Skip to content

Commit

Permalink
cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
srid committed Nov 19, 2024
1 parent eff3333 commit d425868
Show file tree
Hide file tree
Showing 7 changed files with 73 additions and 41 deletions.
19 changes: 1 addition & 18 deletions configurations/nixos/gate/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -5,33 +5,16 @@ let
inherit (inputs) self;
in
{
# nixos-unified.sshTarget = "[email protected]";
nixos-unified.sshTarget = "gate";

imports = [
./configuration.nix
(self + /modules/nixos/shared/primary-as-admin.nix)
(self + /webapps/proxy.nix)
];

nixpkgs.hostPlatform = "x86_64-linux";
services.tailscale.enable = true;
services.openssh.settings.PasswordAuthentication = false;
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."actualism.app" = {
# FIXME: Don't hardcode, instead of read from pureintent's containers.nix
locations."/".proxyPass = "http://pureintent:3000";
enableACME = true;
addSSL = true;
};
};
security.acme = {
acceptTerms = true;
defaults.email = "[email protected]";
};
networking.firewall.allowedTCPPorts = [ 80 443 22 ];

# Workaround the annoying `Failed to start Network Manager Wait Online` error on switch.
# https://github.com/NixOS/nixpkgs/issues/180175
Expand Down
22 changes: 0 additions & 22 deletions configurations/nixos/pureintent/containers.nix

This file was deleted.

2 changes: 1 addition & 1 deletion configurations/nixos/pureintent/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ in
imports = [
self.nixosModules.default
./configuration.nix
./containers.nix
(self + /webapps/host.nix)
];

services.openssh.enable = true;
Expand Down
9 changes: 9 additions & 0 deletions webapps/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# Hosting webapps on home-server

Host them on `pureintent` (home-server)

Run nginx on `gate` (Hetzner VPS).

Put the two in a Tailscale network. Profit!

WARNING: This is not cleanly designed yet, so don't use it as a reference.
8 changes: 8 additions & 0 deletions webapps/default.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{ flake, system, ... }:
{
actualism-app = {
port = 3000; # TODO: Change this, and pass to daemon (renaming `package` to `exec` or something)
domain = "actualism.app";
package = flake.inputs.actualism-app.packages.${system}.default;
};
}
24 changes: 24 additions & 0 deletions webapps/host.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# Configuration for the host on which all webapps will run.
{ flake, pkgs, lib, ... }:

let
webapps = import ./. { inherit flake; system = pkgs.system; };
in
{
# Run each web app as a systemd service decided inside a container.
containers = lib.mapAttrs
(name: v: {
autoStart = true;
config = {
systemd.services.${name} = {
description = name;
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${lib.getExe v.package}";
Restart = "always";
};
};
};
})
webapps;
}
30 changes: 30 additions & 0 deletions webapps/proxy.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# Configuration for the VPS running nginx reverse proxy
{ flake, pkgs, lib, webapps, ... }:

let
host = "pureintent"; # See host.nix
webapps = import ./. { inherit flake; system = pkgs.system; };
in
{
services.tailscale.enable = true;

services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;

virtualHosts = lib.mapAttrs'
(name: v: lib.nameValuePair v.domain {
locations."/".proxyPass = "http://${host}:${builtins.toString v.port}";
enableACME = true;
addSSL = true;
})
webapps;
};

security.acme = {
acceptTerms = true;
defaults.email = "[email protected]";
};
networking.firewall.allowedTCPPorts = [ 80 443 22 ];
}

0 comments on commit d425868

Please sign in to comment.