summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--lass/2configs/websites/lassulus.nix1
-rw-r--r--lass/2configs/websites/ref.ptkk.de/default.nix89
2 files changed, 90 insertions, 0 deletions
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 2ff98f38d..411234b82 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -10,6 +10,7 @@ in {
imports = [
./default.nix
../git.nix
+ ./ref.ptkk.de
];
security.acme = {
diff --git a/lass/2configs/websites/ref.ptkk.de/default.nix b/lass/2configs/websites/ref.ptkk.de/default.nix
new file mode 100644
index 000000000..14ce58b8e
--- /dev/null
+++ b/lass/2configs/websites/ref.ptkk.de/default.nix
@@ -0,0 +1,89 @@
+{ config, lib, pkgs, ... }:
+{
+ services.nginx.virtualHosts."ref.ptkk.de" = {
+ enableACME = true;
+ locations."/" = {
+ proxyPass = "http://localhost:4626";
+ extraConfig = ''
+ proxy_http_version 1.1;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header Connection $connection_upgrade;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_cache_bypass $http_upgrade;
+ '';
+ };
+ locations."/static/" = {
+ alias = "/var/lib/ref.ptkk.de/static/";
+ };
+ forceSSL = true;
+ };
+ systemd.services."ref.ptkk.de" = {
+ wantedBy = [ "multi-user.target" ];
+ environment = {
+ PRODUCTION = "yip";
+ DATA_DIR = "/var/lib/ref.ptkk.de/data";
+ PORT = "4626";
+ STATIC_ROOT = "/var/lib/ref.ptkk.de/static";
+ };
+ path = with pkgs; [
+ git
+ gnutar
+ gzip
+ nix
+ ];
+ serviceConfig = {
+ ExecStartPre = [
+ "${pkgs.coreutils}/bin/mkdir -p /var/lib/ref.ptkk.de/data"
+ "${pkgs.coreutils}/bin/mkdir -p /var/lib/ref.ptkk.de/code"
+ "${pkgs.coreutils}/bin/mkdir -p /var/lib/ref.ptkk.de/static"
+ ];
+ ExecStart = pkgs.writers.writeDash "nixify" ''
+ cd code
+ if test -e shell.nix; then
+ ${pkgs.nix}/bin/nix-shell -I /var/src --run serve
+ else
+ echo 'no shell.nix, bailing out'
+ exit 0
+ fi
+ '';
+ LoadCredential = [
+ "django-secret.key:${toString <secrets>}/ref.ptkk.de-django.key"
+ ];
+ User = "ref.ptkk.de";
+ WorkingDirectory = "/var/lib/ref.ptkk.de";
+ StateDirectory = "ref.ptkk.de";
+ Restart = "always";
+ RestartSec = "100s";
+ };
+ };
+ systemd.services."ref.ptkk.de-restarter" = {
+ serviceConfig = {
+ Type = "oneshot";
+ ExecStart = "${pkgs.systemd}/bin/systemctl restart ref.ptkk.de.service";
+ };
+ };
+ systemd.paths."ref.ptkk.de-restarter" = {
+ wantedBy = [ "multi-user.target" ];
+ pathConfig.PathChanged = [
+ "/var/lib/ref.ptkk.de/code"
+ "/var/src/nixpkgs"
+ ];
+ };
+
+ users.users."ref.ptkk.de" = {
+ isSystemUser = true;
+ uid = pkgs.stockholm.lib.genid_uint31 "ref.ptkk.de";
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6fu6LtyRdk++qIBpP0BdZQHSTqzNNlvp7ML2Dv0IxD CI@github.com"
+ config.krebs.users.lass.pubkey
+ ];
+ group = "nginx";
+ home = "/var/lib/ref.ptkk.de";
+ useDefaultShell = true;
+ };
+}