blob: ac89a56d314ff08e73374ca385c6a3f567820a59 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
{ nixpkgs ? import ./Bild.nix { } }:
with nixpkgs;
# The production server for que.run
bild.os {
imports =
[ ./OsBase.nix ./Packages.nix ./Users.nix ./Que/Host.nix ./Que/Site.nix ];
networking.hostName = "prod-que";
networking.domain = "que.run";
services.que-server = {
enable = true;
port = 80;
package = bild.run ./Que/Host.hs;
};
boot.loader.grub.device = "/dev/vda";
fileSystems."/" = {
device = "/dev/vda1";
fsType = "ext4";
};
swapDevices = [{
device = "/swapfile";
} # 4GB
];
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
networking = {
nameservers = [ "67.207.67.2" "67.207.67.3" ];
defaultGateway = "157.245.224.1";
defaultGateway6 = "2604:a880:2:d1::1";
dhcpcd.enable = false;
usePredictableInterfaceNames = lib.mkForce true;
interfaces = {
eth0 = {
ipv4.addresses = [
{
address = "157.245.236.44";
prefixLength = 20;
}
{
address = "10.46.0.5";
prefixLength = 16;
}
];
ipv6.addresses = [
{
address = "2604:a880:2:d1::a2:5001";
prefixLength = 64;
}
{
address = "fe80::7892:a5ff:fec6:dbc3";
prefixLength = 64;
}
];
ipv4.routes = [{
address = "157.245.224.1";
prefixLength = 32;
}];
ipv6.routes = [{
address = "2604:a880:2:d1::1";
prefixLength = 32;
}];
};
};
};
services = {
que-website = {
enable = true;
namespace = "_";
package = bild.run ./Que/Site.hs;
};
udev.extraRules = ''
ATTR{address}=="7a:92:a5:c6:db:c3", NAME="eth0"
'';
};
}
|