diff options
Diffstat (limited to 'hosts/cloud/hetzner')
| -rw-r--r-- | hosts/cloud/hetzner/configuration.nix | 42 | ||||
| -rw-r--r-- | hosts/cloud/hetzner/mail.nix | 27 | ||||
| -rw-r--r-- | hosts/cloud/hetzner/nginx.nix | 21 |
3 files changed, 79 insertions, 11 deletions
diff --git a/hosts/cloud/hetzner/configuration.nix b/hosts/cloud/hetzner/configuration.nix index a432391..bc23cf7 100644 --- a/hosts/cloud/hetzner/configuration.nix +++ b/hosts/cloud/hetzner/configuration.nix @@ -14,7 +14,7 @@ ../users.nix ../packages.nix ../../server.nix - ./mail.nix + # ./mail.nix ]; boot = { loader.grub = { @@ -50,5 +50,45 @@ # }; # }; + services.nostr-rs-relay = { + enable = true; + settings = { + info = { + description = "Oorbit coming"; + pubkey = "npub1ll29wev5zztj7mugxnqlzpa45m0t779zte4x90ugf3psxxqyzr6sk9nq94"; + relay_url = "wss://n.urbit.cloud"; + name = "UrNostr"; + }; + + network = { + # Bind to this network address + address = "0.0.0.0"; + # Listen on port 12849 (this is the default). I have not managed to find any way to change it. KEEP IT default! + }; + + authorization = { + pubkey_whitelist = [ + "npub1ll29wev5zztj7mugxnqlzpa45m0t779zte4x90ugf3psxxqyzr6sk9nq94" + ]; + }; + + options = { + max_event_size = 16384; + reject_future_seconds = 1800; + }; + + limits = { + max_subscriptions = 20; + max_filters = 100; + }; + }; + }; + + # Open firewall for the relay port + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; # Add 80/443 if using a reverse proxy + system.stateVersion = "24.11"; # Did you read the comment? } diff --git a/hosts/cloud/hetzner/mail.nix b/hosts/cloud/hetzner/mail.nix index 9ef4de8..4e218e7 100644 --- a/hosts/cloud/hetzner/mail.nix +++ b/hosts/cloud/hetzner/mail.nix @@ -1,8 +1,4 @@ -{ - config, - pkgs, - ... -}: { +{pkgs, ...}: { environment.etc = { "stalwart/mail-pw1".text = "poguo"; "stalwart/mail-pw2".text = "shahezai"; @@ -29,26 +25,37 @@ submissions = { bind = "[::]:465"; protocol = "smtp"; + tls.implicit = true; }; imaps = { bind = "[::]:993"; protocol = "imap"; + tls.implicit = true; }; - jmap = { + http = { bind = "[::]:8888"; url = "https://mail.urbit.cloud"; - protocol = "jmap"; - }; - management = { - bind = ["127.0.0.1:8888"]; protocol = "http"; + use-x-forwarded = true; }; + # management = { + # bind = ["127.0.0.1:8888"]; + # protocol = "http"; + # }; }; }; lookup.default = { hostname = "mail.urbit.cloud"; domain = "urbit.cloud"; }; + acme."letsencrypt" = { + directory = "https://acme-v02.api.letsencrypt.org/directory"; + challenge = "dns-01"; + contact = "postmaster@urbit.cloud"; + domains = ["urbit.cloud" "mail.urbit.cloud"]; + provider = "cloudfare"; + secret = "%{file:/etc/stalwart/acme-secret}"; + }; session.auth = { mechanisms = "[plain]"; directory = "'in-memory'"; diff --git a/hosts/cloud/hetzner/nginx.nix b/hosts/cloud/hetzner/nginx.nix index 2e88843..0e8dbb2 100644 --- a/hosts/cloud/hetzner/nginx.nix +++ b/hosts/cloud/hetzner/nginx.nix @@ -25,6 +25,25 @@ proxy_cache off; ''; }; + virtualHosts."n.urbit.cloud" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:12849"; + # TODO NIP 11 + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header Forwarded $proxy_add_x_forwarded_for; + ''; + }; + extraConfig = '' + chunked_transfer_encoding off; + proxy_http_version 1.1; + proxy_buffering off; + proxy_cache off; + ''; + }; # virtualHosts."bridge.urbit.cloud" = { # enableACME = true; # forceSSL = true; @@ -48,6 +67,8 @@ forceSSL = true; serverAliases = [ "mail.urbit.cloud" + "autoconfig.urbit.cloud" + "autodiscover.urbit.cloud" "mta-sts.urbit.cloud" ]; locations."/" = { |