diff options
| author | Martin Fischer <martin@push-f.com> | 2024-12-13 07:35:32 +0100 |
|---|---|---|
| committer | Martin Fischer <martin@push-f.com> | 2024-12-16 05:12:07 +0100 |
| commit | d478dbd916c240e5ff609dcca17eedbd04c7fe83 (patch) | |
| tree | ce5c8b5916672bebaa34b446529528592c346f12 | |
| parent | cd1471871c1719f666d2971754d2ec7af25a2859 (diff) | |
tente: add nginx
| -rw-r--r-- | nixos/parts/dev.nix | 2 | ||||
| -rwxr-xr-x | nixos/parts/scripts/deploy-dir | 16 | ||||
| -rw-r--r-- | nixos/tente-configuration.nix | 33 |
3 files changed, 50 insertions, 1 deletions
diff --git a/nixos/parts/dev.nix b/nixos/parts/dev.nix index aca8e78..0d258b4 100644 --- a/nixos/parts/dev.nix +++ b/nixos/parts/dev.nix @@ -19,6 +19,8 @@ sqlite-interactive tokei + (writeShellScriptBin "deploy-dir" (builtins.readFile ./scripts/deploy-dir)) + gcc # rustc fails if cc linker isn't found chromium diff --git a/nixos/parts/scripts/deploy-dir b/nixos/parts/scripts/deploy-dir new file mode 100755 index 0000000..bb7dfdf --- /dev/null +++ b/nixos/parts/scripts/deploy-dir @@ -0,0 +1,16 @@ +#!/usr/bin/env bash + +if [ "$#" -ne 3 ]; then + echo "usage: $0 <local_dir> <ssh_dest> <remote_dir>" + exit 1 +fi +printf -v remote_dir %q $3 + +cd $1 +tar cf - . | ssh $2 "set -xe +TEMP_DIR=\$(mktemp -d) +cd \$TEMP_DIR +tar xvf - +rm -rf $remote_dir +mv \$TEMP_DIR $remote_dir +" diff --git a/nixos/tente-configuration.nix b/nixos/tente-configuration.nix index 8254fb0..e74a679 100644 --- a/nixos/tente-configuration.nix +++ b/nixos/tente-configuration.nix @@ -3,6 +3,10 @@ # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). +let + domain = "beta.push-f.com"; + acmeEmail = "martin@push-f.com"; +in { config, lib, pkgs, ... }: { @@ -41,7 +45,10 @@ users.users.martin = { isNormalUser = true; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + extraGroups = [ + "wheel" # Enable ‘sudo’ for the user. + "www-data" + ]; packages = with pkgs; [ ]; }; @@ -65,6 +72,7 @@ networking.firewall.allowedTCPPorts = [ # Enabling openssh automatically opens its port in the firewall. # For all other services we need to manually list the ports here. + 80 443 ]; networking.firewall.allowedUDPPorts = []; @@ -73,6 +81,12 @@ # Enable the OpenSSH daemon. services.openssh.enable = true; + users.groups.www-data = {}; + + systemd.tmpfiles.rules = [ + "d /srv/www 2770 root www-data -" + ]; + services.gitolite = { enable = true; adminPubkey = ""; # TODO: submit PR to nixpkgs to make this option optional @@ -80,6 +94,23 @@ dataDir = "/srv/gitolite"; }; + security.acme = { + acceptTerms = true; # https://letsencrypt.org/repository/ + defaults.email = acmeEmail; + }; + + services.nginx = { + enable = true; + group = "www-data"; + + # My personal website + virtualHosts."${domain}" = { + enableACME = true; + forceSSL = true; + root = "/srv/www/${domain}"; + }; + }; + # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. |