Find a file

Tristan Daniël Maat 759a9c7c0c conduit: Fix acme issue letsencrypt will prod on port 80 to verify the domain. `listen` overrides `addSSL`, so none of the NixOS modules' setup will actually work. This means the conduit virtualhost never listened on port 80, and couldn't verify letsencrypt requests. How this ever worked is beyond me, but this commit resolves the problems (don't worry, `forceSSL` does what it says on the tin and overrides the `listen` again).		2023-10-13 06:08:26 +02:00
configuration	conduit: Fix acme issue	2023-10-13 06:08:26 +02:00
keys	metrics: Add metrics with victoriametrics + grafana	2023-10-12 20:41:04 +02:00
lib	refactoring: Use flake-inputs instead of awkwardly passing through	2023-02-26 05:59:09 +00:00
modules	webserver: Use a hardened systemd unit instead of a container	2022-10-14 05:58:11 +01:00
pkgs	metrics: Add metrics with victoriametrics + grafana	2023-10-12 20:41:04 +02:00
.gitignore	Start reworking the server for nix flakes	2021-04-12 01:58:03 +01:00
.sops.yaml	sops: Improve secrets provisioning to split out staging	2022-10-12 23:22:50 +01:00
flake.lock	flake.lock: Update	2023-09-17 21:25:14 +02:00
flake.nix	metrics: Add metrics with victoriametrics + grafana	2023-10-12 20:41:04 +02:00
LICENSE	Add LICENSE	2019-11-26 23:26:10 +00:00
README.md	README.md: Update to new and improved flake mechanisms	2022-10-17 14:29:56 +01:00

tlater.net server configuration

This is the NixOS configuration for tlater.net.

Testing

Run a test VM with:

nix run

Note: M-2 will bring up a console for poweroff and such

One caveat: create a larger disk image first. This can be done by running the following in the repository root:

qemu-img create -f qcow2 ./tlaternet.qcow2 20G

Whenever a new service is added, add an appropriate port binding to qemuNetOpts in the default app.

There is no way to test this without binding to the host port, sadly.

Deployment is handled using deploy-rs:

deploy .#tlaternet