lgmrszd/nix-cfg
1
0
Fork 0
mirror of https://git.lgmrszd.xyz/Lgmrszd/nix-cfg.git synced 2024-09-20 09:48:14 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
nix-cfg/hosts/vps1/akkotest.nix

157 lines
No EOL
3.8 KiB
Nix
Raw Blame History

{ config, pkgs, lib, ... }:
let
rootDomain = "lgmrszd.xyz";
hostAddress = "192.168.100.10";
localAddress = "192.168.100.11";
localPort = 4000;
domain = "akko429164.testdrive.${rootDomain}";
in
{
imports = [
./akkoma/akkontainer.nix
];
services.nginx.virtualHosts."${domain}" = {
serverName = "${domain}";
forceSSL = true;
useACMEHost = "${rootDomain}";
locations."/" = {
proxyPass = "http://${localAddress}:${toString localPort}";
proxyWebsockets = true;
recommendedProxySettings = true;
};
};
sops.secrets =
let
sopsFile = ../../secrets/akkotest-vps.yaml;
format = "yaml";
sopsPrefix = "akkotest-vps";
mkSopsSecret = secretList: builtins.listToAttrs(map
(name: {
name = "${sopsPrefix}/${name}";
value = {
inherit sopsFile;
inherit format;
};
})
secretList);
in mkSopsSecret [
"vapid-private"
"vapid-public"
"liveview-salt"
"signing-salt"
"jwt-signer"
"key-base"
];
myAkkomaContainerOptions = {
enable = true;
# hostAddress = "192.168.100.10";
# localAddress = "192.168.100.11";
# localPort = 4000;
# domain = "akkotest.local";
inherit hostAddress;
inherit localAddress;
inherit localPort;
inherit domain;
containerName = "akkotest";
};
users = {
users."akkoma" = {
description = "Fake Akkoma user to set up files permissions";
group = "akkoma";
isSystemUser = true;
uid = 1234;
};
groups."akkoma" = { gid = 1234; };
};
containers.akkotest =
let
outerConfig = config;
hostDataPrefix = "/data/akkotest";
containerDataPrefix = "/data/akkotest";
in
{
ephemeral = true;
privateNetwork = true;
inherit hostAddress;
inherit localAddress;
allowedDevices = [
{
modifier = "rwm";
node = "/dev/fuse";
}
];
bindMounts."/dev/fuse" = {};
bindMounts.static = {
hostPath = "/data/akkotest/static_i";
mountPoint = "/data/akkoma/static_i";
isReadOnly = false;
};
bindMounts.db = {
hostPath = "/data/akkotest/postgresql";
mountPoint = "/data/postgresql";
isReadOnly = false;
};
bindMounts.uploads = {
hostPath = "/data/akkotest/uploads";
mountPoint = "/data/akkoma/uploads";
isReadOnly = false;
};
# bindMounts.secrets = {
# hostPath = "/data/secrets_akkotest";
# mountPoint = "/var/akkosecrets";
# isReadOnly = true;
# };
bindMounts."/run/secrets/akkotest-vps" = {
isReadOnly = true;
};
config =
{ config, pkgs, ... }:
{
imports = [
./akkoma/akkontainer.nix
./akkoma/akkoma.nix
./akkoma/akkoma-static.nix
../../modules/akkoma-patches.nix
];
users = {
users."akkoma" = {
description = "Akkoma user";
group = "akkoma";
isSystemUser = true;
uid = 1234;
};
groups."akkoma" = { gid = 1234; };
};
# myAkkomaContainerOptions = outerConfig.myAkkomaContainerOptions.mkInnerConfig;
# myAkkomaContainerOptions = {
# inherit hostAddress;
# inherit localAddress;
# inherit localPort;
# inherit domain;
# isContainer = true;
# };
environment.systemPackages = with pkgs; [ zip unzip ];
systemd.tmpfiles.rules = [
"d /data/postgresql 700 postgres postgres -"
# "d /data/uploads 700 akkoma akkoma -"
# "d /var/akkosecrets 500 akkoma akkoma -"
];
services.postgresql = {
enable = true;
package = pkgs.postgresql_15;
dataDir = "/data/postgresql";
};
networking.firewall.allowedTCPPorts = [
localPort
];
system.stateVersion = "23.05";
};
};
}
Reference in a new issue View git blame Copy permalink