okarin/maggus.bayern: Init

2023-10-26 14:05:53 +02:00 · 2023-10-26 14:05:53 +02:00 · c705221f71
parent af1d41ffda
commit c705221f71
2 changed files with 33 additions and 0 deletions
--- a/machines/okarin/configuration.nix
+++ b/machines/okarin/configuration.nix
@ -5,6 +5,7 @@
    ./hardware-configuration.nix
    ../../modules

+    ./services/maggus.bayern.nix
    ./services/proxy.nix
  ];

--- a/machines/okarin/services/maggus.bayern.nix
+++ b/machines/okarin/services/maggus.bayern.nix
@ -0,0 +1,32 @@
+{ pkgs, ... }:
+
+{
+  users.users.maggus = {
+    isSystemUser = true;
+    group = "maggus";
+    shell = "/bin/sh";
+
+    openssh.authorizedKeys.keys = map (key: "command=\"${pkgs.rrsync}/bin/rrsync -wo /var/www/maggus.bayern/\",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ${key}") [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAWGXaMijpnm3RSH/PIVxkBRDIi1f5nMW/aS26g3b71M nils"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEF8o2ezSEXwWoAcdoeJs+wsZM/u8x+vtRNU3FXOMIT nils"
+    ];
+  };
+  users.groups.maggus = { };
+
+  systemd.tmpfiles.rules = [
+    "d /var/www/maggus.bayern 0755 maggus root -"
+  ];
+
+  services.nginx.virtualHosts = {
+    "maggus.bayern" = {
+      enableACME = true;
+      forceSSL = true;
+      root = "/var/www/maggus.bayern";
+    };
+    "www.maggus.bayern" = {
+      enableACME = true;
+      forceSSL = true;
+      globalRedirect = "maggus.bayern";
+    };
+  };
+}