mariuskimmina.com / nix-hetzner-lab
this repo has no description
fork atom
nix-hetzner-lab / configuration.nix
at main 1.8 kB view raw
1{ 2 modulesPath, 3 lib, 4 pkgs, 5 homepage, 6 ... 7}: 8{ 9 imports = [ 10 (modulesPath + "/installer/scan/not-detected.nix") 11 (modulesPath + "/profiles/qemu-guest.nix") 12 ./disk-config.nix 13 ]; 14 15 boot.loader.grub = { 16 efiSupport = true; 17 efiInstallAsRemovable = true; 18 }; 19 20 services.openssh.enable = true; 21 22 virtualisation = { 23 containers.enable = true; 24 podman = { 25 enable = true; 26 dockerCompat = true; 27 defaultNetwork.settings.dns_enabled = true; 28 }; 29 }; 30 31 environment.systemPackages = map lib.lowPrio [ 32 pkgs.curl 33 pkgs.gitMinimal 34 pkgs.wget 35 ]; 36 37 users.users.root.openssh.authorizedKeys.keys = [ 38 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuC5sHe8hegmrgEKntLTArMn/O6m8IOKHxtgAsHHcF1 mar.kimmina@gmail.com" 39 ]; 40 41 users.users.root = { 42 extraGroups = [ "podman" ]; 43 }; 44 45 # Build hugo site as a derivation 46 systemd.services.homepage-build = { 47 description = "Build homepage"; 48 wantedBy = [ "multi-user.target" ]; 49 50 serviceConfig = { 51 Type = "oneshot"; 52 RemainAfterExit = true; 53 }; 54 55 script = '' 56 set -ex 57 WORK_DIR=$(mktemp -d) 58 OUT_DIR=/var/www/homepage 59 60 cp -r ${homepage}/. $WORK_DIR/ 61 chmod -R u+w $WORK_DIR 62 cd $WORK_DIR 63 64 ${pkgs.hugo}/bin/hugo --minify --destination $OUT_DIR 65 66 rm -rf $WORK_DIR 67 ''; 68 }; 69 70 systemd.tmpfiles.rules = [ 71 "d /var/www/homepage 0755 root root -" 72 ]; 73 74 services.nginx = { 75 enable = true; 76 virtualHosts."mariuskimmina.com" = { 77 root = "/var/www/homepage"; 78 forceSSL = true; 79 enableACME = true; 80 }; 81 }; 82 83 security.acme = { 84 acceptTerms = true; 85 defaults.email = "mar.kimmina@gmail.com"; 86 }; 87 88 networking.firewall.allowedTCPPorts = [ 80 443 ]; 89 90 system.stateVersion = "24.05"; 91}