default.nix (4412B)
1 extra: 2 { config, lib, pkgs, ... }: 3 let util = extra.util; 4 private = extra.private; 5 extras = (rec { ztip = "10.144.14.20"; 6 nix-serve = { 7 port = 10845; 8 bindAddress = ztip; 9 }; 10 import-scripts = (import <monstercatpkgs> { }).import-scripts; 11 }) // extra; 12 in { 13 imports = [ 14 ./hardware 15 (import ./backups extras) 16 (import ./backups/git.nix extras) 17 (import ./backups/wiki.nix extras) 18 (import ./nginx extras) 19 (import ./trendbot extras) 20 (import ./transaction-bot extras) 21 (import ./tunecore-sales-bot extras) 22 (import ./bandcamp-sales-bot extras) 23 (import ./youtube-sales-bot extras) 24 (import ./youtube-pub-sales-bot extras) 25 (import ./shopify-sales-bot extras) 26 (import ./itunes-bots extras) 27 (import ./cogs-bot extras) 28 (import <nixpkgs/nixos/modules/services/misc/gitit.nix>) 29 ]; 30 31 services.printing.drivers = [ pkgs.samsung-unified-linux-driver_4_01_17 ]; 32 services.mongodb.enable = true; 33 services.redis = { 34 enable = true; 35 bind = extras.ztip; 36 }; 37 38 services.gitit = rec { 39 enable = true; 40 wikiTitle = "Monstercat Wiki"; 41 requireAuthentication = "none"; 42 sessionTimeout = 43800; 43 math = "mathml"; 44 mathJaxScript = "MathJax/MathJax.js"; 45 plugins = []; 46 mailCommand = "/run/current-system/sw/bin/sendmail %s"; 47 accessQuestion = "Enter 'monstercat' here"; 48 accessQuestionAnswers = "monstercat"; 49 staticDir = "/var/lib/gitit-static"; 50 useFeed = true; 51 resetPasswordMessage = '' 52 53 > From: gitit@monstercat.com 54 > To: $useremail$ 55 > Subject: ${wikiTitle} password reset 56 > 57 > Hello $username$, 58 > 59 > To reset your password, please follow the link below: 60 > http://wiki.monstercat.com$resetlink$ 61 > 62 > Regards 63 ''; 64 }; 65 66 users.extraGroups.gitit.members = [ "jb55" ]; 67 68 services.nginx.httpConfig = '' 69 server { 70 listen 80; 71 server_name pkgs.monster.cat; 72 73 location = / { 74 return 301 https://github.com/monstercat/monstercatpkgs/archive/master.tar.gz; 75 } 76 } 77 78 server { 79 listen 80; 80 server_name nixcache.monstercat.com; 81 82 location / { 83 proxy_pass http://${extras.nix-serve.bindAddress}:${toString extras.nix-serve.port}; 84 proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; 85 proxy_redirect off; 86 proxy_buffering off; 87 proxy_set_header Host $host; 88 proxy_set_header X-Real-IP $remote_addr; 89 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 90 } 91 } 92 93 server { 94 listen 80; 95 server_name wiki.monstercat.com wiki.monster.cat; 96 97 location / { 98 proxy_pass http://localhost:${toString config.services.gitit.port}; 99 proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; 100 proxy_redirect off; 101 proxy_buffering off; 102 proxy_set_header Host $host; 103 proxy_set_header X-Real-IP $remote_addr; 104 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 105 } 106 } 107 ''; 108 109 services.nix-serve.enable = true; 110 services.nix-serve.bindAddress = extras.nix-serve.bindAddress; 111 services.nix-serve.port = extras.nix-serve.port; 112 113 networking.firewall.trustedInterfaces = ["zt0" "zt2"]; 114 networking.firewall.allowedTCPPorts = [ 22 143 80 ]; 115 116 networking.defaultMailServer = { 117 directDelivery = private.gmail-user != null || private.gmail-pass != null; 118 hostName = "smtp.gmail.com:587"; 119 root = "bill@monstercat.com"; 120 domain = "monstercat.com"; 121 useTLS = true; 122 useSTARTTLS = true; 123 authUser = private.gmail-user; 124 authPass = private.gmail-pass; 125 }; 126 127 services.fcgiwrap.enable = true; 128 129 systemd.services.postgresql.after = [ "zerotierone.service" ]; 130 131 services.postgresql = { 132 dataDir = "/var/db/postgresql/9.5/"; 133 enable = true; 134 # extraPlugins = with pkgs; [ pgmp ]; 135 authentication = pkgs.lib.mkForce '' 136 # type db user address method 137 local all all trust 138 host all all 10.144.0.0/16 trust 139 host all all 192.168.1.0/16 trust 140 141 ''; 142 extraConfig = '' 143 listen_addresses = '10.144.14.20,192.168.1.49' 144 ''; 145 }; 146 }