diff --git a/hosts/c3d2-web/default.nix b/hosts/c3d2-web/default.nix index 60149998..fe073550 100644 --- a/hosts/c3d2-web/default.nix +++ b/hosts/c3d2-web/default.nix @@ -1,12 +1,11 @@ { config, hostRegistry, lib, pkgs, ... }: -let - webroot = "/var/www"; -in + { microvm = { vcpu = 4; mem = 2 * 1024; # drone-ssh-runner clones the git repo which requires some RAM }; + c3d2.deployment = { # /tmp is to small for drone to clone the repo even with depth mounts = lib.mkOptionDefault [ "tmp" ]; @@ -15,13 +14,15 @@ in system.stateVersion = "22.05"; - networking.hostName = "c3d2-web"; - networking.firewall.allowedTCPPorts = [ - # telme10 - 23 - # gemini - 1965 - ]; + networking = { + hostName = "c3d2-web"; + firewall.allowedTCPPorts = [ + # telme10 + 23 + # gemini + 1965 + ]; + }; security.acme.certs = { # agate cannot load modern crypto like "ec256" keys @@ -42,7 +43,7 @@ in ]; enableACME = true; forceSSL = true; - root = "${webroot}/c3d2"; + root = "/var/www/c3d2"; extraConfig = '' index portal.html index.html; ''; @@ -87,7 +88,7 @@ in ]; enableACME = true; forceSSL = true; - root = "${webroot}/c3d2/datenspuren"; + root = "/var/www/c3d2/datenspuren"; extraConfig = '' index index.html; rewrite ^/$ /2023/ redirect; @@ -99,7 +100,7 @@ in "autotopia.c3d2.de" = { enableACME = true; forceSSL = true; - root = "${webroot}/c3d2/autotopia"; + root = "/var/www/c3d2/autotopia"; extraConfig = '' index index.html; rewrite ^/$ /2020/ redirect; @@ -118,6 +119,7 @@ in }; }; }; + # Gemini server services.agate = { enable = true; @@ -218,7 +220,7 @@ in }; systemd.tmpfiles.rules = with config.users.users.c3d2-web; [ - "d ${webroot}/c3d2 0755 c3d2-web ${group} -" + "d /var/www/c3d2 0755 c3d2-web ${group} -" "d ${config.services.agate.contentDir} 0755 c3d2-web ${group} -" "d ${home} 0700 c3d2-web ${group} -" ];