-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathconfiguration.nix
executable file
·124 lines (95 loc) · 2.77 KB
/
configuration.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
{ config, pkgs, ... }:
{
imports = [ <nixpkgs/nixos/modules/virtualisation/amazon-image.nix> ];
ec2.hvm = true;
nixpkgs.config.allowBroken = true;
nixpkgs.config.allowUnfree = true;
nix.trustedBinaryCaches = [ "https://nixcache.reflex-frp.org" ];
nix.binaryCachePublicKeys = [ "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" ];
networking.firewall.allowedTCPPorts = [80 443 6667 8000 8001 8080 24800];
networking.extraHosts =
''
'';
security.sudo.enable = true;
# Select internationalisation properties.
i18n = {
consoleFont = "Lat2-Terminus16";
consoleKeyMap = "us";
defaultLocale = "en_US.UTF-8";
};
# Set your time zone.
time.timeZone = "US/Eastern";
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
environment.systemPackages = with pkgs; [
curl
git
gitAndTools.gitFull
gnupg
haskellPackages.cabal2nix
tmux
traceroute
vim
wget
xclip
];
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# services.synergy.server = true;
# Define a user account. Don't forget to set a password with ‘passwd’.
users.extraUsers.greghale = {
isNormalUser = true;
uid = 1000;
description = "Greg Hale";
extraGroups = [ "wheel" "networkmanager" ];
};
users.extraGroups.vboxusers.members = [ "greghale" ];
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "17.03";
# nginx and letsencrypt
security.acme.certs."reffit.com" = {
webroot = "/var/www/challenges";
email = "[email protected]";
};
services.nginx = {
enable=true;
virtualHosts = {
"reffit.com" = {
forceSSL = false;
enableACME = true;
locations."/" = {
root = "/var/www";
};
};
};
};
services.nginx.httpConfig = ''
server {
server_name reffit.com;
listen 80;
listen [::]:80;
client_max_body_size 100M;
location /.well-known/acme-challenge {
root /var/www/challenges;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name reffit.com;
listen 443 ssl;
client_max_body_size 100M;
ssl_certificate ${config.security.acme.directory}/reffit.com/fullchain.pem;
ssl_certificate_key ${config.security.acme.directory}/reffit.com/key.pem;
location /talks/bayhack2017 {
return 301 http://bayhack2017.s3-website-us-west-1.amazonaws.com;
# proxy_pass http://bayhack2017.s3-website-us-west-1.amazonaws.com;
}
location / {
proxy_pass http://127.0.0.1:8000;
}
}
'';
}