ashe
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refactor flake to be cleaner at top level

Browse Source
main
Ashelyn Rose 8 months ago
parent 05950b07b6
commit f89c6ccf07
7 changed files with 108 additions and 101 deletions
Show Stats Download Patch File Download Diff File

106
flake.nix
Unescape Escape View File

@ -31,92 +31,9 @@
gotosocial.nixosModule
drowning.nixosModule
({ pkgs, ...}: {
networking.firewall.allowedTCPPorts = [ 80 443 ];
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
services.nginx.enable = true;
services.nginx.recommendedProxySettings = true;
services.nginx.appendHttpConfig = ''
types {
text/plain wat;
text/plain glsl;
}
'';
security.acme.acceptTerms = true;
security.acme.defaults.email = "acme@tempest.dev";
ashe.services."ashen.earth".enable = true;
ashe.services."ashen.earth".domain = "ashen.earth";
ashe.services.tmpfiles.enable = true;
ashe.services.tmpfiles.domain = "files.tempest.dev";
ashe.services.tmpfiles.port = 4441;
ashe.services."tempest.dev".enable = true;
ashe.services."tempest.dev".domain = "tempest.dev";
ashe.services."tempest.dev".port = 4442;
ashe.services.tempest-secret.enable = true;
ashe.services.tempest-secret.domain = "tempest.dev";
ashe.services.tempest-secret.path = "/secret";
ashe.services.tempest-secret.port = 4443;
ashe.services.tempest-api-contact.enable = true;
ashe.services.tempest-api-contact.domain = "contact.tempest.dev";
ashe.services.tempest-api-contact.configFile = "/etc/tempest/contact.json";
ashe.services.tempest-api-contact.port = 4444;
ashe.services.social.enable = true;
ashe.services.social.appDomain = "social.tempest.dev";
ashe.services.social.accountDomain = "tempest.dev";
ashe.services.social.port = 4445;
ashe.services.drowning.enable = true;
ashe.services.drowning.domain = "drowning.ashen.earth";
services.nginx.virtualHosts."static.tempest.dev" = {
root = "/var/www/static";
forceSSL = true;
enableACME = true;
locations."/" = {
extraConfig = ''
if ($request_method = GET) {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Methods "GET, OPTIONS";
add_header Access-Control-Allow-Headers "origin, accept, range";
}
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Methods "GET, OPTIONS";
add_header Access-Control-Allow-Headers "origin, accept, range";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 204;
}
'';
};
};
services.nginx.virtualHosts."phantomthieves.net" = {
locations."/" = { proxyPass = "http://necronomicon.tempest.local:4000"; };
forceSSL = true;
enableACME = true;
};
services.nginx.virtualHosts."forum.phantomthieves.net" = {
locations."/" = { proxyPass = "http://melete.tempest.local:8999"; };
forceSSL = true;
enableACME = true;
};
})
./hosts/nyx/include/nginx.nix
./hosts/nyx/include/services.nix
./hosts/nyx/include/proxy.nix
];
};
@ -125,21 +42,8 @@
modules = [
./hosts/hemera/configuration.nix
private.nixosModules.hemera
({ config, pkgs, ...}: {
services.nix-serve = {
enable = true;
secretKeyFile = "/etc/tempest/bincache/key-priv.pem";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts."hemera.tempest.local" = {
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
})
./hosts/hemera/include/nginx.nix
./hosts/hemera/include/nix-serve.nix
];
};
};

6
hosts/hemera/include/nginx.nix
Unescape Escape View File

@ -0,0 +1,6 @@
{ config, pkgs, ...}: {
services.nginx = {
enable = true;
recommendedProxySettings = true;
};
}

10
hosts/hemera/include/nix-serve.nix
Unescape Escape View File

@ -0,0 +1,10 @@
{ config, pkgs, ... }: {
services.nix-serve = {
enable = true;
secretKeyFile = "/etc/tempest/bincache/key-priv.pem";
};
services.nginx.virtualHosts."hemera.tempest.local" = {
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
}

4
hosts/nyx/configuration.nix
Unescape Escape View File

@ -22,6 +22,9 @@
"hemera.tempest.local:Tb4edCxlB4YNGJNnVYrpNkTmG82tCChVNXdes33y2kY="
];
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
networking.extraHosts = ''
100.104.209.75 hemera hemera.tempest.local
100.64.81.74 necronomicon necronomicon.tempest.local
@ -46,6 +49,7 @@
ashe.network.prefix = 16;
ashe.network.gateway = "104.168.218.1";
ashe.network.nameservers = [ "8.8.8.8" ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).

40
hosts/nyx/include/nginx.nix
Unescape Escape View File

@ -0,0 +1,40 @@
{ config, pkgs, ...}: {
security.acme.acceptTerms = true;
security.acme.defaults.email = "acme@tempest.dev";
services.nginx.enable = true;
services.nginx.recommendedProxySettings = true;
services.nginx.appendHttpConfig = ''
types {
text/plain wat;
text/plain glsl;
}
'';
services.nginx.virtualHosts."static.tempest.dev" = {
root = "/var/www/static";
forceSSL = true;
enableACME = true;
locations."/" = {
extraConfig = ''
if ($request_method = GET) {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Methods "GET, OPTIONS";
add_header Access-Control-Allow-Headers "origin, accept, range";
}
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Methods "GET, OPTIONS";
add_header Access-Control-Allow-Headers "origin, accept, range";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 204;
}
'';
};
};
}

13
hosts/nyx/include/proxy.nix
Unescape Escape View File

@ -0,0 +1,13 @@
{ config, pkgs, ...}: {
services.nginx.virtualHosts."phantomthieves.net" = {
locations."/" = { proxyPass = "http://necronomicon.tempest.local:4000"; };
forceSSL = true;
enableACME = true;
};
services.nginx.virtualHosts."forum.phantomthieves.net" = {
locations."/" = { proxyPass = "http://melete.tempest.local:8999"; };
forceSSL = true;
enableACME = true;
};
}

30
hosts/nyx/include/services.nix
Unescape Escape View File

@ -0,0 +1,30 @@
{ config, pkgs, ...}: {
ashe.services."ashen.earth".enable = true;
ashe.services."ashen.earth".domain = "ashen.earth";
ashe.services.tmpfiles.enable = true;
ashe.services.tmpfiles.domain = "files.tempest.dev";
ashe.services.tmpfiles.port = 4441;
ashe.services."tempest.dev".enable = true;
ashe.services."tempest.dev".domain = "tempest.dev";
ashe.services."tempest.dev".port = 4442;
ashe.services.tempest-secret.enable = true;
ashe.services.tempest-secret.domain = "tempest.dev";
ashe.services.tempest-secret.path = "/secret";
ashe.services.tempest-secret.port = 4443;
ashe.services.tempest-api-contact.enable = true;
ashe.services.tempest-api-contact.domain = "contact.tempest.dev";
ashe.services.tempest-api-contact.configFile = "/etc/tempest/contact.json";
ashe.services.tempest-api-contact.port = 4444;
ashe.services.social.enable = true;
ashe.services.social.appDomain = "social.tempest.dev";
ashe.services.social.accountDomain = "tempest.dev";
ashe.services.social.port = 4445;
ashe.services.drowning.enable = true;
ashe.services.drowning.domain = "drowning.ashen.earth";
}
Write Preview
Loading…
Cancel
Save