webserver: Use a hardened systemd unit instead of a container

2022-10-12 19:58:09 +01:00 · 2022-10-12 19:58:09 +01:00 · 068e6d5d77
commit 068e6d5d77
parent b6594cea54
6 changed files with 321 additions and 401 deletions
--- a/flake.nix
+++ b/flake.nix
@ -2,7 +2,7 @@
  description = "tlater.net host configuration";

  inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-21.11";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-22.05";
    nixos-hardware.url = "github:nixos/nixos-hardware/master";
    sops-nix = {
      url = "github:Mic92/sops-nix";
@ -13,10 +13,6 @@
      url = "git+https://gitea.tlater.net/tlaternet/tlaternet.git";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    tlaternet-templates = {
-      url = "git+https://gitea.tlater.net/tlaternet/tlaternet-templates.git";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
  };

  outputs = {
@ -25,16 +21,11 @@
    nixos-hardware,
    sops-nix,
    tlaternet-webserver,
-    tlaternet-templates,
  }: let
    system = "x86_64-linux";

    overlays = [
      (final: prev: {
-        tlaternet-webserver =
-          tlaternet-webserver.legacyPackages.${prev.system}.packages;
-        tlaternet-templates =
-          tlaternet-templates.legacyPackages.${prev.system}.packages;
        local = import ./pkgs {
          pkgs = prev;
        };
@ -59,6 +50,7 @@
          (import ./configuration/linode.nix)
          (import ./configuration/hardware-configuration.nix)
          sops-nix.nixosModules.sops
+          tlaternet-webserver.nixosModules.default
        ];
      };

@ -74,6 +66,7 @@

          (import ./configuration)
          sops-nix.nixosModules.sops
+          tlaternet-webserver.nixosModules.default
          ({lib, ...}: {
            users.users.tlater.password = "insecure";