diff --git a/README.md b/README.md
index 9e099f2..45dd787 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,6 @@ This is my nix infrastructure that runs on my strato server.
## nixos image
To get a basic nixos image use `nix build .#register`.
-Afterwards you can import it into lxd using `lxc image import ./result/metadata.tar.xz ./result/lxc.tar.xz --alias nixos`
+Afterwards you can import it into lxd using `lxc image import ./result/metadata.tar.xz ./result/lxc.tar.xz security.nesting=true --alias nixos`
You can then use `lxc launch nixos $name$` to make a new lxc container and start it.
diff --git a/common/lxc.nix b/common/lxc.nix
index ededbcd..8c0b4b6 100644
--- a/common/lxc.nix
+++ b/common/lxc.nix
@@ -8,4 +8,6 @@
];
boot.isContainer = true;
+ fileSystems."/run/keys" = { fsType = "tmpfs"; };
+
}
diff --git a/flake.nix b/flake.nix
index 5b290e8..e6d6d67 100644
--- a/flake.nix
+++ b/flake.nix
@@ -48,13 +48,18 @@
colmena = {
meta = { nixpkgs = import nixpkgs { system = "x86_64-linux"; }; };
nginx = {
- imports = [ ./machines/nginx.nix ];
- deployment.targetHost = "10.21.150.250";
+ imports = [ ./machines/nginx ];
+ deployment = {
+ targetHost = "nginx.lxd";
+ tags = [ "website" ];
+ };
};
-
- nginx2 = {
- imports = [ ./machines/nginx.nix ];
- deployment.targetHost = "10.21.150.95";
+ postgres = {
+ imports = [ ./machines/postgres ];
+ deployment = {
+ targetHost = "postgres.lxd";
+ tags = [ "database" ];
+ };
};
};
diff --git a/machines/nginx.nix b/machines/nginx.nix
deleted file mode 100644
index e5c7544..0000000
--- a/machines/nginx.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ config, pkgs, ... }: {
- imports = [ ../common ../common/lxc.nix ];
- networking.hostName = "nginx";
- system.stateVersion = "21.11";
- networking.firewall.enable = true;
- networking.firewall.allowedTCPPorts = [ 80 443 ];
- services.nginx.enable = true;
- services.nginx.package = pkgs.nginxMainline;
-
-}
diff --git a/machines/nginx/default.nix b/machines/nginx/default.nix
new file mode 100644
index 0000000..28a29f1
--- /dev/null
+++ b/machines/nginx/default.nix
@@ -0,0 +1,28 @@
+{ config, pkgs, ... }: {
+ imports = [ ../../common ../../common/lxc.nix ];
+ networking.hostName = "nginx";
+ system.stateVersion = "21.11";
+ networking.firewall.enable = true;
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+ services.nginx = {
+ enable = true;
+ recommendedGzipSettings = true;
+ recommendedOptimisation = true;
+ recommendedProxySettings = true;
+ recommendedTlsSettings = true;
+ package = pkgs.nginxMainline;
+ virtualHosts."asraphiel.dev" = {
+ forceSSL = true;
+ http2 = true;
+ enableACME = true;
+ root = "/etc/main";
+ };
+ };
+ security.acme.email = "acme@voidcorp.nl";
+ security.acme.acceptTerms = true;
+ environment.etc."main/index.html" = {
+ enable = true;
+ source = ./index.html;
+ };
+
+}
diff --git a/machines/nginx/index.html b/machines/nginx/index.html
new file mode 100644
index 0000000..81d8005
--- /dev/null
+++ b/machines/nginx/index.html
@@ -0,0 +1,25 @@
+
+
+
+
+ Julius' meme corner
+
+
+
+
+ Welcome to my site!
+ There's absolutely nothing here for now...
+ I'm working on it trust me!
+
+
+
\ No newline at end of file
diff --git a/machines/postgres/default.nix b/machines/postgres/default.nix
new file mode 100644
index 0000000..f0a4e4b
--- /dev/null
+++ b/machines/postgres/default.nix
@@ -0,0 +1,20 @@
+{ config, pkgs, ... }: {
+ imports = [ ../../common ../../common/lxc.nix ];
+ networking.hostName = "postgres";
+ system.stateVersion = "21.11";
+
+ networking.firewall.enable = true;
+ networking.firewall.allowedTCPPorts = [ 5432 ];
+
+ services.postgresql = {
+ enable = true;
+ # yes scuffed, but technically lxd can do whatever with the ip's it gives
+ authentication = "host all all 10.0.0.0/24 trust";
+ ensureDatabases = [ "gitea" ];
+ ensureUsers = [{
+ name = "gitea";
+ ensurePermissions = { "DATABASE \"gitea\"" = "ALL PRIVILEGES"; };
+ }];
+ enableTCPIP = true;
+ };
+}