wordpress.nix b/lass/2configs/wordpress.nix new file mode 100644 index 000000000..9458deb38 --- /dev/null +++ b/lass/2configs/wordpress.nix @@ -0,0 +1,59 @@ +{ config, pkgs, ... }: + +{ + containers.wordpress = { + privateNetwork = true; + hostAddress = "192.168.101.1"; + localAddress = "192.168.101.2"; + + config = { + imports = [ + ../3modules/iptables.nix + ]; + + lass.iptables = { + enable = true; + tables = { + filter.INPUT.policy = "DROP"; + filter.FORWARD.policy = "DROP"; + filter.INPUT.rules = [ + { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } + { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } + { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } + { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } + { predicate = "-p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; } + ]; + }; + }; + + environment.systemPackages = with pkgs; [ + iptables + ]; + + services.postgresql = { + enable = true; + package = pkgs.postgresql; + }; + + services.httpd = { + enable = true; + adminAddr = "root@apanowicz.de"; + extraModules = [ + { name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; } + ]; + virtualHosts = [ + { + hostName = "wordpress"; + serverAliases = [ "wordpress" "www.wordpress" ]; + + extraSubservices = [ + { + serviceName = "wordpress"; + } + ]; + } + ]; + }; + }; + }; +} |