From d782f28bec87b7a12fa32e8cacb7210288e92e6e Mon Sep 17 00:00:00 2001 From: Moritz 'e1mo' Fromm Date: Sun, 11 Dec 2022 12:19:04 +0100 Subject: [PATCH] Extract extract services to services directory That way we can deploy them both on dev and prod hosts and just need to change the `baseDomain` to differentiate. --- flake.nix | 4 ---- hosts/shirley/configuration.nix | 24 +++++------------------- {hosts/shirley => services}/mumble.nix | 1 - services/website.nix | 18 ++++++++++++++++++ 4 files changed, 23 insertions(+), 24 deletions(-) rename {hosts/shirley => services}/mumble.nix (99%) create mode 100644 services/website.nix diff --git a/flake.nix b/flake.nix index a32daf2..1a2d777 100644 --- a/flake.nix +++ b/flake.nix @@ -20,9 +20,6 @@ nixpkgs.overlays = [ overlay ]; _module.args = { inherit nixpkgs; - # TODO: Change when going to production - # Not sure if this is the best way to do this - baseDomain = "dev.chaos.jetzt"; }; } ]; @@ -58,6 +55,5 @@ overlays.default = overlay; legacyPackages.x86_64-linux = pkgs; - }; } diff --git a/hosts/shirley/configuration.nix b/hosts/shirley/configuration.nix index ac2152a..afefcbd 100644 --- a/hosts/shirley/configuration.nix +++ b/hosts/shirley/configuration.nix @@ -1,7 +1,10 @@ -{ lib, pkgs, config, baseDomain, ... }: { +{ pkgs, baseDomain, ... }: { + _module.args.baseDomain = "dev.chaos.jetzt"; + imports = [ ./hardware-config.nix - ./mumble.nix + ../../services/mumble.nix + ../../services/website.nix ]; system.stateVersion = "23.05"; @@ -16,21 +19,4 @@ networking.defaultGateway = { address = "172.31.1.1"; interface = "ens3"; }; networking.defaultGateway6 = { address = "fe80::1"; interface = "ens3"; }; networking.nameservers = [ "213.133.98.98" "213.133.99.99" "213.133.100.100" ]; - - services.nginx = { - enable = true; - enableReload = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - virtualHosts.${baseDomain} = { - default = true; - enableACME = true; - forceSSL = true; - # TODO: Change this to be deployed by some sort of CI + rsync so we don't need to always update the package version - locations."/".root = pkgs.chaos-jetzt-website-pelican; - }; - }; } diff --git a/hosts/shirley/mumble.nix b/services/mumble.nix similarity index 99% rename from hosts/shirley/mumble.nix rename to services/mumble.nix index a4454cd..244565a 100644 --- a/hosts/shirley/mumble.nix +++ b/services/mumble.nix @@ -1,5 +1,4 @@ { config, baseDomain, lib, ... }: { - sops.secrets."murmur/registry_password".owner = "murmur"; security.acme.certs."mumble.${baseDomain}" = { group = "murmur"; diff --git a/services/website.nix b/services/website.nix new file mode 100644 index 0000000..b4b8d95 --- /dev/null +++ b/services/website.nix @@ -0,0 +1,18 @@ +{ pkgs, baseDomain, ...}: { + services.nginx = { + enable = true; + enableReload = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + virtualHosts.${baseDomain} = { + default = true; + enableACME = true; + forceSSL = true; + # TODO: Change this to be deployed by some sort of CI + rsync so we don't need to always update the package version + locations."/".root = pkgs.chaos-jetzt-website-pelican; + }; + }; +} \ No newline at end of file