mariuskimmina.com / nix-hetzner-lab
this repo has no description
fork atom
nix-hetzner-lab / configuration.nix
at 5dafaaf0278684cda67a0aab32561a74a22a2cd3 2.3 kB view raw
1{ 2 modulesPath, 3 lib, 4 pkgs, 5 homepage, 6 leaflet-hugo-sync, 7 ... 8}: 9let 10 leaflet-sync-bin = leaflet-hugo-sync.packages.x86_64-linux.default; 11in 12{ 13 imports = [ 14 (modulesPath + "/installer/scan/not-detected.nix") 15 (modulesPath + "/profiles/qemu-guest.nix") 16 ./disk-config.nix 17 ]; 18 19 boot.loader.grub = { 20 efiSupport = true; 21 efiInstallAsRemovable = true; 22 }; 23 24 services.openssh.enable = true; 25 26 virtualisation = { 27 containers.enable = true; 28 podman = { 29 enable = true; 30 dockerCompat = true; 31 defaultNetwork.settings.dns_enabled = true; 32 }; 33 }; 34 35 environment.systemPackages = map lib.lowPrio [ 36 pkgs.curl 37 pkgs.gitMinimal 38 pkgs.wget 39 ]; 40 41 users.users.root.openssh.authorizedKeys.keys = [ 42 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuC5sHe8hegmrgEKntLTArMn/O6m8IOKHxtgAsHHcF1 mar.kimmina@gmail.com" 43 ]; 44 45 users.users.root = { 46 extraGroups = [ "podman" ]; 47 }; 48 49 # Homepage build service 50 systemd.services.homepage-build = { 51 description = "Build homepage with leaflet-sync"; 52 after = [ "network-online.target" ]; 53 wants = [ "network-online.target" ]; 54 wantedBy = [ "multi-user.target" ]; 55 56 serviceConfig = { 57 Type = "oneshot"; 58 RemainAfterExit = true; 59 StateDirectory = "homepage"; 60 }; 61 62 path = [ pkgs.hugo leaflet-sync-bin ]; 63 64 script = '' 65 set -ex 66 67 WORK_DIR=/var/lib/homepage 68 OUT_DIR=/var/www/homepage 69 70 # Copy source from nix store to writable directory (including hidden files) 71 rm -rf $WORK_DIR/* 72 rm -rf $WORK_DIR/.* 2>/dev/null || true 73 cp -r ${homepage}/. $WORK_DIR/ 74 chmod -R u+w $WORK_DIR 75 cd $WORK_DIR 76 77 # Run leaflet-sync (fetches from network) 78 leaflet-hugo-sync 79 80 # Build hugo site 81 mkdir -p $OUT_DIR 82 hugo --minify --destination $OUT_DIR 83 ''; 84 }; 85 86 systemd.tmpfiles.rules = [ 87 "d /var/www/homepage 0755 root root -" 88 ]; 89 90 services.nginx = { 91 enable = true; 92 virtualHosts."mariuskimmina.com" = { 93 root = "/var/www/homepage"; 94 forceSSL = true; 95 enableACME = true; 96 }; 97 }; 98 99 security.acme = { 100 acceptTerms = true; 101 defaults.email = "mar.kimmina@gmail.com"; 102 }; 103 104 networking.firewall.allowedTCPPorts = [ 80 443 ]; 105 106 system.stateVersion = "24.05"; 107}