Compare commits

...

3 commits

5 changed files with 85 additions and 35 deletions

View file

@ -71,7 +71,7 @@
domain = "tlater.net";
virtualHosts = let
host = port: extra:
proxyPassToPort = port: extra:
lib.recursiveUpdate {
forceSSL = true;
enableACME = true;
@ -83,9 +83,9 @@
extra;
domain = config.services.nginx.domain;
in {
"${domain}" = host 3002 {serverAliases = ["www.${domain}"];};
"gitea.${domain}" = host 3000 {};
"nextcloud.${domain}" = host 3001 {};
"${domain}" = proxyPassToPort 3002 {serverAliases = ["www.${domain}"];};
"gitea.${domain}" = proxyPassToPort 3000 {};
"nextcloud.${domain}" = proxyPassToPort 3001 {};
};
};

View file

@ -1,9 +1,4 @@
{
config,
lib,
pkgs,
...
}: {
{...}: {
# Required for the lish console
boot.kernelParams = ["console=ttyS0,19200n8"];

View file

@ -92,6 +92,32 @@
};
};
apps.${system}.default = let
inherit (self.nixosConfigurations.vm.config.system.build) vm;
inherit (nixpkgs.legacyPackages.${system}) writeShellScript;
inherit (nixpkgs.lib.attrsets) mapAttrsToList;
inherit (nixpkgs.lib.strings) concatStringsSep;
ports = {
"2222" = "2222";
"3080" = "80";
"3443" = "443";
"2221" = "2221";
"21025" = "21025"; # Starbound
};
QEMU_NET_OPTS =
concatStringsSep ","
(mapAttrsToList
(host: vm: "hostfwd=::${host}-:${vm}")
ports);
in {
type = "app";
program = builtins.toString (writeShellScript "run-vm" ''
export QEMU_OPTS="-m 3941 -smp 2 -curses"
export QEMU_NET_OPTS="${QEMU_NET_OPTS}"
"${vm}/bin/run-tlaternet-vm"
'');
};
devShells.${system}.default = pkgs.mkShell {
sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"];
nativeBuildInputs = [
@ -103,25 +129,7 @@
sops-pkgs.sops-init-gpg-key
];
shellHook = let
inherit (pkgs.lib.attrsets) mapAttrsToList;
inherit (pkgs.lib.strings) concatStringsSep;
ports = {
"2222" = "2222";
"3080" = "80";
"3443" = "443";
"2221" = "2221";
"21025" = "21025"; # Starbound
};
QEMU_NET_OPTS =
concatStringsSep ","
(mapAttrsToList
(host: vm: "hostfwd=::${host}-:${vm}")
ports);
in ''
export QEMU_OPTS="-m 3941 -smp 2 -curses"
export QEMU_NET_OPTS="${QEMU_NET_OPTS}"
shellHook = ''
# Work around sudo requiring a full terminal when deploying to
# a remote host
export NIX_SSHOPTS="-t"

48
keys/internal.yaml Normal file
View file

@ -0,0 +1,48 @@
nextcloud:
tlater: ENC[AES256_GCM,data:zNsPm4uFaIRe3LjcwmayRg==,iv:5wam6bP5zP708jC9UrLV0s8qspl3Pm4fPzbMFYBUyPQ=,tag:apnJUMeJwMn9q0NhO4ptmA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2022-10-12T00:50:02Z"
mac: ENC[AES256_GCM,data:6EIC9W7If1c2OnP6j3u4SOcG26v/aScfRWyZeofhtM6Wkw52sonaBp3IsOkp/Jn/WWYKdNgffpBwMYfxI6JumsiZzb9cdED6Tr/fxjminoz8dopZTMgIYHj3ocIyU2M35SlsYE3iPEb4eHrmP/dIhExEQp2Hkin3afLHbmDV1Rs=,iv:kQ+OGNg3p/3i9d0Xlr/vp1ac14GYvg4GZqeXOt+9jZE=,tag:NYqyLUn9pTjSlrTAC/ke8g==,type:str]
pgp:
- created_at: "2022-10-12T00:46:51Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQEMA7x7stsXx45CAQf9Hivg5x2NEKp3icdAIXKoBVTp5jnqJ2S5xDpK4cbCUwRd
Z2VyNjxAXdTgKsviXseWbtsEbqo41oqjtpZwXK36gT/miKSPYyBSLb689L70RpWR
aC4QzOHbYr1Trr1whkTVaQG1vd2u9ZEyxsi13ItiYVylu7tgMqaDqzE4Y47RPZtz
FWFY4chO5Tq/DL0blP8oCTLFx4LSL82JbZswCfqrSHX44HGZ/OELHqNhYNF6hkCr
DgYYh7l7s08farE+PnTbWt808Kd3kP8fCRaLm9nt1X1c5QQElaWBjGIscK9fOsV4
iVFQfPBdwBi8aawCmwvXOcg6sX050Ow3NeYQBJVICtJeAeHyetxxEYip6CrADsiq
UG1Np+p6Pcbq/k6E1vT6bsRrhUWPYC4yuh6Edg5p/jxa4DAlsq/OgDI9pquE9aIt
F8cQMHfIkNP8/HiM/KwmdHoTJiy8YCwqP/UalSJdVw==
=lnlW
-----END PGP MESSAGE-----
fp: 535B61015823443941C744DD12264F6BBDFABA89
- created_at: "2022-10-12T00:46:51Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA9ahl2ynTH87AQ/+ID/6Dcbat+YRvT8VpfKpZf2O6EFbI3dlPDkZ+f4yFW0R
uGKkLR69utM8FoEn1XUkPG3klDk5t/gQikS/d1lPZ6cPOsVzY4P2Te6LizP25vCE
cHkztZG/IuBCBfLp8xsEjF1OXEDnb7Klqd3aJuYrvJNm3SreNydRAGyM1E94+iQL
zLrHF0WbD+dVdVG+ZoHKouGHVVmcxTkfi8Ce63pHKxOiMgqJLnImC357mle4DlJV
1My0CPV9Y1ElY+W5s+a7sRgursR0AVOkuvWYT39VW+RmFpUZyRCgyW+L6ilCEcOV
VXJHf0IFylkqevh11BssIetHAtT8anqZ+wo3ON4gEHjcahufc1h8rOxEEsWe/qUC
XZzfwilOsY/vKJ+GTz5Cp8XAviozQL5o2O5H9PiHxQl019QHZgprJclGMlukCBkR
Uo3h1Rl2na8JqcolAlFGQ1/QxsOnJ/KAmOpUZ7fZqG2qnsXnFjXcuqo+0e58odaT
sZLIspvsEHBHKzsvUa6BT8bTc+GlsB3hFolBVdX4y9kTWuzxy0K6bKA9HMTf4FPW
w2hIlvYhlgEx9MVqKLbemN3ye2rC3GRUBXxVXmlXBmb7nXPZCOGqL6nrvtsQ1E4h
D9+sN+cvYh5lYPByjXYinT8TqFVpqX++qnpgHC+5c6WtDHlhRAyfIQK51wCyiZbS
UAG6iDEbCWwD7uHZjDmVycC2R/0HnO+o9xMBI6teKYziFhvn8m7R9gzr7zn/0x3t
dVMXtojhfbMPzYK0gT6xOn8SbYGH0MV7ddOm7+Kl3Z8Y
=zDer
-----END PGP MESSAGE-----
fp: 8a3737d48f1035fe6c3a0a8fd6a1976ca74c7f3b
unencrypted_suffix: _unencrypted
version: 3.7.2

View file

@ -1,9 +1,8 @@
{lib, ...}:
with lib; {
imports = [./virtualisation/pods.nix];
options.services.nginx.domain = mkOption {
type = types.str;
{lib, ...}: let
inherit (lib) mkOption types;
in {
options.services.nginx.domain = lib.mkOption {
type = lib.types.str;
description = "The base domain name to append to virtual domain names";
};
}