diff options
Diffstat (limited to 'lass/2configs')
-rw-r--r-- | lass/2configs/downloading.nix | 67 | ||||
-rw-r--r-- | lass/2configs/fastpoke-pages.nix | 10 | ||||
-rw-r--r-- | lass/2configs/wordpress.nix | 59 |
3 files changed, 131 insertions, 5 deletions
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix new file mode 100644 index 000000000..e6d31a6c4 --- /dev/null +++ b/lass/2configs/downloading.nix @@ -0,0 +1,67 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ../3modules/iptables.nix + ../3modules/folderPerms.nix + ]; + + users.extraUsers = { + download = { + name = "download"; + home = "/var/download"; + createHome = true; + extraGroups = [ + "download" + ]; + }; + + transmission = { + extraGroups = [ + "download" + ]; + }; + }; + + users.extraGroups = { + download = { + members = [ + "download" + "transmission" + ]; + }; + }; + + services.transmission = { + enable = true; + settings = { + download-dir = "/var/download/finished"; + incomplete-dir = "/var/download/incoming"; + incomplete-dir-enabled = true; + + rpc-authentication-required = true; + rpc-whitelist-enabled = false; + rpc-username = "download"; + #add rpc-password in secrets + rpc-password = "test123"; + }; + }; + + lass.iptables = { + enable = true; + tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } + ]; + }; + + lass.folderPerms = { + enable = true; + permissions = [ + { + path = "/var/download"; + permission = "775"; + owner = "transmission:download"; + } + ]; + }; +} diff --git a/lass/2configs/fastpoke-pages.nix b/lass/2configs/fastpoke-pages.nix index 9c80fa77a..1c8106a88 100644 --- a/lass/2configs/fastpoke-pages.nix +++ b/lass/2configs/fastpoke-pages.nix @@ -20,8 +20,8 @@ let # 10.243.206.102 ${domain} #''; users.extraUsers = { - "${domain}" = { - name = "${domain}"; + ${domain} = { + name = domain; home = "/var/lib/http/${domain}"; createHome = true; }; @@ -90,9 +90,9 @@ in { }; }; - services.postgresql = { - enable = true; - }; + #services.postgresql = { + # enable = true; + #}; #config.services.vsftpd = { # enable = true; diff --git a/lass/2configs/wordpress.nix b/lass/2configs/wordpress.nix new file mode 100644 index 000000000..9458deb38 --- /dev/null +++ b/lass/2configs/wordpress.nix @@ -0,0 +1,59 @@ +{ config, pkgs, ... }: + +{ + containers.wordpress = { + privateNetwork = true; + hostAddress = "192.168.101.1"; + localAddress = "192.168.101.2"; + + config = { + imports = [ + ../3modules/iptables.nix + ]; + + lass.iptables = { + enable = true; + tables = { + filter.INPUT.policy = "DROP"; + filter.FORWARD.policy = "DROP"; + filter.INPUT.rules = [ + { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } + { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } + { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } + { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } + { predicate = "-p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; } + ]; + }; + }; + + environment.systemPackages = with pkgs; [ + iptables + ]; + + services.postgresql = { + enable = true; + package = pkgs.postgresql; + }; + + services.httpd = { + enable = true; + adminAddr = "root@apanowicz.de"; + extraModules = [ + { name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; } + ]; + virtualHosts = [ + { + hostName = "wordpress"; + serverAliases = [ "wordpress" "www.wordpress" ]; + + extraSubservices = [ + { + serviceName = "wordpress"; + } + ]; + } + ]; + }; + }; + }; +} |