diff options
author | makefu <github@syntax-fehler.de> | 2022-06-07 00:17:23 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2022-06-07 00:17:23 +0200 |
commit | 9c1799914a2e6f2dc736fe2eaad7134602a3d837 (patch) | |
tree | 08347f7f29bc00c3b40be2a49e069268c0163716 /lass/2configs/websites/ref.ptkk.de/default.nix | |
parent | 1e405be047a79e1abd0c28e52b5009b9675909b8 (diff) | |
parent | bdc80e55411e197f89990e988f8b7e67c084d3d3 (diff) |
Merge remote-tracking branch 'lass/master' into 22.05
Diffstat (limited to 'lass/2configs/websites/ref.ptkk.de/default.nix')
-rw-r--r-- | lass/2configs/websites/ref.ptkk.de/default.nix | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/lass/2configs/websites/ref.ptkk.de/default.nix b/lass/2configs/websites/ref.ptkk.de/default.nix new file mode 100644 index 000000000..14ce58b8e --- /dev/null +++ b/lass/2configs/websites/ref.ptkk.de/default.nix @@ -0,0 +1,89 @@ +{ config, lib, pkgs, ... }: +{ + services.nginx.virtualHosts."ref.ptkk.de" = { + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:4626"; + extraConfig = '' + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Upgrade $http_upgrade; + proxy_cache_bypass $http_upgrade; + ''; + }; + locations."/static/" = { + alias = "/var/lib/ref.ptkk.de/static/"; + }; + forceSSL = true; + }; + systemd.services."ref.ptkk.de" = { + wantedBy = [ "multi-user.target" ]; + environment = { + PRODUCTION = "yip"; + DATA_DIR = "/var/lib/ref.ptkk.de/data"; + PORT = "4626"; + STATIC_ROOT = "/var/lib/ref.ptkk.de/static"; + }; + path = with pkgs; [ + git + gnutar + gzip + nix + ]; + serviceConfig = { + ExecStartPre = [ + "${pkgs.coreutils}/bin/mkdir -p /var/lib/ref.ptkk.de/data" + "${pkgs.coreutils}/bin/mkdir -p /var/lib/ref.ptkk.de/code" + "${pkgs.coreutils}/bin/mkdir -p /var/lib/ref.ptkk.de/static" + ]; + ExecStart = pkgs.writers.writeDash "nixify" '' + cd code + if test -e shell.nix; then + ${pkgs.nix}/bin/nix-shell -I /var/src --run serve + else + echo 'no shell.nix, bailing out' + exit 0 + fi + ''; + LoadCredential = [ + "django-secret.key:${toString <secrets>}/ref.ptkk.de-django.key" + ]; + User = "ref.ptkk.de"; + WorkingDirectory = "/var/lib/ref.ptkk.de"; + StateDirectory = "ref.ptkk.de"; + Restart = "always"; + RestartSec = "100s"; + }; + }; + systemd.services."ref.ptkk.de-restarter" = { + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.systemd}/bin/systemctl restart ref.ptkk.de.service"; + }; + }; + systemd.paths."ref.ptkk.de-restarter" = { + wantedBy = [ "multi-user.target" ]; + pathConfig.PathChanged = [ + "/var/lib/ref.ptkk.de/code" + "/var/src/nixpkgs" + ]; + }; + + users.users."ref.ptkk.de" = { + isSystemUser = true; + uid = pkgs.stockholm.lib.genid_uint31 "ref.ptkk.de"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6fu6LtyRdk++qIBpP0BdZQHSTqzNNlvp7ML2Dv0IxD CI@github.com" + config.krebs.users.lass.pubkey + ]; + group = "nginx"; + home = "/var/lib/ref.ptkk.de"; + useDefaultShell = true; + }; +} |