mariuskimmina.com / nix-hetzner-lab
this repo has no description
fork atom

Compare changes

Choose any two refs to compare.

options
unified split
Changed files
+121 -9
.github
workflows
deploy.yaml
README.md
configuration.nix
flake.lock
flake.nix
result
+38
.github/workflows/deploy.yaml
··· 1 + name: Deploy 2 + 3 + on: 4 + workflow_dispatch: 5 + 6 + jobs: 7 + deploy: 8 + runs-on: ubuntu-latest 9 + permissions: 10 + contents: write 11 + steps: 12 + - uses: actions/checkout@v4 13 + 14 + - uses: DeterminateSystems/nix-installer-action@main 15 + - uses: DeterminateSystems/magic-nix-cache-action@main 16 + 17 + - name: Update flake 18 + run: | 19 + nix flake update homepage 20 + git config user.name "github-actions[bot]" 21 + git config user.email "github-actions[bot]@users.noreply.github.com" 22 + git add flake.lock 23 + if git diff --staged --quiet; then 24 + echo "No changes to flake.lock" 25 + else 26 + git commit -m "flake: update homepage" 27 + git push 28 + fi 29 + 30 + - name: Deploy 31 + run: | 32 + mkdir -p ~/.ssh 33 + echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/id_ed25519 34 + chmod 600 ~/.ssh/id_ed25519 35 + ssh-keyscan ${{ secrets.SERVER_IP }} >> ~/.ssh/known_hosts 36 + nix run nixpkgs#nixos-rebuild -- switch \ 37 + --flake .#hetzner-lab \ 38 + --target-host root@${{ secrets.SERVER_IP }}
+6
README.md
··· 1 + # nix-hetzner-lab 2 + 3 + 4 + ``` 5 + nix run nixpkgs#nixos-rebuild -- switch --flake .#hetzner-lab --target-host root@x.x.x.x 6 + ```
+52 -9
configuration.nix
··· 2 2 modulesPath, 3 3 lib, 4 4 pkgs, 5 + homepage, 5 6 ... 6 - } @ args: 7 + }: 7 8 { 8 9 imports = [ 9 10 (modulesPath + "/installer/scan/not-detected.nix") 10 11 (modulesPath + "/profiles/qemu-guest.nix") 11 12 ./disk-config.nix 12 13 ]; 14 + 13 15 boot.loader.grub = { 14 - # no need to set devices, disko will add all devices that have a EF02 partition to the list already 15 - # devices = [ ]; 16 16 efiSupport = true; 17 17 efiInstallAsRemovable = true; 18 18 }; 19 + 19 20 services.openssh.enable = true; 20 21 21 22 virtualisation = { ··· 23 24 podman = { 24 25 enable = true; 25 26 dockerCompat = true; 26 - defaultNetwork.settings.dns_enabled = true; # Required for containers under podman-compose to be able to talk to each other. 27 + defaultNetwork.settings.dns_enabled = true; 27 28 }; 28 29 }; 29 30 ··· 33 34 pkgs.wget 34 35 ]; 35 36 36 - users.users.root.openssh.authorizedKeys.keys = 37 - [ 37 + users.users.root.openssh.authorizedKeys.keys = [ 38 38 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuC5sHe8hegmrgEKntLTArMn/O6m8IOKHxtgAsHHcF1 mar.kimmina@gmail.com" 39 39 ]; 40 40 41 41 users.users.root = { 42 - extraGroups = [ 43 - "podman" 44 - ]; 42 + extraGroups = [ "podman" ]; 43 + }; 44 + 45 + # Build hugo site as a derivation 46 + systemd.services.homepage-build = { 47 + description = "Build homepage"; 48 + wantedBy = [ "multi-user.target" ]; 49 + 50 + serviceConfig = { 51 + Type = "oneshot"; 52 + RemainAfterExit = true; 53 + }; 54 + 55 + script = '' 56 + set -ex 57 + WORK_DIR=$(mktemp -d) 58 + OUT_DIR=/var/www/homepage 59 + 60 + cp -r ${homepage}/. $WORK_DIR/ 61 + chmod -R u+w $WORK_DIR 62 + cd $WORK_DIR 63 + 64 + ${pkgs.hugo}/bin/hugo --minify --destination $OUT_DIR 65 + 66 + rm -rf $WORK_DIR 67 + ''; 45 68 }; 69 + 70 + systemd.tmpfiles.rules = [ 71 + "d /var/www/homepage 0755 root root -" 72 + ]; 73 + 74 + services.nginx = { 75 + enable = true; 76 + virtualHosts."mariuskimmina.com" = { 77 + root = "/var/www/homepage"; 78 + forceSSL = true; 79 + enableACME = true; 80 + }; 81 + }; 82 + 83 + security.acme = { 84 + acceptTerms = true; 85 + defaults.email = "mar.kimmina@gmail.com"; 86 + }; 87 + 88 + networking.firewall.allowedTCPPorts = [ 80 443 ]; 46 89 47 90 system.stateVersion = "24.05"; 48 91 }
+17
flake.lock
··· 20 20 "type": "github" 21 21 } 22 22 }, 23 + "homepage": { 24 + "flake": false, 25 + "locked": { 26 + "lastModified": 1767825440, 27 + "narHash": "sha256-O5rP/5dTaal5rXEQVjm9q2s/5K0xjV8/uSouBs8m+Vo=", 28 + "owner": "mariuskimmina", 29 + "repo": "homepage", 30 + "rev": "8553534308051495d3b724894f92ead8aa118e18", 31 + "type": "github" 32 + }, 33 + "original": { 34 + "owner": "mariuskimmina", 35 + "repo": "homepage", 36 + "type": "github" 37 + } 38 + }, 23 39 "nixpkgs": { 24 40 "locked": { 25 41 "lastModified": 1748662220, ··· 39 55 "root": { 40 56 "inputs": { 41 57 "disko": "disko", 58 + "homepage": "homepage", 42 59 "nixpkgs": "nixpkgs" 43 60 } 44 61 }
+7
flake.nix
··· 2 2 inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; 3 3 inputs.disko.url = "github:nix-community/disko"; 4 4 inputs.disko.inputs.nixpkgs.follows = "nixpkgs"; 5 + 6 + inputs.homepage = { 7 + url = "github:mariuskimmina/homepage"; 8 + flake = false; 9 + }; 5 10 6 11 outputs = 7 12 { 8 13 nixpkgs, 9 14 disko, 15 + homepage, 10 16 ... 11 17 }: 12 18 { 13 19 nixosConfigurations.hetzner-lab = nixpkgs.lib.nixosSystem { 14 20 system = "x86_64-linux"; 21 + specialArgs = { inherit homepage; }; 15 22 modules = [ 16 23 disko.nixosModules.disko 17 24 ./configuration.nix
+1
result
··· 1 + /nix/store/286x6h9n5bjhhav12lhpr2jl7zj2w680-nixos-system-nixos-25.11.20250531.59138c7