diff options
Diffstat (limited to 'systems/atlas')
| -rw-r--r-- | systems/atlas/default.nix | 53 | ||||
| -rw-r--r-- | systems/atlas/hardware-configuration.nix | 29 | ||||
| -rw-r--r-- | systems/atlas/miniflux.nix | 16 | ||||
| -rw-r--r-- | systems/atlas/nginx.nix | 46 |
4 files changed, 144 insertions, 0 deletions
diff --git a/systems/atlas/default.nix b/systems/atlas/default.nix new file mode 100644 index 0000000..00bfab4 --- /dev/null +++ b/systems/atlas/default.nix @@ -0,0 +1,53 @@ +{ + config, + pkgs, + ... +}: { + imports = [ + ./hardware-configuration.nix + ./miniflux.nix + ./nginx.nix + ]; + + _module.args.nixinate = { + host = "atlas"; + sshUser = "root"; + buildOn = "remote"; + substituteOnTarget = true; + hermetic = false; + }; + + boot = { + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + tmp.cleanOnBoot = true; + }; + + networking = { + domain = "mydadleft.me"; + hostName = "atlas"; + networkmanager.enable = false; + }; + + services = { + guzzle-api = { + enable = true; + domain = "api.${config.networking.domain}"; + nginx = { + enableACME = true; + acmeRoot = null; + addSSL = true; + }; + }; + + resolved.enable = false; + }; + + users.users.atlas = { + isNormalUser = true; + shell = pkgs.bash; + passwordFile = config.age.secrets.userPassword.path; + }; + + zramSwap.enable = true; +} diff --git a/systems/atlas/hardware-configuration.nix b/systems/atlas/hardware-configuration.nix new file mode 100644 index 0000000..00c6cd8 --- /dev/null +++ b/systems/atlas/hardware-configuration.nix @@ -0,0 +1,29 @@ +{modulesPath, ...}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot = { + extraModulePackages = []; + kernelModules = []; + + initrd = { + availableKernelModules = ["virtio_pci" "usbhid"]; + kernelModules = []; + }; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/f0c84809-83f5-414b-a973-496d25d74c6d"; + fsType = "ext4"; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/A253-0826"; + fsType = "vfat"; + }; + }; + + swapDevices = []; +} diff --git a/systems/atlas/miniflux.nix b/systems/atlas/miniflux.nix new file mode 100644 index 0000000..df1c761 --- /dev/null +++ b/systems/atlas/miniflux.nix @@ -0,0 +1,16 @@ +{config, ...}: { + config = { + age.secrets = { + miniflux.file = ../../secrets/systems/${config.networking.hostName}/miniflux.age; + }; + + services.miniflux = { + enable = true; + adminCredentialsFile = config.age.secrets.miniflux.path; + config = { + BASE_URL = "https://miniflux.${config.networking.domain}"; + LISTEN_ADDR = "localhost:7000"; + }; + }; + }; +} diff --git a/systems/atlas/nginx.nix b/systems/atlas/nginx.nix new file mode 100644 index 0000000..6cdd793 --- /dev/null +++ b/systems/atlas/nginx.nix @@ -0,0 +1,46 @@ +{ + config, + lib, + ... +}: let + inherit (config.networking) domain; + + mkProxy = endpoint: port: { + "${endpoint}" = { + proxyPass = "http://localhost:${toString port}"; + proxyWebsockets = true; + }; + }; + + mkVHosts = let + commonSettings = { + enableACME = true; + # workaround for https://github.com/NixOS/nixpkgs/issues/210807 + acmeRoot = null; + + addSSL = true; + }; + in + lib.mapAttrs (_: lib.recursiveUpdate commonSettings); +in { + server.services.cloudflared.enable = true; + + services.nginx = { + enable = true; + + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + virtualHosts = mkVHosts { + "miniflux.${domain}" = { + locations = mkProxy "/" "7000"; + }; + + "msix.${domain}" = { + root = "/var/www/msix"; + }; + }; + }; +} |