Nginx landing page and postgres
This commit is contained in:
parent
834b5350bf
commit
1f8bfa1136
|
@ -4,6 +4,6 @@ This is my nix infrastructure that runs on my strato server.
|
||||||
## nixos image
|
## nixos image
|
||||||
To get a basic nixos image use `nix build .#register`.
|
To get a basic nixos image use `nix build .#register`.
|
||||||
|
|
||||||
Afterwards you can import it into lxd using `lxc image import ./result/metadata.tar.xz ./result/lxc.tar.xz --alias nixos`
|
Afterwards you can import it into lxd using `lxc image import ./result/metadata.tar.xz ./result/lxc.tar.xz security.nesting=true --alias nixos`
|
||||||
|
|
||||||
You can then use `lxc launch nixos $name$` to make a new lxc container and start it.
|
You can then use `lxc launch nixos $name$` to make a new lxc container and start it.
|
||||||
|
|
|
@ -8,4 +8,6 @@
|
||||||
];
|
];
|
||||||
boot.isContainer = true;
|
boot.isContainer = true;
|
||||||
|
|
||||||
|
fileSystems."/run/keys" = { fsType = "tmpfs"; };
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
17
flake.nix
17
flake.nix
|
@ -48,13 +48,18 @@
|
||||||
colmena = {
|
colmena = {
|
||||||
meta = { nixpkgs = import nixpkgs { system = "x86_64-linux"; }; };
|
meta = { nixpkgs = import nixpkgs { system = "x86_64-linux"; }; };
|
||||||
nginx = {
|
nginx = {
|
||||||
imports = [ ./machines/nginx.nix ];
|
imports = [ ./machines/nginx ];
|
||||||
deployment.targetHost = "10.21.150.250";
|
deployment = {
|
||||||
|
targetHost = "nginx.lxd";
|
||||||
|
tags = [ "website" ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
postgres = {
|
||||||
nginx2 = {
|
imports = [ ./machines/postgres ];
|
||||||
imports = [ ./machines/nginx.nix ];
|
deployment = {
|
||||||
deployment.targetHost = "10.21.150.95";
|
targetHost = "postgres.lxd";
|
||||||
|
tags = [ "database" ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,10 +0,0 @@
|
||||||
{ config, pkgs, ... }: {
|
|
||||||
imports = [ ../common ../common/lxc.nix ];
|
|
||||||
networking.hostName = "nginx";
|
|
||||||
system.stateVersion = "21.11";
|
|
||||||
networking.firewall.enable = true;
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
||||||
services.nginx.enable = true;
|
|
||||||
services.nginx.package = pkgs.nginxMainline;
|
|
||||||
|
|
||||||
}
|
|
28
machines/nginx/default.nix
Normal file
28
machines/nginx/default.nix
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
{ config, pkgs, ... }: {
|
||||||
|
imports = [ ../../common ../../common/lxc.nix ];
|
||||||
|
networking.hostName = "nginx";
|
||||||
|
system.stateVersion = "21.11";
|
||||||
|
networking.firewall.enable = true;
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
recommendedOptimisation = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
package = pkgs.nginxMainline;
|
||||||
|
virtualHosts."asraphiel.dev" = {
|
||||||
|
forceSSL = true;
|
||||||
|
http2 = true;
|
||||||
|
enableACME = true;
|
||||||
|
root = "/etc/main";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
security.acme.email = "acme@voidcorp.nl";
|
||||||
|
security.acme.acceptTerms = true;
|
||||||
|
environment.etc."main/index.html" = {
|
||||||
|
enable = true;
|
||||||
|
source = ./index.html;
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
25
machines/nginx/index.html
Normal file
25
machines/nginx/index.html
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
|
||||||
|
<head>
|
||||||
|
<title>Julius' meme corner</title>
|
||||||
|
<style>
|
||||||
|
html {
|
||||||
|
color-scheme: light dark;
|
||||||
|
}
|
||||||
|
|
||||||
|
body {
|
||||||
|
width: 35em;
|
||||||
|
margin: 0 auto;
|
||||||
|
font-family: Tahoma, Verdana, Arial, sans-serif;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<h1>Welcome to my site!</h1>
|
||||||
|
<p>There's absolutely nothing here for now...</p>
|
||||||
|
<p>I'm working on it trust me!</p>
|
||||||
|
</body>
|
||||||
|
|
||||||
|
</html>
|
20
machines/postgres/default.nix
Normal file
20
machines/postgres/default.nix
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
{ config, pkgs, ... }: {
|
||||||
|
imports = [ ../../common ../../common/lxc.nix ];
|
||||||
|
networking.hostName = "postgres";
|
||||||
|
system.stateVersion = "21.11";
|
||||||
|
|
||||||
|
networking.firewall.enable = true;
|
||||||
|
networking.firewall.allowedTCPPorts = [ 5432 ];
|
||||||
|
|
||||||
|
services.postgresql = {
|
||||||
|
enable = true;
|
||||||
|
# yes scuffed, but technically lxd can do whatever with the ip's it gives
|
||||||
|
authentication = "host all all 10.0.0.0/24 trust";
|
||||||
|
ensureDatabases = [ "gitea" ];
|
||||||
|
ensureUsers = [{
|
||||||
|
name = "gitea";
|
||||||
|
ensurePermissions = { "DATABASE \"gitea\"" = "ALL PRIVILEGES"; };
|
||||||
|
}];
|
||||||
|
enableTCPIP = true;
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue