coace/unit
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: coace:master
Branches Tags
coace:master
..
compare: coace:db996d5cd54f80734769915f89ef2fd9458ebe6e
Branches Tags
coace:master

2 Commits
master ... db996d5cd5

Author SHA1 Message Date
coolneng
db996d5cd5 Fix path of Mono directories 2021-05-11 12:32:29 +02:00
coolneng
0aad4cffab Add Mono FastCGI configuration 2021-05-11 11:48:26 +02:00
6 changed files with 47 additions and 42 deletions
Expand all files Collapse all files

14
README.org
View File

@@ -1,17 +1,3 @@
* Unit * Unit
Declarative configuration for the main server, using [[https://nixos.org][NixOS]] Declarative configuration for the main server, using [[https://nixos.org][NixOS]]
** Modules
The configuration is sliced into different files, per category:
- ZFS pool configuration: hardware-configuration.nix
- Network configuration: networking.nix
- Synchronization and backup services: datasync.nix
- Web services and reverse proxy: webstack.nix
- Smartd: monitoring.nix
- Systemd services and timers: periodic.nix
- Virtual machines: virtualization.nix
All the modules are imported in *configuration.nix*

1
modules/datasync.nix
View File

@@ -7,6 +7,7 @@
services.samba = { services.samba = {
enable = true; enable = true;
nsswins = true; nsswins = true;
syncPasswordsByPam = true;
extraConfig = '' extraConfig = ''
workgroup = WORKGROUP workgroup = WORKGROUP
server string = unit server string = unit

37
modules/hardware-configuration.nix
View File

@@ -43,13 +43,18 @@
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/vault/backups" =
{ device = "vault/backups";
fsType = "zfs";
};
fileSystems."/vault/VMs" = fileSystems."/vault/VMs" =
{ device = "vault/VMs"; { device = "vault/VMs";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/vault/backups" = fileSystems."/vault/code" =
{ device = "vault/backups"; { device = "vault/code";
fsType = "zfs"; fsType = "zfs";
}; };
@@ -58,8 +63,8 @@
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/vault/code" = fileSystems."/vault/config" =
{ device = "vault/code"; { device = "vault/config";
fsType = "zfs"; fsType = "zfs";
}; };
@@ -73,33 +78,23 @@
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/vault/backups/wordpress" =
{ device = "vault/backups/wordpress";
fsType = "zfs";
};
fileSystems."/vault/backups/frontend" =
{ device = "vault/backups/frontend";
fsType = "zfs";
};
fileSystems."/vault/backups/documents" = fileSystems."/vault/backups/documents" =
{ device = "vault/backups/documents"; { device = "vault/backups/documents";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/vault/config" =
{ device = "vault/config";
fsType = "zfs";
};
fileSystems."/vault/VMs/legacy" = fileSystems."/vault/VMs/legacy" =
{ device = "vault/VMs/legacy"; { device = "vault/VMs/legacy";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/vault/frontend" = fileSystems."/vault/backups/frontend" =
{ device = "vault/frontend"; { device = "vault/backups/frontend";
fsType = "zfs";
};
fileSystems."/vault/backups/wordpress" =
{ device = "vault/backups/wordpress";
fsType = "zfs"; fsType = "zfs";
}; };

5
modules/networking.nix
View File

@@ -103,11 +103,6 @@ in {
publicKey = "5DU9ipxJcut2wKrUr3yQux9crzXMSW4ZeKWFLRpUc1I="; publicKey = "5DU9ipxJcut2wKrUr3yQux9crzXMSW4ZeKWFLRpUc1I=";
allowedIPs = [ "10.9.0.4/32" ]; allowedIPs = [ "10.9.0.4/32" ];
} }
# manuela
{
publicKey = "V+DaOya2hLuV6C9BeCkDyFqXpPAFq9jMAeg1dvQw/FI=";
allowedIPs = [ "10.9.0.5/32" ];
}
]; ];
}; };
}; };

2
modules/periodic.nix
View File

@@ -16,7 +16,7 @@ in {
ls | xargs -P10 -I{} git -C {} pull --rebase ls | xargs -P10 -I{} git -C {} pull --rebase
''; '';
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
startAt = "22:00:00"; OnCalendar = "22:00:00";
}; };
# PostgreSQL daily backups # PostgreSQL daily backups

30
modules/webstack.nix
View File

@@ -42,13 +42,41 @@
forceSSL = true; forceSSL = true;
}; };
}; };
virtualHosts = {
"frontend.coace.duckdns.org" = {
enableACME = true;
forceSSL = true;
root = "/vault/backups/frontend/inetpub/wwwroot";
locations = {
"/few/".extraConfig = ''
fastcgi_index Default.aspx;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root/few/$fastcgi_script_name;
fastcgi_param PATH_INFO "";
fastcgi-mono-server4 /applications=/few/:/vault/backups/frontend/inetpub/wwwroot/few/socket=tcp:127.0.0.1:9000;
include ${pkgs.nginx}/conf/fastcgi_params;
'';
"/gcw/".extraConfig = ''
fastcgi_index Default.aspx;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root/few/$fastcgi_script_name;
fastcgi_param PATH_INFO "";
fastcgi-mono-server4 /applications=/gcw/:/vault/backups/frontend/inetpub/wwwroot/gcw/socket=tcp:127.0.0.1:9000;
include ${pkgs.nginx}/conf/fastcgi_params;
'';
};
};
};
}; };
# ACME certs configuration # ACME certs configuration
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
email = "secretario@arquitectosdeceuta.com"; email = "secretario@arquitectosdeceuta.com";
certs."coace.duckdns.org".webroot = "/var/lib/acme/acme-challenge"; certs."coace.duckdns.org" = {
webroot = "/var/lib/acme/acme-challenge";
extraDomainNames = [ "frontend.coace.duckdns.org" ];
};
}; };
# Generate dhparams # Generate dhparams