diff options
author | lassulus <git@lassul.us> | 2023-01-30 20:40:25 +0100 |
---|---|---|
committer | lassulus <git@lassul.us> | 2023-01-30 20:40:25 +0100 |
commit | bf4a3fe78e4814b9281b7e20d8eae2e0461fed72 (patch) | |
tree | 6394e8d10b1b4bade01842fe2d3a1a6978e923a6 /lass | |
parent | f620d8002e224e3e35cbaaf8405ce861ea4f7537 (diff) |
l orange.r: init
Diffstat (limited to 'lass')
-rw-r--r-- | lass/1systems/orange/config.nix | 21 | ||||
-rw-r--r-- | lass/1systems/orange/physical.nix | 7 | ||||
-rw-r--r-- | lass/2configs/orange-host.nix | 15 |
3 files changed, 43 insertions, 0 deletions
diff --git a/lass/1systems/orange/config.nix b/lass/1systems/orange/config.nix new file mode 100644 index 000000000..3c13ebe85 --- /dev/null +++ b/lass/1systems/orange/config.nix @@ -0,0 +1,21 @@ +with import <stockholm/lib>; +{ config, lib, pkgs, ... }: +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs> + <stockholm/lass/2configs/retiolum.nix> + ]; + + krebs.build.host = config.krebs.hosts.orange; + + security.acme = { + acceptTerms = true; + defaults.email = "acme@lassul.us"; + }; + + lass.sync-containers3.inContainer = { + enable = true; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQWzKuXrwQopBc1mzb2VpljmwAs7Y8bRl9a8hBXLC+l"; + }; +} diff --git a/lass/1systems/orange/physical.nix b/lass/1systems/orange/physical.nix new file mode 100644 index 000000000..8577daf34 --- /dev/null +++ b/lass/1systems/orange/physical.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./config.nix + ]; + boot.isContainer = true; + networking.useDHCP = true; +} diff --git a/lass/2configs/orange-host.nix b/lass/2configs/orange-host.nix new file mode 100644 index 000000000..3fbf417a7 --- /dev/null +++ b/lass/2configs/orange-host.nix @@ -0,0 +1,15 @@ +{ config, pkgs, ... }: +{ + lass.sync-containers3.containers.orange = { + sshKey = "${toString <secrets>}/orange.sync.key"; + }; + services.nginx.virtualHosts."lassul.us" = { + # enableACME = config.security; + # forceSSL = true; + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://orange.r"; + }; + }; +} |