mariuskimmina.com / nix-hetzner-lab
this repo has no description
fork atom

run hugo

Signed-off-by: Marius Kimmina <mar.kimmina@gmail.com>

Marius Kimmina 5dafaaf0 9f75a182

options
unified split
Changed files
+171 -10
README.md
configuration.nix
flake.lock
flake.nix
result
+6
README.md
··· 1 + # nix-hetzner-lab 2 + 3 + 4 + ``` 5 + nix run nixpkgs#nixos-rebuild -- switch --flake .#hetzner-lab --target-host root@x.x.x.x 6 + ```
+68 -9
configuration.nix
··· 2 2 modulesPath, 3 3 lib, 4 4 pkgs, 5 + homepage, 6 + leaflet-hugo-sync, 5 7 ... 6 - } @ args: 8 + }: 9 + let 10 + leaflet-sync-bin = leaflet-hugo-sync.packages.x86_64-linux.default; 11 + in 7 12 { 8 13 imports = [ 9 14 (modulesPath + "/installer/scan/not-detected.nix") 10 15 (modulesPath + "/profiles/qemu-guest.nix") 11 16 ./disk-config.nix 12 17 ]; 18 + 13 19 boot.loader.grub = { 14 - # no need to set devices, disko will add all devices that have a EF02 partition to the list already 15 - # devices = [ ]; 16 20 efiSupport = true; 17 21 efiInstallAsRemovable = true; 18 22 }; 23 + 19 24 services.openssh.enable = true; 20 25 21 26 virtualisation = { ··· 23 28 podman = { 24 29 enable = true; 25 30 dockerCompat = true; 26 - defaultNetwork.settings.dns_enabled = true; # Required for containers under podman-compose to be able to talk to each other. 31 + defaultNetwork.settings.dns_enabled = true; 27 32 }; 28 33 }; 29 34 ··· 33 38 pkgs.wget 34 39 ]; 35 40 36 - users.users.root.openssh.authorizedKeys.keys = 37 - [ 41 + users.users.root.openssh.authorizedKeys.keys = [ 38 42 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuC5sHe8hegmrgEKntLTArMn/O6m8IOKHxtgAsHHcF1 mar.kimmina@gmail.com" 39 43 ]; 40 44 41 45 users.users.root = { 42 - extraGroups = [ 43 - "podman" 44 - ]; 46 + extraGroups = [ "podman" ]; 47 + }; 48 + 49 + # Homepage build service 50 + systemd.services.homepage-build = { 51 + description = "Build homepage with leaflet-sync"; 52 + after = [ "network-online.target" ]; 53 + wants = [ "network-online.target" ]; 54 + wantedBy = [ "multi-user.target" ]; 55 + 56 + serviceConfig = { 57 + Type = "oneshot"; 58 + RemainAfterExit = true; 59 + StateDirectory = "homepage"; 60 + }; 61 + 62 + path = [ pkgs.hugo leaflet-sync-bin ]; 63 + 64 + script = '' 65 + set -ex 66 + 67 + WORK_DIR=/var/lib/homepage 68 + OUT_DIR=/var/www/homepage 69 + 70 + # Copy source from nix store to writable directory (including hidden files) 71 + rm -rf $WORK_DIR/* 72 + rm -rf $WORK_DIR/.* 2>/dev/null || true 73 + cp -r ${homepage}/. $WORK_DIR/ 74 + chmod -R u+w $WORK_DIR 75 + cd $WORK_DIR 76 + 77 + # Run leaflet-sync (fetches from network) 78 + leaflet-hugo-sync 79 + 80 + # Build hugo site 81 + mkdir -p $OUT_DIR 82 + hugo --minify --destination $OUT_DIR 83 + ''; 45 84 }; 85 + 86 + systemd.tmpfiles.rules = [ 87 + "d /var/www/homepage 0755 root root -" 88 + ]; 89 + 90 + services.nginx = { 91 + enable = true; 92 + virtualHosts."mariuskimmina.com" = { 93 + root = "/var/www/homepage"; 94 + forceSSL = true; 95 + enableACME = true; 96 + }; 97 + }; 98 + 99 + security.acme = { 100 + acceptTerms = true; 101 + defaults.email = "mar.kimmina@gmail.com"; 102 + }; 103 + 104 + networking.firewall.allowedTCPPorts = [ 80 443 ]; 46 105 47 106 system.stateVersion = "24.05"; 48 107 }
+87 -1
flake.lock
··· 20 20 "type": "github" 21 21 } 22 22 }, 23 + "flake-utils": { 24 + "inputs": { 25 + "systems": "systems" 26 + }, 27 + "locked": { 28 + "lastModified": 1731533236, 29 + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", 30 + "owner": "numtide", 31 + "repo": "flake-utils", 32 + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", 33 + "type": "github" 34 + }, 35 + "original": { 36 + "owner": "numtide", 37 + "repo": "flake-utils", 38 + "type": "github" 39 + } 40 + }, 41 + "homepage": { 42 + "flake": false, 43 + "locked": { 44 + "lastModified": 1767816281, 45 + "narHash": "sha256-RUm8cfpypCakOrZYduj/FMczcBxwSNHJGzUIR1+xgAY=", 46 + "owner": "mariuskimmina", 47 + "repo": "homepage", 48 + "rev": "bd88f94bae2c4e900525144ac69bf28916e6536e", 49 + "type": "github" 50 + }, 51 + "original": { 52 + "owner": "mariuskimmina", 53 + "repo": "homepage", 54 + "type": "github" 55 + } 56 + }, 57 + "leaflet-hugo-sync": { 58 + "inputs": { 59 + "flake-utils": "flake-utils", 60 + "nixpkgs": "nixpkgs" 61 + }, 62 + "locked": { 63 + "lastModified": 1767737144, 64 + "narHash": "sha256-RQah7klbquu7TG7xib3+ljZPsPv2Vzqq/TzsSUuYuOY=", 65 + "owner": "mariuskimmina", 66 + "repo": "leaflet-hugo-sync", 67 + "rev": "40e20a13254913ce48dfe8bbfc4125399dc21575", 68 + "type": "github" 69 + }, 70 + "original": { 71 + "owner": "mariuskimmina", 72 + "repo": "leaflet-hugo-sync", 73 + "type": "github" 74 + } 75 + }, 23 76 "nixpkgs": { 24 77 "locked": { 78 + "lastModified": 1767379071, 79 + "narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=", 80 + "owner": "NixOS", 81 + "repo": "nixpkgs", 82 + "rev": "fb7944c166a3b630f177938e478f0378e64ce108", 83 + "type": "github" 84 + }, 85 + "original": { 86 + "owner": "NixOS", 87 + "ref": "nixos-unstable", 88 + "repo": "nixpkgs", 89 + "type": "github" 90 + } 91 + }, 92 + "nixpkgs_2": { 93 + "locked": { 25 94 "lastModified": 1748662220, 26 95 "narHash": "sha256-7gGa49iB9nCnFk4h/g9zwjlQAyjtpgcFkODjcOQS0Es=", 27 96 "owner": "NixOS", ··· 39 108 "root": { 40 109 "inputs": { 41 110 "disko": "disko", 42 - "nixpkgs": "nixpkgs" 111 + "homepage": "homepage", 112 + "leaflet-hugo-sync": "leaflet-hugo-sync", 113 + "nixpkgs": "nixpkgs_2" 114 + } 115 + }, 116 + "systems": { 117 + "locked": { 118 + "lastModified": 1681028828, 119 + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 120 + "owner": "nix-systems", 121 + "repo": "default", 122 + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 123 + "type": "github" 124 + }, 125 + "original": { 126 + "owner": "nix-systems", 127 + "repo": "default", 128 + "type": "github" 43 129 } 44 130 } 45 131 },
+9
flake.nix
··· 2 2 inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; 3 3 inputs.disko.url = "github:nix-community/disko"; 4 4 inputs.disko.inputs.nixpkgs.follows = "nixpkgs"; 5 + 6 + inputs.homepage = { 7 + url = "github:mariuskimmina/homepage"; 8 + flake = false; 9 + }; 10 + inputs.leaflet-hugo-sync.url = "github:mariuskimmina/leaflet-hugo-sync"; 5 11 6 12 outputs = 7 13 { 8 14 nixpkgs, 9 15 disko, 16 + homepage, 17 + leaflet-hugo-sync, 10 18 ... 11 19 }: 12 20 { 13 21 nixosConfigurations.hetzner-lab = nixpkgs.lib.nixosSystem { 14 22 system = "x86_64-linux"; 23 + specialArgs = { inherit homepage leaflet-hugo-sync; }; 15 24 modules = [ 16 25 disko.nixosModules.disko 17 26 ./configuration.nix
+1
result
··· 1 + /nix/store/286x6h9n5bjhhav12lhpr2jl7zj2w680-nixos-system-nixos-25.11.20250531.59138c7