diff options
| -rw-r--r-- | Com/Simatime/Serval/configuration.nix | 11 | ||||
| -rwxr-xr-x | Com/Simatime/Serval/networking.nix | 5 | ||||
| -rw-r--r-- | Com/Simatime/buildOS.nix | 5 | ||||
| -rw-r--r-- | Run/Que/service.nix | 68 | ||||
| -rw-r--r-- | default.nix | 131 |
5 files changed, 151 insertions, 69 deletions
diff --git a/Com/Simatime/Serval/configuration.nix b/Com/Simatime/Serval/configuration.nix new file mode 100644 index 0000000..d5ad02f --- /dev/null +++ b/Com/Simatime/Serval/configuration.nix @@ -0,0 +1,11 @@ +{ config, pkgs, ... }: +{ + networking.firewall.allowedTCPPorts = [ 22 80 443 ]; + services.que-server = { + enable = true; + domain = "que.run"; + port = 3000; + package = pkgs.biz.que-server; + }; + services.nginx.enable = true; +} diff --git a/Com/Simatime/Serval/networking.nix b/Com/Simatime/Serval/networking.nix index e13a6f5..79fbe27 100755 --- a/Com/Simatime/Serval/networking.nix +++ b/Com/Simatime/Serval/networking.nix @@ -3,7 +3,8 @@ # details gathered from the active system. networking = { nameservers = [ - "127.0.0.53" + "67.207.67.2" + "67.207.67.3" ]; defaultGateway = "157.245.160.1"; defaultGateway6 = ""; @@ -18,8 +19,6 @@ ipv6.addresses = [ { address="fe80::242a:8bff:feb7:6afb"; prefixLength=64; } ]; - ipv4.routes = [ { address = "157.245.160.1"; prefixLength = 32; } ]; - ipv6.routes = [ { address = ""; prefixLength = 32; } ]; }; }; }; diff --git a/Com/Simatime/buildOS.nix b/Com/Simatime/buildOS.nix index c40fc22..52aa51a 100644 --- a/Com/Simatime/buildOS.nix +++ b/Com/Simatime/buildOS.nix @@ -4,6 +4,7 @@ nixos: , vpnConnectTo ? "" , vpnRsaPrivateKeyFile ? null , vpnEd25519PrivateKeyFile ? null +, deps ? {} # added under pkgs.biz , configuration # see: configuration.nix(5) }: assert enableVpn -> builtins.isString ipAddress; @@ -15,6 +16,9 @@ let Ed25519PrivateKeyFile = "${vpnEd25519PrivateKeyFile}" PrivateKeyFile = "${vpnRsaPrivateKeyFile}" '' else ""; + bizpkgs = self: super: { + biz = deps; + }; defaults = { boot.cleanTmpDir = true; #networking.interfaces.simatime-vpn = [{ ipv4.address = ipAddress; }]; @@ -24,6 +28,7 @@ let nix.maxJobs = 1; # "auto"; nix.optimise.automatic = true; nix.optimise.dates = [ "Sunday 02:30" ]; + nixpkgs.overlays = [ bizpkgs ]; security.acme.email = "ben@bsima.me"; security.acme.acceptTerms = true; security.sudo.wheelNeedsPassword = false; diff --git a/Run/Que/service.nix b/Run/Que/service.nix new file mode 100644 index 0000000..b9f5c19 --- /dev/null +++ b/Run/Que/service.nix @@ -0,0 +1,68 @@ +{ options +, lib +, config +, pkgs +, modulesPath +}: + +let + cfg = config.services.que-server; +in +{ + options.services.que-server = { + enable = lib.mkEnableOption "Enable the que-server service"; + domain = lib.mkOption { + type = lib.types.str; + default = "que.run"; + description = '' + Domain on which to host que-server. This is passed to + services.nginx.virtualHosts.<name> directly. + ''; + }; + port = lib.mkOption { + type = lib.types.int; + default = 3000; + description = '' + The port on which que-server will listen for + incoming HTTP traffic. + ''; + }; + package = lib.mkOption { + type = lib.types.package; + description = "que-server package to use"; + }; + }; + config = lib.mkIf cfg.enable { + systemd.services.que-server = { + path = [ cfg.package ]; + wantedBy = [ "multi-user.target" ]; + script = '' + ${cfg.package}/bin/que-server -p ${toString cfg.port} + ''; + description = '' + Que server + ''; + serviceConfig = { + KillSignal = "INT"; + Type = "simple"; + Restart = "on-abort"; + RestartSec = "1"; + }; + }; + services.nginx = { + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + "${cfg.domain}" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:${toString cfg.port}"; + }; + }; + }; + }; + }; +} diff --git a/default.nix b/default.nix index f60a2a1..54db612 100644 --- a/default.nix +++ b/default.nix @@ -11,8 +11,8 @@ let url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${ver}/nixos-mailserver-${ver}.tar.gz"; sha256 = "0lpz08qviccvpfws2nm83n7m2r8add2wvfg9bljx9yxx8107r919"; }; -in { - Com.Simatime = buildOS { +in rec { + Com.Simatime.cloud = buildOS { enableVpn = true; ipAddress = "159.89.128.69"; vpnRsaPrivateKeyFile = "/etc/tinc/rsa_key.priv"; @@ -33,34 +33,36 @@ in { withUtempter = true; }; }; - } // { - dev = buildOS { - enableVpn = true; - ipAddress = "69.181.254.154"; - vpnConnectTo = "com.simatime"; - vpnRsaPrivateKeyFile = "/etc/tinc/rsa_key.priv"; - vpnEd25519PrivateKeyFile = "/etc/tinc/ed25519_key.priv"; - configuration = { - imports = [ - ./Com/Simatime/packages.nix - ./Com/Simatime/dev/hardware.nix - ./Com/Simatime/dev/configuration.nix - ]; - }; + }; + Com.Simatime.dev = buildOS { + enableVpn = true; + ipAddress = "69.181.254.154"; + vpnConnectTo = "com.simatime"; + vpnRsaPrivateKeyFile = "/etc/tinc/rsa_key.priv"; + vpnEd25519PrivateKeyFile = "/etc/tinc/ed25519_key.priv"; + configuration = { + imports = [ + ./Com/Simatime/packages.nix + ./Com/Simatime/dev/hardware.nix + ./Com/Simatime/dev/configuration.nix + ]; }; - Serval = buildOS { - configuration = { - imports = [ - ./Com/Simatime/packages.nix - ./Com/RunServal/hardware.nix - ./Com/RunServal/networking.nix - ]; - networking.hostName = "serval.simatime.com"; - boot.enableContainers = true; - }; + }; + Com.Simatime.Serval = buildOS { + deps = { que-server = Run.Que; }; + configuration = { + imports = [ + ./Com/Simatime/packages.nix + ./Com/Simatime/Serval/hardware.nix + ./Com/Simatime/Serval/networking.nix + ./Run/Que/service.nix + ./Com/Simatime/Serval/configuration.nix + ]; + networking.hostName = "serval.simatime.com"; + boot.enableContainers = true; }; }; - Com.InfluencedByBooks = buildOS { + Com.InfluencedByBooks.os = buildOS { configuration = { imports = [ ./Com/InfluencedByBooks/service.nix @@ -70,43 +72,42 @@ in { boot.isContainer = true; networking.useDHCP = false; }; - } // { - Server = buildGhc { - name = "Com.InfluencedByBooks.Server"; - nick = "ibb"; - deps = [ - "clay" - "miso" - "protolude" - "servant" - "text" - "MonadRandom" - "acid-state" - "blaze-html" - "blaze-markup" - "bytestring" - "ixset" - "random" - "safecopy" - "scotty" - "servant-server" - "text" - ]; - }; - Client = buildGhcjs { - name = "Com.InfluencedByBooks.Client"; - nick = "ibb"; - deps = [ - "clay" - "miso" - "protolude" - "servant" - "text" - "aeson" - "containers" - "ghcjs-base" - ]; - }; + }; + Com.InfluencedByBooks.Server = buildGhc { + name = "Com.InfluencedByBooks.Server"; + nick = "ibb"; + deps = [ + "clay" + "miso" + "protolude" + "servant" + "text" + "MonadRandom" + "acid-state" + "blaze-html" + "blaze-markup" + "bytestring" + "ixset" + "random" + "safecopy" + "scotty" + "servant-server" + "text" + ]; + }; + Com.InfluencedByBooks.Client = buildGhcjs { + name = "Com.InfluencedByBooks.Client"; + nick = "ibb"; + deps = [ + "clay" + "miso" + "protolude" + "servant" + "text" + "aeson" + "containers" + "ghcjs-base" + ]; }; Com.MusicMeetsComics = { Server = buildGhc { @@ -175,6 +176,4 @@ in { "unordered-containers" ]; }; - # fallthrough to nixpkgs - nixpkgs = nixpkgs; } |