diff --git a/README.md b/README.md index 9e099f2..45dd787 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,6 @@ This is my nix infrastructure that runs on my strato server. ## nixos image To get a basic nixos image use `nix build .#register`. -Afterwards you can import it into lxd using `lxc image import ./result/metadata.tar.xz ./result/lxc.tar.xz --alias nixos` +Afterwards you can import it into lxd using `lxc image import ./result/metadata.tar.xz ./result/lxc.tar.xz security.nesting=true --alias nixos` You can then use `lxc launch nixos $name$` to make a new lxc container and start it. diff --git a/common/lxc.nix b/common/lxc.nix index ededbcd..8c0b4b6 100644 --- a/common/lxc.nix +++ b/common/lxc.nix @@ -8,4 +8,6 @@ ]; boot.isContainer = true; + fileSystems."/run/keys" = { fsType = "tmpfs"; }; + } diff --git a/flake.nix b/flake.nix index 5b290e8..e6d6d67 100644 --- a/flake.nix +++ b/flake.nix @@ -48,13 +48,18 @@ colmena = { meta = { nixpkgs = import nixpkgs { system = "x86_64-linux"; }; }; nginx = { - imports = [ ./machines/nginx.nix ]; - deployment.targetHost = "10.21.150.250"; + imports = [ ./machines/nginx ]; + deployment = { + targetHost = "nginx.lxd"; + tags = [ "website" ]; + }; }; - - nginx2 = { - imports = [ ./machines/nginx.nix ]; - deployment.targetHost = "10.21.150.95"; + postgres = { + imports = [ ./machines/postgres ]; + deployment = { + targetHost = "postgres.lxd"; + tags = [ "database" ]; + }; }; }; diff --git a/machines/nginx.nix b/machines/nginx.nix deleted file mode 100644 index e5c7544..0000000 --- a/machines/nginx.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, pkgs, ... }: { - imports = [ ../common ../common/lxc.nix ]; - networking.hostName = "nginx"; - system.stateVersion = "21.11"; - networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - services.nginx.enable = true; - services.nginx.package = pkgs.nginxMainline; - -} diff --git a/machines/nginx/default.nix b/machines/nginx/default.nix new file mode 100644 index 0000000..28a29f1 --- /dev/null +++ b/machines/nginx/default.nix @@ -0,0 +1,28 @@ +{ config, pkgs, ... }: { + imports = [ ../../common ../../common/lxc.nix ]; + networking.hostName = "nginx"; + system.stateVersion = "21.11"; + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + package = pkgs.nginxMainline; + virtualHosts."asraphiel.dev" = { + forceSSL = true; + http2 = true; + enableACME = true; + root = "/etc/main"; + }; + }; + security.acme.email = "acme@voidcorp.nl"; + security.acme.acceptTerms = true; + environment.etc."main/index.html" = { + enable = true; + source = ./index.html; + }; + +} diff --git a/machines/nginx/index.html b/machines/nginx/index.html new file mode 100644 index 0000000..81d8005 --- /dev/null +++ b/machines/nginx/index.html @@ -0,0 +1,25 @@ + + + +
+There's absolutely nothing here for now...
+I'm working on it trust me!
+ + + \ No newline at end of file diff --git a/machines/postgres/default.nix b/machines/postgres/default.nix new file mode 100644 index 0000000..f0a4e4b --- /dev/null +++ b/machines/postgres/default.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: { + imports = [ ../../common ../../common/lxc.nix ]; + networking.hostName = "postgres"; + system.stateVersion = "21.11"; + + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ 5432 ]; + + services.postgresql = { + enable = true; + # yes scuffed, but technically lxd can do whatever with the ip's it gives + authentication = "host all all 10.0.0.0/24 trust"; + ensureDatabases = [ "gitea" ]; + ensureUsers = [{ + name = "gitea"; + ensurePermissions = { "DATABASE \"gitea\"" = "ALL PRIVILEGES"; }; + }]; + enableTCPIP = true; + }; +}