config/networking.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

{ pkgs, ... }:

{
  networking = {
    hostName = "hermes";
    domain = "aristote.fr";

    useDHCP = false;
    interfaces.ens3.ipv4.addresses = [{
      address = "93.95.228.53";
      prefixLength = 16;
    }];
    defaultGateway = "93.95.228.1";
    nameservers = [ "93.95.224.28" "93.95.224.29" ];

    firewall = {
      enable = true;
      allowedTCPPorts = [ 80 443 ];
    };
  };

  security.acme = {
    acceptTerms = true;
    email = "quentin@aristote.fr";
  };

  services.nginx = {
    enable = true;
    virtualHosts = {
      # return 444 when trying to connect directly through the IP address
      "_" = {
        default = true;
        extraConfig = ''
          return 444;
        '';
      };

      "quentin.aristote.fr" = {
        root = "${pkgs.personal.academic-webpage}";
        forceSSL = true;
        enableACME = true;
      };
    };
  };

  services.openssh = {
    enable = true;
    permitRootLogin = "no";
    passwordAuthentication = false;
    extraConfig = ''
      AcceptEnv PS1
    '';
  };
  services.fail2ban.enable = true;
}