diff options
Diffstat (limited to 'parts/systems/atlas')
| -rw-r--r-- | parts/systems/atlas/default.nix | 50 | ||||
| -rw-r--r-- | parts/systems/atlas/hardware-configuration.nix | 29 | ||||
| -rw-r--r-- | parts/systems/atlas/miniflux.nix | 20 | ||||
| -rw-r--r-- | parts/systems/atlas/nginx.nix | 32 |
4 files changed, 131 insertions, 0 deletions
diff --git a/parts/systems/atlas/default.nix b/parts/systems/atlas/default.nix new file mode 100644 index 0000000..24cb139 --- /dev/null +++ b/parts/systems/atlas/default.nix @@ -0,0 +1,50 @@ +{ + config, + pkgs, + ... +}: { + imports = [ + ./hardware-configuration.nix + ./miniflux.nix + ./nginx.nix + ]; + + _module.args.nixinate = { + host = "atlas"; + sshUser = "root"; + buildOn = "remote"; + substituteOnTarget = true; + hermetic = false; + }; + + boot = { + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + tmp.cleanOnBoot = true; + }; + + networking = { + domain = "mydadleft.me"; + hostName = "atlas"; + }; + + services = { + guzzle-api = { + enable = true; + domain = "api.${config.networking.domain}"; + nginx = { + enableACME = true; + acmeRoot = null; + addSSL = true; + }; + }; + }; + + users.users.atlas = { + isNormalUser = true; + shell = pkgs.bash; + passwordFile = config.age.secrets.userPassword.path; + }; + + zramSwap.enable = true; +} diff --git a/parts/systems/atlas/hardware-configuration.nix b/parts/systems/atlas/hardware-configuration.nix new file mode 100644 index 0000000..00c6cd8 --- /dev/null +++ b/parts/systems/atlas/hardware-configuration.nix @@ -0,0 +1,29 @@ +{modulesPath, ...}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot = { + extraModulePackages = []; + kernelModules = []; + + initrd = { + availableKernelModules = ["virtio_pci" "usbhid"]; + kernelModules = []; + }; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/f0c84809-83f5-414b-a973-496d25d74c6d"; + fsType = "ext4"; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/A253-0826"; + fsType = "vfat"; + }; + }; + + swapDevices = []; +} diff --git a/parts/systems/atlas/miniflux.nix b/parts/systems/atlas/miniflux.nix new file mode 100644 index 0000000..5ed5d40 --- /dev/null +++ b/parts/systems/atlas/miniflux.nix @@ -0,0 +1,20 @@ +{ + config, + self, + ... +}: { + config = { + age.secrets = { + miniflux.file = "${self}/parts/secrets/systems/${config.networking.hostName}/miniflux.age"; + }; + + services.miniflux = { + enable = true; + adminCredentialsFile = config.age.secrets.miniflux.path; + config = { + BASE_URL = "https://miniflux.${config.networking.domain}"; + LISTEN_ADDR = "localhost:7000"; + }; + }; + }; +} diff --git a/parts/systems/atlas/nginx.nix b/parts/systems/atlas/nginx.nix new file mode 100644 index 0000000..cdf483d --- /dev/null +++ b/parts/systems/atlas/nginx.nix @@ -0,0 +1,32 @@ +{ + config, + self, + ... +}: let + inherit (config.networking) domain; + inherit (self.lib.utils.nginx) mkVHosts mkProxy; +in { + server = { + acme.enable = true; + services.cloudflared.enable = true; + }; + + services.nginx = { + enable = true; + + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + virtualHosts = mkVHosts { + "miniflux.${domain}" = { + locations = mkProxy "/" "7000"; + }; + + "msix.${domain}" = { + root = "/var/www/msix"; + }; + }; + }; +} |