mirror of
https://git.lgmrszd.xyz/Lgmrszd/nix-cfg.git
synced 2024-11-22 11:17:56 +01:00
141 lines
No EOL
3.4 KiB
Nix
141 lines
No EOL
3.4 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
let
|
|
hostAddress = "192.168.100.10";
|
|
localAddress = "192.168.100.11";
|
|
localPort = 4000;
|
|
domain = "akkotest.local";
|
|
in
|
|
{
|
|
imports = [
|
|
./akkoma/akkontainer.nix
|
|
];
|
|
|
|
networking.extraHosts = ''
|
|
127.0.0.1 ${domain}
|
|
'';
|
|
services.nginx = {
|
|
enable = true;
|
|
virtualHosts."${domain}" = {
|
|
serverName = "${domain}";
|
|
forceSSL = true;
|
|
sslCertificate = "/data/selfcerts/nginx-selfsigned.crt";
|
|
sslCertificateKey = "/data/selfcerts/nginx-selfsigned.key";
|
|
locations."/" = {
|
|
proxyPass = "http://${localAddress}:${toString localPort}";
|
|
proxyWebsockets = true;
|
|
recommendedProxySettings = true;
|
|
};
|
|
};
|
|
};
|
|
sops.secrets =
|
|
let
|
|
sopsFile = ../../secrets/akkotest.yaml;
|
|
format = "yaml";
|
|
sopsPrefix = "akkotest";
|
|
mkSopsSecret = secretList: builtins.listToAttrs(map
|
|
(name: {
|
|
name = "${sopsPrefix}/${name}";
|
|
value = {
|
|
inherit sopsFile;
|
|
inherit format;
|
|
};
|
|
})
|
|
secretList);
|
|
in mkSopsSecret [
|
|
"vapid-private"
|
|
"vapid-public"
|
|
"liveview-salt"
|
|
"signing-salt"
|
|
"jwt-signer"
|
|
"key-base"
|
|
];
|
|
# sops.secrets."akkotest/vapid-private" = {
|
|
# sopsFile = ../../secrets/akkotest.yaml;
|
|
# format = "yaml";
|
|
# };
|
|
|
|
myAkkomaContainerOptions = {
|
|
enable = true;
|
|
hostAddress = "192.168.100.10";
|
|
localAddress = "192.168.100.11";
|
|
localPort = 4000;
|
|
domain = "akkotest.local";
|
|
containerName = "akkotest";
|
|
};
|
|
|
|
containers.akkotest =
|
|
let
|
|
outerConfig = config;
|
|
hostDataPrefix = "/data/akkotest";
|
|
containerDataPrefix = "/data/akkotest";
|
|
in
|
|
{
|
|
ephemeral = true;
|
|
privateNetwork = true;
|
|
inherit hostAddress;
|
|
inherit localAddress;
|
|
allowedDevices = [
|
|
{
|
|
modifier = "rwm";
|
|
node = "/dev/fuse";
|
|
}
|
|
];
|
|
bindMounts."/dev/fuse" = {};
|
|
bindMounts.static = {
|
|
hostPath = "/data/static_i_akkotest";
|
|
mountPoint = "/data/akkoma/static_i";
|
|
isReadOnly = false;
|
|
};
|
|
bindMounts.db = {
|
|
hostPath = "/data/postgresql_akkotest";
|
|
mountPoint = "/data/postgresql";
|
|
isReadOnly = false;
|
|
};
|
|
bindMounts.uploads = {
|
|
hostPath = "/data/uploads_akkotest";
|
|
mountPoint = "/data/uploads";
|
|
isReadOnly = false;
|
|
};
|
|
bindMounts.secrets = {
|
|
hostPath = "/data/secrets_akkotest";
|
|
mountPoint = "/var/akkosecrets";
|
|
isReadOnly = true;
|
|
};
|
|
bindMounts."/run/secrets/akkotest" = {
|
|
isReadOnly = true;
|
|
};
|
|
|
|
config =
|
|
{ config, pkgs, ... }:
|
|
{
|
|
imports = [
|
|
./akkoma/akkontainer.nix
|
|
./akkoma/akkoma.nix
|
|
./akkoma/akkoma-static.nix
|
|
../../modules/akkoma-patches.nix
|
|
];
|
|
# myAkkomaContainerOptions = outerConfig.myAkkomaContainerOptions.mkInnerConfig;
|
|
# myAkkomaContainerOptions = {
|
|
# inherit hostAddress;
|
|
# inherit localAddress;
|
|
# inherit localPort;
|
|
# inherit domain;
|
|
# isContainer = true;
|
|
# };
|
|
environment.systemPackages = with pkgs; [ zip unzip ];
|
|
systemd.tmpfiles.rules = [
|
|
"d /data/postgresql 700 postgres postgres -"
|
|
# "d /data/uploads 700 akkoma akkoma -"
|
|
"d /var/akkosecrets 500 akkoma akkoma -"
|
|
];
|
|
services.postgresql = {
|
|
enable = true;
|
|
package = pkgs.postgresql_15;
|
|
dataDir = "/data/postgresql";
|
|
};
|
|
networking.firewall.allowedTCPPorts = [
|
|
localPort
|
|
];
|
|
};
|
|
};
|
|
} |