Hero/Prod.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

{ bild, lib }:

# Production server for herocomics.app

bild.os {
  imports = [
    ../Biz/OsBase.nix
    ../Biz/Packages.nix
    ../Biz/Users.nix
    ./Service.nix
  ];
  networking.hostName = "prod-herocomics";
  networking.domain = "herocomics.app";
  boot.loader.grub.device = "/dev/vda";
  fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; };
  networking = {
    firewall.allowedTCPPorts = [ 22 80 443 ];
    nameservers = [
      "67.207.67.2"
      "67.207.67.3"
    ];
    defaultGateway = "138.68.40.1";
    defaultGateway6 = "";
    dhcpcd.enable = false;
    usePredictableInterfaceNames = lib.mkForce true;
    interfaces = {
      eth0 = {
        ipv4.addresses = [
          { address="138.68.40.97"; prefixLength=21; }
          { address="10.46.0.5"; prefixLength=16; }
        ];
        ipv6.addresses = [
          { address="fe80::b063:c4ff:fee5:d636"; prefixLength=64; }
        ];
        ipv4.routes = [ { address = "138.68.40.1"; prefixLength = 32; } ];
        ipv6.routes = [ { address = ""; prefixLength = 32; } ];
      };

    };
  };

  services = {
    herocomics = {
      enable = true;
      port = 3000;
      host = bild.ghc ./Host.hs;
      node = bild.ghcjs ./Node.hs;
      keep = "/var/lib/hero";
    };

    udev.extraRules = ''
      ATTR{address}=="b2:63:c4:e5:d6:36", NAME="eth0"
    '';
  };
}