nix-config/hosts/matemat/default.nix

{ config, lib, libC, pkgs, ... }:

{
  c3d2.deployment.server = "server10";

  microvm.mem = 2 * 1024;

  networking.hostName = "matemat";

  services = {
    nginx = {
      enable = true;
      virtualHosts."matemat.hq.c3d2.de" = {
        default = true;
        forceSSL = true;
        enableACME = true;
        locations."/" = {
          proxyPass = "http://localhost:3000";
          extraConfig = libC.hqNetworkOnly + ''
            auth_basic secured;
            auth_basic_user_file ${config.sops.secrets."nginx/basic-auth".path};
          '';
        };
      };
    };

    postgresql = {
      package = pkgs.postgresql_15;
      upgrade.stopServices = [ "yammat" ];
    };

    yammat = {
      enable = true;
      config = lib.mkOptionDefault ''
        copyright_link: "https://gitea.c3d2.de/c3d2/yammat"
      '';
    };
  };

  programs.msmtp = {
    enable = true;
    accounts.default = {
      host = "mail.c3d2.de";
      port = 587;
      tls = true;
      tls_starttls = true;
      auth = false;
      domain = "matemat.hq.c3d2.de";
      from = "nek0@c3d2.de";
    };
  };

  sops = {
    defaultSopsFile = ./secrets.yaml;
    secrets = {
      "nginx/basic-auth".owner = "nginx";
      "restic/password".owner = "root";
      "restic/repositories/server8".owner = "root";
    };
  };

  system.stateVersion = "22.05";
}
Move nginx allow only hq network to lib 2023-05-25 22:17:51 +02:00			`{ config, lib, libC, pkgs, ... }:`
Migrate matemat into microvm 2022-06-17 21:27:38 +02:00
lib/default-gateway.nix: set only when running without systemd-networkd this would need GatewayOnLink=yes for the route on the interface 2021-03-06 01:10:53 +01:00			`{`
Default microvm mounts to etc, home, var; random cleanups 2022-12-18 22:16:29 +01:00			`c3d2.deployment.server = "server10";`
grafana, matemat, spaceapi: enable autoUpdate 2022-01-12 01:46:13 +01:00
Increase matemat RAM 2022-06-19 11:32:48 +02:00			`microvm.mem = 2 * 1024;`
matemat needs more memory 2022-06-18 21:29:09 +02:00
Handle nginx open firewall by nixos-modules 2022-12-20 04:31:37 +01:00			`networking.hostName = "matemat";`
matemat: 🎆 init 2021-03-06 01:13:27 +01:00
Migrate matemat into microvm 2022-06-17 21:27:38 +02:00			`services = {`
			`nginx = {`
			`enable = true;`
			`virtualHosts."matemat.hq.c3d2.de" = {`
			`default = true;`
			`forceSSL = true;`
			`enableACME = true;`
			`locations."/" = {`
			`proxyPass = "http://localhost:3000";`
matemat: add basic auth back 2023-07-05 23:28:37 +02:00			`extraConfig = libC.hqNetworkOnly + ''`
			`auth_basic secured;`
			`auth_basic_user_file ${config.sops.secrets."nginx/basic-auth".path};`
			`'';`
Migrate matemat into microvm 2022-06-17 21:27:38 +02:00			`};`
matemat: add auth 2021-03-06 02:28:46 +01:00			`};`
matemat: 🎆 init 2021-03-06 01:13:27 +01:00			`};`
Upgrade postgres 2023-01-07 02:00:15 +01:00
Bump matemat 2023-02-12 19:52:55 +01:00			`postgresql = {`
			`package = pkgs.postgresql_15;`
			`upgrade.stopServices = [ "yammat" ];`
			`};`
Upgrade postgres 2023-01-07 02:00:15 +01:00
Bump matemat 2023-02-12 19:52:55 +01:00			`yammat = {`
			`enable = true;`
			`config = lib.mkOptionDefault ''`
			`copyright_link: "https://gitea.c3d2.de/c3d2/yammat"`
			`'';`
			`};`
matemat: 🎆 init 2021-03-06 01:13:27 +01:00			`};`
ssmtp for matemat 2021-03-06 20:59:08 +01:00
matemat: replace ssmtp with msmtp for nixos-22.05 2022-05-31 18:19:34 +02:00			`programs.msmtp = {`
ssmtp for matemat 2021-03-06 20:59:08 +01:00			`enable = true;`
matemat: replace ssmtp with msmtp for nixos-22.05 2022-05-31 18:19:34 +02:00			`accounts.default = {`
			`host = "mail.c3d2.de";`
			`port = 587;`
			`tls = true;`
			`tls_starttls = true;`
			`auth = false;`
			`domain = "matemat.hq.c3d2.de";`
			`from = "nek0@c3d2.de";`
rewrite hostname to satisfy helo restrictions 2021-04-30 10:36:37 +02:00			`};`
ssmtp for matemat 2021-03-06 20:59:08 +01:00			`};`
Default microvm mounts to etc, home, var; random cleanups 2022-12-18 22:16:29 +01:00
Migrate secrets to sops 2022-12-26 23:18:02 +01:00			`sops = {`
			`defaultSopsFile = ./secrets.yaml;`
Add hydra and matemat backup credentials 2023-05-16 18:51:41 +02:00			`secrets = {`
			`"nginx/basic-auth".owner = "nginx";`
Use options for restic backups 2023-05-18 01:55:16 +02:00			`"restic/password".owner = "root";`
Rename repository 2023-08-09 00:36:09 +02:00			`"restic/repositories/server8".owner = "root";`
Add hydra and matemat backup credentials 2023-05-16 18:51:41 +02:00			`};`
Migrate secrets to sops 2022-12-26 23:18:02 +01:00			`};`

Default microvm mounts to etc, home, var; random cleanups 2022-12-18 22:16:29 +01:00			`system.stateVersion = "22.05";`
lib/default-gateway.nix: set only when running without systemd-networkd this would need GatewayOnLink=yes for the route on the interface 2021-03-06 01:10:53 +01:00			`}`