summaryrefslogtreecommitdiffstats
path: root/lass/2configs
diff options
context:
space:
mode:
Diffstat (limited to 'lass/2configs')
-rw-r--r--lass/2configs/downloading.nix67
-rw-r--r--lass/2configs/fastpoke-pages.nix10
-rw-r--r--lass/2configs/wordpress.nix59
3 files changed, 131 insertions, 5 deletions
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
new file mode 100644
index 000000000..e6d31a6c4
--- /dev/null
+++ b/lass/2configs/downloading.nix
@@ -0,0 +1,67 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ ../3modules/iptables.nix
+ ../3modules/folderPerms.nix
+ ];
+
+ users.extraUsers = {
+ download = {
+ name = "download";
+ home = "/var/download";
+ createHome = true;
+ extraGroups = [
+ "download"
+ ];
+ };
+
+ transmission = {
+ extraGroups = [
+ "download"
+ ];
+ };
+ };
+
+ users.extraGroups = {
+ download = {
+ members = [
+ "download"
+ "transmission"
+ ];
+ };
+ };
+
+ services.transmission = {
+ enable = true;
+ settings = {
+ download-dir = "/var/download/finished";
+ incomplete-dir = "/var/download/incoming";
+ incomplete-dir-enabled = true;
+
+ rpc-authentication-required = true;
+ rpc-whitelist-enabled = false;
+ rpc-username = "download";
+ #add rpc-password in secrets
+ rpc-password = "test123";
+ };
+ };
+
+ lass.iptables = {
+ enable = true;
+ tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }
+ ];
+ };
+
+ lass.folderPerms = {
+ enable = true;
+ permissions = [
+ {
+ path = "/var/download";
+ permission = "775";
+ owner = "transmission:download";
+ }
+ ];
+ };
+}
diff --git a/lass/2configs/fastpoke-pages.nix b/lass/2configs/fastpoke-pages.nix
index 9c80fa77a..1c8106a88 100644
--- a/lass/2configs/fastpoke-pages.nix
+++ b/lass/2configs/fastpoke-pages.nix
@@ -20,8 +20,8 @@ let
# 10.243.206.102 ${domain}
#'';
users.extraUsers = {
- "${domain}" = {
- name = "${domain}";
+ ${domain} = {
+ name = domain;
home = "/var/lib/http/${domain}";
createHome = true;
};
@@ -90,9 +90,9 @@ in {
};
};
- services.postgresql = {
- enable = true;
- };
+ #services.postgresql = {
+ # enable = true;
+ #};
#config.services.vsftpd = {
# enable = true;
diff --git a/lass/2configs/wordpress.nix b/lass/2configs/wordpress.nix
new file mode 100644
index 000000000..9458deb38
--- /dev/null
+++ b/lass/2configs/wordpress.nix
@@ -0,0 +1,59 @@
+{ config, pkgs, ... }:
+
+{
+ containers.wordpress = {
+ privateNetwork = true;
+ hostAddress = "192.168.101.1";
+ localAddress = "192.168.101.2";
+
+ config = {
+ imports = [
+ ../3modules/iptables.nix
+ ];
+
+ lass.iptables = {
+ enable = true;
+ tables = {
+ filter.INPUT.policy = "DROP";
+ filter.FORWARD.policy = "DROP";
+ filter.INPUT.rules = [
+ { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
+ { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
+ { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
+ { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
+ { predicate = "-p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
+ ];
+ };
+ };
+
+ environment.systemPackages = with pkgs; [
+ iptables
+ ];
+
+ services.postgresql = {
+ enable = true;
+ package = pkgs.postgresql;
+ };
+
+ services.httpd = {
+ enable = true;
+ adminAddr = "root@apanowicz.de";
+ extraModules = [
+ { name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; }
+ ];
+ virtualHosts = [
+ {
+ hostName = "wordpress";
+ serverAliases = [ "wordpress" "www.wordpress" ];
+
+ extraSubservices = [
+ {
+ serviceName = "wordpress";
+ }
+ ];
+ }
+ ];
+ };
+ };
+ };
+}