blob: 14ce58b8ea276492b96174024ea1135877d869a7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
{ config, lib, pkgs, ... }:
{
services.nginx.virtualHosts."ref.ptkk.de" = {
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:4626";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_cache_bypass $http_upgrade;
'';
};
locations."/static/" = {
alias = "/var/lib/ref.ptkk.de/static/";
};
forceSSL = true;
};
systemd.services."ref.ptkk.de" = {
wantedBy = [ "multi-user.target" ];
environment = {
PRODUCTION = "yip";
DATA_DIR = "/var/lib/ref.ptkk.de/data";
PORT = "4626";
STATIC_ROOT = "/var/lib/ref.ptkk.de/static";
};
path = with pkgs; [
git
gnutar
gzip
nix
];
serviceConfig = {
ExecStartPre = [
"${pkgs.coreutils}/bin/mkdir -p /var/lib/ref.ptkk.de/data"
"${pkgs.coreutils}/bin/mkdir -p /var/lib/ref.ptkk.de/code"
"${pkgs.coreutils}/bin/mkdir -p /var/lib/ref.ptkk.de/static"
];
ExecStart = pkgs.writers.writeDash "nixify" ''
cd code
if test -e shell.nix; then
${pkgs.nix}/bin/nix-shell -I /var/src --run serve
else
echo 'no shell.nix, bailing out'
exit 0
fi
'';
LoadCredential = [
"django-secret.key:${toString <secrets>}/ref.ptkk.de-django.key"
];
User = "ref.ptkk.de";
WorkingDirectory = "/var/lib/ref.ptkk.de";
StateDirectory = "ref.ptkk.de";
Restart = "always";
RestartSec = "100s";
};
};
systemd.services."ref.ptkk.de-restarter" = {
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.systemd}/bin/systemctl restart ref.ptkk.de.service";
};
};
systemd.paths."ref.ptkk.de-restarter" = {
wantedBy = [ "multi-user.target" ];
pathConfig.PathChanged = [
"/var/lib/ref.ptkk.de/code"
"/var/src/nixpkgs"
];
};
users.users."ref.ptkk.de" = {
isSystemUser = true;
uid = pkgs.stockholm.lib.genid_uint31 "ref.ptkk.de";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6fu6LtyRdk++qIBpP0BdZQHSTqzNNlvp7ML2Dv0IxD CI@github.com"
config.krebs.users.lass.pubkey
];
group = "nginx";
home = "/var/lib/ref.ptkk.de";
useDefaultShell = true;
};
}
|