feat(router0-dmz0): init bpir3 based router

2023-08-10 21:45:49 +02:00 · 2023-08-10 21:45:49 +02:00 · 6a2993b665
commit 6a2993b665
parent 5ec13b17b7
20 changed files with 1112 additions and 211 deletions
--- a/nix/os/containers/backup-target.nix
+++ b/nix/os/containers/backup-target.nix
@ -17,10 +17,10 @@

    networking.firewall.enable = false;

-    services.ddclientovh = {
-      enable = true;
-      domain = containerBackupCfg.addr;
-    };
+    # services.ddclientovh = {
+    #   enable = true;
+    #   domain = containerBackupCfg.addr;
+    # };

    services.openssh.enable = true;

--- a/nix/os/containers/mailserver.nix
+++ b/nix/os/containers/mailserver.nix
@ -43,14 +43,6 @@
    };

    # TODO: switch to something other than ddclient as it's no longer maintained
-    services.ddclient-hetzner = {
-      enable = false;
-      zone = "stefanjunker.de";
-      domains = [
-        "mailserver.svc.stefanjunker.de"
-      ];
-      passwordFile = config.sops.secrets.hetznerDnsApiToken.path;
-    };

    # TODO: switch to a let's encrypt certificate
    sops.secrets.dovecotSslServerCert = {
--- a/nix/os/containers/webserver.nix
+++ b/nix/os/containers/webserver.nix
@ -5,7 +5,9 @@
  httpPort ? 80,
  httpsPort ? 443,
  autoStart ? false,
-}: {
+}: let
+  domain = "www.stefanjunker.de";
+in {
  config = {
    config,
    pkgs,
@ -22,11 +24,6 @@

    networking.firewall.enable = false;

-    services.ddclientovh = {
-      enable = true;
-      domain = "www.stefanjunker.de";
-    };
-
    sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
    sops.secrets.hedgedoc_environment_file = {
      sopsFile = ./webserver_secrets.yaml;
@ -35,30 +32,30 @@

    services.caddy = {
      enable = true;
-      virtualHosts."${config.services.ddclientovh.domain}" = {
+      virtualHosts."${domain}" = {
        extraConfig = let
          port = "${builtins.toString config.services.authelia.instances.default.settings.server.port}";
          path = "${config.services.authelia.instances.default.settings.server.path}";
        in ''
-          redir /hedgedoc* https://hedgedoc.${config.services.ddclientovh.domain}
+          redir /hedgedoc* https://hedgedoc.${domain}

          respond "Hi!"
        '';
      };

-      virtualHosts."hedgedoc.${config.services.ddclientovh.domain}" = {
+      virtualHosts."hedgedoc.${domain}" = {
        extraConfig = ''
          reverse_proxy http://[::1]:3000
        '';
      };

-      virtualHosts."authelia.${config.services.ddclientovh.domain}" = {
+      virtualHosts."authelia.${domain}" = {
        extraConfig = ''
          reverse_proxy http://127.0.0.1:${builtins.toString config.services.authelia.instances.default.settings.server.port}
        '';
      };

-      virtualHosts."lldap.${config.services.ddclientovh.domain}" = {
+      virtualHosts."lldap.${domain}" = {
        extraConfig = ''
          reverse_proxy http://127.0.0.1:${builtins.toString config.services.lldap.settings.http_port}
        '';
@ -68,7 +65,7 @@
    services.hedgedoc = {
      enable = true;
      settings = {
-        domain = "hedgedoc.${config.services.ddclientovh.domain}";
+        domain = "hedgedoc.${domain}";
        urlPath = "";
        protocolUseSSL = true;
        db = {
@ -185,7 +182,7 @@
        verbose = true;

        ldap_base_dn = "dc=stefanjunker,dc=de";
-        http_url = "https://lldap.${config.services.ddclientovh.domain}";
+        http_url = "https://lldap.${domain}";

        ## Options to configure SMTP parameters, to send password reset emails.
        ## To set these options from environment variables, use the following format