forked from c3d2/nix-config
c3d2-web: microvmify, fix
This commit is contained in:
parent
052ca33816
commit
f45e3371a4
|
@ -579,7 +579,7 @@
|
|||
c3d2-web = nixosSystem' {
|
||||
modules = [
|
||||
{ _module.args = { inherit nixpkgs; }; }
|
||||
./config/lxc-container.nix
|
||||
self.nixosModules.microvm
|
||||
./hosts/containers/c3d2-web
|
||||
{ nixpkgs.overlays = [ secrets.overlays.c3d2-web ]; }
|
||||
];
|
||||
|
|
|
@ -5,15 +5,13 @@ let
|
|||
deployCommand = "${pkgs.systemd}/bin/systemctl start deploy-c3d2-web.service";
|
||||
in
|
||||
{
|
||||
c3d2.deployment = {
|
||||
server = "server10";
|
||||
mounts = [ "etc" "home" "var"];
|
||||
};
|
||||
boot.tmpOnTmpfs = true;
|
||||
# Network setup
|
||||
networking.hostName = "c3d2-web";
|
||||
networking.useNetworkd = true;
|
||||
networking.interfaces.eth0.ipv4.addresses = [{
|
||||
address = config.c3d2.hosts."${config.networking.hostName}".ip4;
|
||||
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
|
||||
}];
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
# http/https
|
||||
80 443
|
||||
|
@ -161,11 +159,14 @@ in
|
|||
# Build at least once
|
||||
touch ${config.users.users.c3d2-web.home}/deploy-pending
|
||||
|
||||
TEMP=$(mktemp -d)
|
||||
cd $TEMP
|
||||
|
||||
git clone --depth=1 https://gitea.c3d2.de/c3d2/c3d2-web.git
|
||||
cd c3d2-web
|
||||
if [ ! -d c3d2-web ]; then
|
||||
git clone --depth=1 https://gitea.c3d2.de/c3d2/c3d2-web.git
|
||||
cd c3d2-web
|
||||
else
|
||||
cd c3d2-web
|
||||
git fetch origin
|
||||
git reset --hard origin/master
|
||||
fi
|
||||
|
||||
# Loop in case the webhook was called while we were building
|
||||
while [ -e ${config.users.users.c3d2-web.home}/deploy-pending ]; do
|
||||
|
@ -230,7 +231,8 @@ in
|
|||
Group = config.users.users.c3d2-web.group;
|
||||
PrivateTmp = true;
|
||||
ProtectSystem = "full";
|
||||
ReadWritePaths = webroot;
|
||||
WorkingDirectory = config.users.users.c3d2-web.home;
|
||||
ReadWritePaths = [ webroot config.users.users.c3d2-web.home ];
|
||||
};
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in New Issue