matemat: 🎆 init

2021-03-06 01:13:27 +01:00 · 2021-03-06 01:13:27 +01:00 · b26478db13
parent fca9a7f859
commit b26478db13
4 changed files with 64 additions and 5 deletions
--- a/flake.lock
+++ b/flake.lock
@ -34,7 +34,8 @@
      "inputs": {
        "nixos-hardware": "nixos-hardware",
        "nixpkgs": "nixpkgs",
-        "secrets": "secrets"
+        "secrets": "secrets",
+        "yammat": "yammat"
      }
    },
    "secrets": {
@ -51,6 +52,23 @@
        "type": "git",
        "url": "ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git"
      }
+    },
+    "yammat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1607031946,
+        "narHash": "sha256-pFHSzcyJwn6c2LUHdZ1TZDAgYmEXtNtYcnjgcBBLCGE=",
+        "ref": "nix",
+        "rev": "68507c174ab506d1704b95b3168c4023790ee124",
+        "revCount": 387,
+        "type": "git",
+        "url": "https://gitea.c3d2.de/astro/yammat.git"
+      },
+      "original": {
+        "ref": "nix",
+        "type": "git",
+        "url": "https://gitea.c3d2.de/astro/yammat.git"
+      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -4,9 +4,11 @@
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/release-20.09";
    secrets.url = "git+ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git";
+    yammat.url = "git+https://gitea.c3d2.de/astro/yammat.git?ref=nix";
+    yammat.flake = false;
  };

-  outputs = { self, nixpkgs, secrets, nixos-hardware }:
+  outputs = { self, nixpkgs, secrets, nixos-hardware, yammat }:
    let
      forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ];

@ -63,6 +65,8 @@
          yggdrasil-nixos-rebuild = mkDeploy "yggdrasil" "172.20.72.62";

          freifunk-nixos-rebuild = mkDeploy "freifunk" "freifunk.core.zentralwerk.org";
+
+          matemat-nixos-rebuild = mkDeploy "matemat" hostRegistry.hosts.matemat.ip4;
        });

      nixosConfigurations = let
@ -131,9 +135,17 @@
          system = "x86_64-linux";
        };

+        matemat = nixosSystem' {
+          modules = [
+            ./lib/lxc-container.nix
+            ./hosts/containers/matemat
+            "${yammat}/nixos-module.nix"
+          ];
+          system = "x86_64-linux";
+        };
+
      };

      nixosModules.c3d2 = import ./lib;
-
    };
 }
--- a/host-registry.nix
+++ b/host-registry.nix
@ -77,6 +77,10 @@ rec {
      ip4 = "172.20.72.40";
      ip6 = "2a02:8106:208:5281:8000::1";
    };
+    matemat = {
+      ip4 = "172.22.99.133";
+      ip6 = "2a02:8106:208:5201:f82b:1bff:fedc:8572";
+    };
  };

  hqGlobal = builtins.attrNames hosts;
--- a/hosts/containers/matemat/default.nix
+++ b/hosts/containers/matemat/default.nix
@ -1,4 +1,29 @@
-{ ... }:
+{ lib, ... }:
 {
-  c3d2 = { isInHq = true; };
+  c3d2 = {
+    isInHq = true;
+    hq.interface = "eth0";
+  };
+  networking = {
+    hostName = "matemat";
+    interfaces.eth0.useDHCP = lib.mkForce true;
+    firewall.allowedTCPPorts = [ 80 443 ];
+  };
+
+  services.yammat.enable = true;
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    virtualHosts."matemat.hq.c3d2.de" = {
+      default = true;
+      forceSSL = true;
+      enableACME = true;
+      locations."/".proxyPass = "http://localhost:3000";
+    };
+  };
+  security.acme = {
+    acceptTerms = true;
+    email = "mail@c3d2.de";
+  };
 }