c3d2/nix-config
c3d2
/
nix-config
23
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

c3d2-web: cleanup

This commit is contained in:
Sandro - 2023-07-24 21:47:31 +02:00
parent 1c1131f86a
commit 000007c9e4
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
1 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
hosts/c3d2-web/default.nix
View File

@ -1,12 +1,11 @@
{ config, hostRegistry, lib, pkgs, ... }: { config, hostRegistry, lib, pkgs, ... }:
let
webroot = "/var/www";
in
{ {
microvm = { microvm = {
vcpu = 4; vcpu = 4;
mem = 2 * 1024; # drone-ssh-runner clones the git repo which requires some RAM mem = 2 * 1024; # drone-ssh-runner clones the git repo which requires some RAM
}; };
c3d2.deployment = { c3d2.deployment = {
# /tmp is to small for drone to clone the repo even with depth # /tmp is to small for drone to clone the repo even with depth
mounts = lib.mkOptionDefault [ "tmp" ]; mounts = lib.mkOptionDefault [ "tmp" ];
@ -15,13 +14,15 @@ in
system.stateVersion = "22.05"; system.stateVersion = "22.05";
networking.hostName = "c3d2-web"; networking = {
networking.firewall.allowedTCPPorts = [ hostName = "c3d2-web";
# telme10 firewall.allowedTCPPorts = [
23 # telme10
# gemini 23
1965 # gemini
]; 1965
];
};
security.acme.certs = { security.acme.certs = {
# agate cannot load modern crypto like "ec256" keys # agate cannot load modern crypto like "ec256" keys
@ -42,7 +43,7 @@ in
]; ];
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
root = "${webroot}/c3d2"; root = "/var/www/c3d2";
extraConfig = '' extraConfig = ''
index portal.html index.html; index portal.html index.html;
''; '';
@ -87,7 +88,7 @@ in
]; ];
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
root = "${webroot}/c3d2/datenspuren"; root = "/var/www/c3d2/datenspuren";
extraConfig = '' extraConfig = ''
index index.html; index index.html;
rewrite ^/$ /2023/ redirect; rewrite ^/$ /2023/ redirect;
@ -99,7 +100,7 @@ in
"autotopia.c3d2.de" = { "autotopia.c3d2.de" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
root = "${webroot}/c3d2/autotopia"; root = "/var/www/c3d2/autotopia";
extraConfig = '' extraConfig = ''
index index.html; index index.html;
rewrite ^/$ /2020/ redirect; rewrite ^/$ /2020/ redirect;
@ -118,6 +119,7 @@ in
}; };
}; };
}; };
# Gemini server # Gemini server
services.agate = { services.agate = {
enable = true; enable = true;
@ -218,7 +220,7 @@ in
}; };
systemd.tmpfiles.rules = with config.users.users.c3d2-web; [ systemd.tmpfiles.rules = with config.users.users.c3d2-web; [
"d ${webroot}/c3d2 0755 c3d2-web ${group} -" "d /var/www/c3d2 0755 c3d2-web ${group} -"
"d ${config.services.agate.contentDir} 0755 c3d2-web ${group} -" "d ${config.services.agate.contentDir} 0755 c3d2-web ${group} -"
"d ${home} 0700 c3d2-web ${group} -" "d ${home} 0700 c3d2-web ${group} -"
]; ];