bill
/
deployed-nixos-server-and-apps
1
1
Fork 0
Code

Compare commits

base: bill:e4ac56d53047dd27dd1763a61f75a31801ed3aa8
Branches Tags
bill:main
..
compare: bill:62d3a137b2710c4f80959c3b1a6e8bb867ece95f
Branches Tags
bill:main

No commits in common. "e4ac56d53047dd27dd1763a61f75a31801ed3aa8" and "62d3a137b2710c4f80959c3b1a6e8bb867ece95f" have entirely different histories.
e4ac56d530 ... 62d3a137b2

4 changed files with 8 additions and 84 deletions
Show Stats Expand all files Collapse all files

8
.vscode/settings.json vendored
View File

@ -1,12 +1,6 @@
{ {
"cSpell.words": [ "cSpell.words": [
"Aeson",
"axios",
"dhall",
"HLINT",
"jquery",
"pandoc", "pandoc",
"photoframe", "photoframe"
"unrecognised"
] ]
} }

2
nixos-apps/default.nix
View File

@ -11,8 +11,6 @@
./fancytypist.com.nix ./fancytypist.com.nix
./hydra.fancyTypist.com.nix ./hydra.fancyTypist.com.nix
./woodpecker.fancyTypist.dev.nix
]; ];
# when in doubt, clear away the certs with # when in doubt, clear away the certs with

14
nixos-apps/fancytypist.com.nix
View File

@ -35,18 +35,18 @@ in
''; '';
}; };
# "fancytypist.dev" = { "fancytypist.dev" = {
# serverAliases = [ "www.fancytypist.dev" ]; serverAliases = [ "www.fancytypist.dev" ];
# extraConfig = '' extraConfig = ''
# reverse_proxy ${HOST}:${toString PORT} reverse_proxy ${HOST}:${toString PORT}
# ''; '';
# }; };
}; };
}; };
systemd.services = { systemd.services = {
fancyTypistDotDev-site = { fancyTypistDotDev-site = {
enable = false; enable = true;
description = "The Haskell Servant executable server that hosts my FancyTypist.dev site."; description = "The Haskell Servant executable server that hosts my FancyTypist.dev site.";
path = with pkgs; [ nix git ]; path = with pkgs; [ nix git ];
script = '' script = ''

68
nixos-apps/woodpecker.fancyTypist.dev.nix
View File

@ -1,68 +0,0 @@
{ config
, ...
}:
let
domain = "woodpecker.fancyTypist.dev";
in
{
# This automatically sets up certificates via let's encrypt
# security.acme.defaults.email = "admin@fancytypist.dev";
# security.acme.acceptTerms = true;
# security.acme.certs."${domain}" = { };
# Setting up a nginx proxy that handles tls for us
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3007";
};
};
};
services.woodpecker-server = {
enable = true;
environment = {
WOODPECKER_HOST = "https://${domain}";
WOODPECKER_SERVER_ADDR = ":3007";
WOODPECKER_OPEN = "true";
};
# You can pass a file with env vars to the system it could look like:
# WOODPECKER_AGENT_SECRET=XXXXXXXXXXXXXXXXXXXXXX
# environmentFile = "/path/to/my/secrets/file";
};
# This sets up a woodpecker agent
services.woodpecker-agents.agents."docker" = {
enable = true;
# We need this to talk to the podman socket
extraGroups = [ "podman" ];
environment = {
WOODPECKER_SERVER = "localhost:9000";
WOODPECKER_MAX_WORKFLOWS = "4";
DOCKER_HOST = "unix:///run/podman/podman.sock";
WOODPECKER_BACKEND = "docker";
};
# Same as with woodpecker-server
# environmentFile = [ "/var/lib/secrets/woodpecker.env" ];
};
# Here we setup podman and enable dns
virtualisation.podman = {
enable = true;
defaultNetwork.settings = {
dns_enabled = true;
};
};
# This is needed for podman to be able to talk over dns
networking.firewall.interfaces."podman0" = {
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ];
};
}