Nginx landing page and postgres
This commit is contained in:
parent
834b5350bf
commit
1f8bfa1136
|
@ -4,6 +4,6 @@ This is my nix infrastructure that runs on my strato server.
|
|||
## nixos image
|
||||
To get a basic nixos image use `nix build .#register`.
|
||||
|
||||
Afterwards you can import it into lxd using `lxc image import ./result/metadata.tar.xz ./result/lxc.tar.xz --alias nixos`
|
||||
Afterwards you can import it into lxd using `lxc image import ./result/metadata.tar.xz ./result/lxc.tar.xz security.nesting=true --alias nixos`
|
||||
|
||||
You can then use `lxc launch nixos $name$` to make a new lxc container and start it.
|
||||
|
|
|
@ -8,4 +8,6 @@
|
|||
];
|
||||
boot.isContainer = true;
|
||||
|
||||
fileSystems."/run/keys" = { fsType = "tmpfs"; };
|
||||
|
||||
}
|
||||
|
|
17
flake.nix
17
flake.nix
|
@ -48,13 +48,18 @@
|
|||
colmena = {
|
||||
meta = { nixpkgs = import nixpkgs { system = "x86_64-linux"; }; };
|
||||
nginx = {
|
||||
imports = [ ./machines/nginx.nix ];
|
||||
deployment.targetHost = "10.21.150.250";
|
||||
imports = [ ./machines/nginx ];
|
||||
deployment = {
|
||||
targetHost = "nginx.lxd";
|
||||
tags = [ "website" ];
|
||||
};
|
||||
};
|
||||
postgres = {
|
||||
imports = [ ./machines/postgres ];
|
||||
deployment = {
|
||||
targetHost = "postgres.lxd";
|
||||
tags = [ "database" ];
|
||||
};
|
||||
|
||||
nginx2 = {
|
||||
imports = [ ./machines/nginx.nix ];
|
||||
deployment.targetHost = "10.21.150.95";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -1,10 +0,0 @@
|
|||
{ config, pkgs, ... }: {
|
||||
imports = [ ../common ../common/lxc.nix ];
|
||||
networking.hostName = "nginx";
|
||||
system.stateVersion = "21.11";
|
||||
networking.firewall.enable = true;
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
services.nginx.enable = true;
|
||||
services.nginx.package = pkgs.nginxMainline;
|
||||
|
||||
}
|
28
machines/nginx/default.nix
Normal file
28
machines/nginx/default.nix
Normal file
|
@ -0,0 +1,28 @@
|
|||
{ config, pkgs, ... }: {
|
||||
imports = [ ../../common ../../common/lxc.nix ];
|
||||
networking.hostName = "nginx";
|
||||
system.stateVersion = "21.11";
|
||||
networking.firewall.enable = true;
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
package = pkgs.nginxMainline;
|
||||
virtualHosts."asraphiel.dev" = {
|
||||
forceSSL = true;
|
||||
http2 = true;
|
||||
enableACME = true;
|
||||
root = "/etc/main";
|
||||
};
|
||||
};
|
||||
security.acme.email = "acme@voidcorp.nl";
|
||||
security.acme.acceptTerms = true;
|
||||
environment.etc."main/index.html" = {
|
||||
enable = true;
|
||||
source = ./index.html;
|
||||
};
|
||||
|
||||
}
|
25
machines/nginx/index.html
Normal file
25
machines/nginx/index.html
Normal file
|
@ -0,0 +1,25 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<title>Julius' meme corner</title>
|
||||
<style>
|
||||
html {
|
||||
color-scheme: light dark;
|
||||
}
|
||||
|
||||
body {
|
||||
width: 35em;
|
||||
margin: 0 auto;
|
||||
font-family: Tahoma, Verdana, Arial, sans-serif;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<h1>Welcome to my site!</h1>
|
||||
<p>There's absolutely nothing here for now...</p>
|
||||
<p>I'm working on it trust me!</p>
|
||||
</body>
|
||||
|
||||
</html>
|
20
machines/postgres/default.nix
Normal file
20
machines/postgres/default.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{ config, pkgs, ... }: {
|
||||
imports = [ ../../common ../../common/lxc.nix ];
|
||||
networking.hostName = "postgres";
|
||||
system.stateVersion = "21.11";
|
||||
|
||||
networking.firewall.enable = true;
|
||||
networking.firewall.allowedTCPPorts = [ 5432 ];
|
||||
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
# yes scuffed, but technically lxd can do whatever with the ip's it gives
|
||||
authentication = "host all all 10.0.0.0/24 trust";
|
||||
ensureDatabases = [ "gitea" ];
|
||||
ensureUsers = [{
|
||||
name = "gitea";
|
||||
ensurePermissions = { "DATABASE \"gitea\"" = "ALL PRIVILEGES"; };
|
||||
}];
|
||||
enableTCPIP = true;
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue