stockholm/lass/2configs/wordpress.nix

{ config, pkgs, ... }:

{
  containers.wordpress = {
    privateNetwork = true;
    hostAddress = "192.168.101.1";
    localAddress = "192.168.101.2";

    config = {
      imports = [
        ../../krebs/3modules/iptables.nix
      ];

      krebs.iptables = {
        enable = true;
        tables = {
          filter.INPUT.policy = "DROP";
          filter.FORWARD.policy = "DROP";
          filter.INPUT.rules = [
            { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
            { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
            { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
            { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
            { predicate = "-p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
          ];
        };
      };

      environment.systemPackages = with pkgs; [
        iptables
      ];

      services.postgresql = {
        enable = true;
        package = pkgs.postgresql;
      };

      services.httpd = {
        enable = true;
        adminAddr = "root@apanowicz.de";
        extraModules = [
          { name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; }
        ];
        virtualHosts = [
          {
            hostName = "wordpress";
            serverAliases = [ "wordpress" "www.wordpress" ];

            extraSubservices = [
              {
                serviceName = "wordpress";
              }
            ];
          }
        ];
      };
    };
  };
}
lass 2: add wordpress.nix 2015-08-13 20:32:03 +00:00			`{ config, pkgs, ... }:`

			`{`
			`containers.wordpress = {`
			`privateNetwork = true;`
			`hostAddress = "192.168.101.1";`
			`localAddress = "192.168.101.2";`

			`config = {`
			`imports = [`
lass: lass.iptables -> krebs.iptables 2015-10-01 20:13:40 +00:00			`../../krebs/3modules/iptables.nix`
lass 2: add wordpress.nix 2015-08-13 20:32:03 +00:00			`];`

lass: lass.iptables -> krebs.iptables 2015-10-01 20:13:40 +00:00			`krebs.iptables = {`
lass 2: add wordpress.nix 2015-08-13 20:32:03 +00:00			`enable = true;`
			`tables = {`
			`filter.INPUT.policy = "DROP";`
			`filter.FORWARD.policy = "DROP";`
			`filter.INPUT.rules = [`
			`{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }`
			`{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }`
			`{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }`
			`{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }`
			`{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }`
			`];`
			`};`
			`};`

			`environment.systemPackages = with pkgs; [`
			`iptables`
			`];`

			`services.postgresql = {`
			`enable = true;`
			`package = pkgs.postgresql;`
			`};`

			`services.httpd = {`
			`enable = true;`
			`adminAddr = "root@apanowicz.de";`
			`extraModules = [`
			`{ name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; }`
			`];`
			`virtualHosts = [`
			`{`
			`hostName = "wordpress";`
			`serverAliases = [ "wordpress" "www.wordpress" ];`

			`extraSubservices = [`
			`{`
			`serviceName = "wordpress";`
			`}`
			`];`
			`}`
			`];`
			`};`
			`};`
			`};`
			`}`