2016-04-09 14:21:39 +02:00
|
|
|
{ config, pkgs, lib, ... }:
|
2015-12-12 18:21:50 +01:00
|
|
|
|
2016-03-23 13:45:06 +01:00
|
|
|
let
|
2016-09-08 21:23:51 +02:00
|
|
|
|
2016-10-20 21:40:11 +02:00
|
|
|
inherit (import <stockholm/lib>)
|
2016-05-13 00:22:22 +02:00
|
|
|
genid
|
2016-09-08 21:23:51 +02:00
|
|
|
genid_signed
|
|
|
|
;
|
2016-05-31 23:26:35 +02:00
|
|
|
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
|
2016-04-09 14:21:39 +02:00
|
|
|
servePage
|
2016-04-11 16:50:22 +02:00
|
|
|
serveOwncloud
|
|
|
|
serveWordpress;
|
2016-04-09 14:21:39 +02:00
|
|
|
|
2016-05-13 00:22:22 +02:00
|
|
|
msmtprc = pkgs.writeText "msmtprc" ''
|
2016-06-13 23:02:27 +02:00
|
|
|
account localhost
|
2016-05-13 00:22:22 +02:00
|
|
|
host localhost
|
2016-06-13 23:02:27 +02:00
|
|
|
account default: localhost
|
2016-05-13 00:22:22 +02:00
|
|
|
'';
|
|
|
|
|
|
|
|
sendmail = pkgs.writeDash "msmtp" ''
|
|
|
|
exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
|
|
|
|
'';
|
|
|
|
|
2017-03-25 22:49:50 +01:00
|
|
|
restartPhpfpm_o.ubikmedia = pkgs.writeDash "restartPhpfpm_o.ubikmedia.org" ''
|
|
|
|
${pkgs.systemd}/bin/systemctl restart phpfpm-o.ubikmedia.de.service
|
|
|
|
'';
|
|
|
|
|
|
|
|
restartPhpfpm_o.ubikmedia_wrapper = pkgs.writeDashBin "restartPhpfpm_o.ubikmedia" ''
|
|
|
|
/run/wrappers/bin/sudo ${restartPhpfpm_o.ubikmedia}
|
|
|
|
'';
|
|
|
|
|
|
|
|
restartPhpfpm_ubikmedia = pkgs.writeDash "restartPhpfpm_ubikmedia.org" ''
|
|
|
|
${pkgs.systemd}/bin/systemctl restart phpfpm-ubikmedia.de.service
|
|
|
|
'';
|
|
|
|
|
|
|
|
restartPhpfpm_ubikmedia_wrapper = pkgs.writeDashBin "restartPhpfpm_ubikmedia" ''
|
|
|
|
/run/wrappers/bin/sudo ${restartPhpfpm_ubikmedia}
|
|
|
|
'';
|
|
|
|
|
2016-03-23 13:45:06 +01:00
|
|
|
in {
|
2015-12-12 18:21:50 +01:00
|
|
|
imports = [
|
2016-06-01 00:13:19 +02:00
|
|
|
./sqlBackup.nix
|
2016-06-07 10:43:51 +02:00
|
|
|
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
|
|
|
|
(servePage [ "karlaskop.de" "www.karlaskop.de" ])
|
|
|
|
(servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ])
|
2016-12-26 14:18:08 +01:00
|
|
|
(servePage [ "pixelpocket.de" ])
|
|
|
|
(serveOwncloud [ "o.ubikmedia.de" ])
|
2016-06-07 20:03:47 +02:00
|
|
|
(serveWordpress [
|
|
|
|
"ubikmedia.de"
|
|
|
|
"apanowicz.de"
|
|
|
|
"nirwanabluete.de"
|
|
|
|
"aldonasiech.com"
|
|
|
|
"360gradvideo.tv"
|
|
|
|
"ubikmedia.eu"
|
2016-06-11 14:56:11 +02:00
|
|
|
"facts.cloud"
|
2016-06-30 09:17:08 +02:00
|
|
|
"youthtube.xyz"
|
2016-09-03 03:01:50 +02:00
|
|
|
"illucloud.eu"
|
|
|
|
"illucloud.de"
|
|
|
|
"illucloud.com"
|
2016-06-07 20:03:47 +02:00
|
|
|
"www.apanowicz.de"
|
|
|
|
"www.nirwanabluete.de"
|
|
|
|
"www.aldonasiech.com"
|
|
|
|
"www.360gradvideo.tv"
|
|
|
|
"www.ubikmedia.eu"
|
2016-06-11 14:56:11 +02:00
|
|
|
"www.facts.cloud"
|
2016-06-30 09:17:08 +02:00
|
|
|
"www.youthtube.xyz"
|
2016-09-03 03:01:50 +02:00
|
|
|
"www.illucloud.eu"
|
|
|
|
"www.illucloud.de"
|
|
|
|
"www.illucloud.com"
|
2017-01-10 17:28:04 +01:00
|
|
|
"www.ubikmedia.de"
|
2017-01-13 13:37:12 +01:00
|
|
|
"aldona2.ubikmedia.de"
|
2017-01-09 17:14:25 +01:00
|
|
|
"apanowicz.ubikmedia.de"
|
|
|
|
"cinevita.ubikmedia.de"
|
|
|
|
"factscloud.ubikmedia.de"
|
|
|
|
"illucloud.ubikmedia.de"
|
2017-01-13 13:37:12 +01:00
|
|
|
"joemisch.ubikmedia.de"
|
|
|
|
"karlaskop.ubikmedia.de"
|
|
|
|
"nb.ubikmedia.de"
|
|
|
|
"youthtube.ubikmedia.de"
|
2017-01-31 15:28:46 +01:00
|
|
|
"joemisch.com"
|
2016-06-07 20:03:47 +02:00
|
|
|
])
|
2016-04-09 14:21:39 +02:00
|
|
|
];
|
2015-12-12 18:21:50 +01:00
|
|
|
|
2016-12-26 14:18:08 +01:00
|
|
|
services.nginx.virtualHosts."ubikmedia.de".locations."/piwika".extraConfig = ''
|
|
|
|
try_files $uri $uri/ /index.php?$args;
|
|
|
|
'';
|
2016-07-08 14:07:56 +02:00
|
|
|
|
2016-06-01 00:13:19 +02:00
|
|
|
lass.mysqlBackup.config.all.databases = [
|
|
|
|
"ubikmedia_de"
|
|
|
|
"o_ubikmedia_de"
|
|
|
|
];
|
2016-04-11 16:50:49 +02:00
|
|
|
|
2016-10-11 17:50:42 +02:00
|
|
|
services.phpfpm.phpOptions = ''
|
|
|
|
sendmail_path = ${sendmail} -t
|
|
|
|
upload_max_filesize = 100M
|
|
|
|
post_max_size = 100M
|
|
|
|
file_uploads = on
|
2016-07-07 22:06:10 +02:00
|
|
|
'';
|
2016-07-21 19:47:42 +02:00
|
|
|
|
|
|
|
# MAIL STUFF
|
|
|
|
# TODO: make into its own module
|
2016-09-08 21:23:51 +02:00
|
|
|
services.dovecot2 = {
|
|
|
|
enable = true;
|
|
|
|
mailLocation = "maildir:~/Mail";
|
|
|
|
sslServerCert = "/var/lib/acme/lassul.us/fullchain.pem";
|
|
|
|
sslServerKey = "/var/lib/acme/lassul.us/key.pem";
|
|
|
|
};
|
|
|
|
krebs.iptables.tables.filter.INPUT.rules = [
|
|
|
|
{ predicate = "-p tcp --dport pop3s"; target = "ACCEPT"; }
|
|
|
|
{ predicate = "-p tcp --dport imaps"; target = "ACCEPT"; }
|
|
|
|
];
|
|
|
|
|
2016-07-21 19:47:42 +02:00
|
|
|
krebs.exim-smarthost = {
|
2016-09-08 21:23:51 +02:00
|
|
|
authenticators.PLAIN = ''
|
|
|
|
driver = plaintext
|
2016-10-27 14:19:26 +02:00
|
|
|
public_name = PLAIN
|
|
|
|
server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}}
|
2016-09-08 21:23:51 +02:00
|
|
|
'';
|
|
|
|
authenticators.LOGIN = ''
|
|
|
|
driver = plaintext
|
2016-10-27 14:19:26 +02:00
|
|
|
public_name = LOGIN
|
2016-09-08 21:23:51 +02:00
|
|
|
server_prompts = "Username:: : Password::"
|
2016-10-27 14:19:26 +02:00
|
|
|
server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
|
2016-09-08 21:23:51 +02:00
|
|
|
'';
|
2016-07-21 19:47:42 +02:00
|
|
|
internet-aliases = [
|
2016-10-19 15:01:36 +02:00
|
|
|
{ from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; }
|
2017-01-21 18:38:32 +01:00
|
|
|
{ from = "dma@ubikmedia.de"; to = "domsen"; }
|
|
|
|
{ from = "dma@ubikmedia.eu"; to = "domsen"; }
|
2016-07-21 19:47:42 +02:00
|
|
|
{ from = "mail@jla-trading.com"; to = "jla-trading"; }
|
2017-01-21 18:38:32 +01:00
|
|
|
{ from = "jms@ubikmedia.eu"; to = "jms"; }
|
|
|
|
{ from = "ms@ubikmedia.eu"; to = "ms"; }
|
2017-02-05 09:35:31 +01:00
|
|
|
{ from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; }
|
2017-01-21 18:38:32 +01:00
|
|
|
|
|
|
|
{ from = "testuser@lassul.us"; to = "testuser"; }
|
2016-07-21 19:47:42 +02:00
|
|
|
];
|
2016-10-27 14:19:26 +02:00
|
|
|
sender_domains = [
|
|
|
|
"jla-trading.com"
|
2017-01-21 18:38:32 +01:00
|
|
|
"ubikmedia.eu"
|
2017-03-16 15:09:57 +01:00
|
|
|
"ubikmedia.de"
|
2016-07-21 19:47:42 +02:00
|
|
|
];
|
2016-09-08 21:23:51 +02:00
|
|
|
ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
|
|
|
|
ssl_key = "/var/lib/acme/lassul.us/key.pem";
|
2016-07-21 19:47:42 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
users.users.domsen = {
|
2017-01-21 18:38:32 +01:00
|
|
|
uid = genid_signed "domsen";
|
2016-07-21 19:47:42 +02:00
|
|
|
description = "maintenance acc for domsen";
|
|
|
|
home = "/home/domsen";
|
|
|
|
useDefaultShell = true;
|
2016-12-12 19:05:00 +01:00
|
|
|
extraGroups = [ "nginx" "download" ];
|
2016-07-21 19:47:42 +02:00
|
|
|
createHome = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
users.users.jla-trading = {
|
2017-01-21 18:38:32 +01:00
|
|
|
uid = genid_signed "jla-trading";
|
2016-07-21 19:47:42 +02:00
|
|
|
home = "/home/jla-trading";
|
|
|
|
useDefaultShell = true;
|
|
|
|
createHome = true;
|
|
|
|
};
|
2017-01-21 18:38:32 +01:00
|
|
|
|
|
|
|
users.users.jms = {
|
|
|
|
uid = genid_signed "jms";
|
|
|
|
home = "/home/jms";
|
|
|
|
useDefaultShell = true;
|
|
|
|
createHome = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
users.users.ms = {
|
|
|
|
uid = genid_signed "ms";
|
|
|
|
home = "/home/ms";
|
|
|
|
useDefaultShell = true;
|
|
|
|
createHome = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
users.users.testuser = {
|
|
|
|
uid = genid_signed "testuser";
|
|
|
|
home = "/home/testuser";
|
|
|
|
useDefaultShell = true;
|
|
|
|
createHome = true;
|
|
|
|
};
|
2017-03-25 22:49:50 +01:00
|
|
|
|
|
|
|
#sudo restart wrappers
|
|
|
|
security.sudo.extraConfig = ''
|
|
|
|
domsen ALL= (root) NOPASSWD: ${restartPhpfpm_o.ubikmedia}
|
|
|
|
domsen ALL= (root) NOPASSWD: ${restartPhpfpm_ubikmedia}
|
|
|
|
'';
|
|
|
|
|
|
|
|
krebs.per-user.domsen.packages = [
|
|
|
|
restartPhpfpm_ubikmedia_wrapper
|
|
|
|
restartPhpfpm_o.ubikmedia_wrapper
|
|
|
|
];
|
|
|
|
|
2015-12-12 18:21:50 +01:00
|
|
|
}
|
|
|
|
|