Biz/Que/Prod.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

{ bild ? import ../Bild/Rules.nix {}
, nixpkgs ? import ../Bild/Nixpkgs.nix
}:

# The production server for que.run

bild.os {
  imports = [
    ../OsBase.nix
    ../Packages.nix
    ../Users.nix
    ./Host.nix
    ./Site.nix
  ];
  networking.hostName = "prod-que";
  networking.domain = "que.run";
  services.que-server = {
    enable = true;
    port = 80;
    package = bild.ghc ./Host.hs;
  };
  boot.loader.grub.device = "/dev/vda";
  fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; };
  swapDevices = [
    { device = "/swapfile"; } # 4GB
  ];
  networking.firewall.allowedTCPPorts = [ 22 80 443 ];
  networking = {
    nameservers = [
      "67.207.67.2"
      "67.207.67.3"
    ];
    defaultGateway = "157.245.224.1";
    defaultGateway6 = "2604:a880:2:d1::1";
    dhcpcd.enable = false;
    usePredictableInterfaceNames = nixpkgs.lib.mkForce true;
    interfaces = {
      eth0 = {
        ipv4.addresses = [
          { address="157.245.236.44"; prefixLength=20; }
          { address="10.46.0.5"; prefixLength=16; }
        ];
        ipv6.addresses = [
          { address="2604:a880:2:d1::a2:5001"; prefixLength=64; }
          { address="fe80::7892:a5ff:fec6:dbc3"; prefixLength=64; }
        ];
        ipv4.routes = [ { address = "157.245.224.1"; prefixLength = 32; } ];
        ipv6.routes = [ { address = "2604:a880:2:d1::1"; prefixLength = 32; } ];
      };
    };
  };
  services = {
    que-website = {
      enable = true;
      namespace = "_";
      package = bild.ghc ./Site.hs;
    };

    udev.extraRules = ''
      ATTR{address}=="7a:92:a5:c6:db:c3", NAME="eth0"
    '';
  };
}