diff options
| author | William Carroll <wpcarro@gmail.com> | 2021-12-17T00·12-0500 |
|---|---|---|
| committer | wpcarro <wpcarro@gmail.com> | 2021-12-20T03·09+0000 |
| commit | e879c76778729730fd6041cbccfc474a2a6c3efb (patch) | |
| tree | 6e80c83b4eb13c26bbff8ed7d3ef5d9e971d23b0 /users/wpcarro/nixos/diogenes/default.nix | |
| parent | 9b2259a60ddcf064e8f0b5a2622c085b4e535276 (diff) | |
feat(wpcarro/diogenes): support wpcarro.dev r/3325
TL;DR: - support wpcarro.dev - support blog.wpcarro.dev - journaldriver (need to figure out how to install key.json) Change-Id: I585008b6af74c58bbf831765e800323dabb2272c Reviewed-on: https://cl.tvl.fyi/c/depot/+/4389 Tested-by: BuildkiteCI Reviewed-by: wpcarro <wpcarro@gmail.com>
Diffstat (limited to 'users/wpcarro/nixos/diogenes/default.nix')
| -rw-r--r-- | users/wpcarro/nixos/diogenes/default.nix | 60 |
1 files changed, 58 insertions, 2 deletions
diff --git a/users/wpcarro/nixos/diogenes/default.nix b/users/wpcarro/nixos/diogenes/default.nix index 076261eb50..0f5f78cd3f 100644 --- a/users/wpcarro/nixos/diogenes/default.nix +++ b/users/wpcarro/nixos/diogenes/default.nix @@ -8,7 +8,10 @@ in { (pkgs.path + "/nixos/modules/virtualisation/google-compute-image.nix") ]; - networking.hostName = "diogenes"; + networking = { + hostName = "diogenes"; + firewall.allowedTCPPorts = [ 80 443 ]; + }; # Use the TVL binary cache tvl.cache.enable = true; @@ -32,7 +35,12 @@ in { }; - security.sudo.wheelNeedsPassword = false; + security = { + # Provision SSL certificates to support HTTPS connections. + acme.acceptTerms = true; + acme.email = "wpcarro@gmail.com"; + }; + environment.systemPackages = with pkgs; [ fd @@ -52,6 +60,54 @@ in { maxFreed = 10; # GiB preserveGenerations = "14d"; }; + + journaldriver = { + enable = true; + logStream = "home"; + googleCloudProject = "wpcarros-infrastructure"; + applicationCredentials = "/etc/gcp/key.json"; + }; + + nginx = { + enable = true; + enableReload = true; + + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + + # for journaldriver + commonHttpConfig = '' + log_format json_combined escape=json + '{' + '"remote_addr":"$remote_addr",' + '"method":"$request_method",' + '"host":"$host",' + '"uri":"$request_uri",' + '"status":$status,' + '"request_size":$request_length,' + '"response_size":$body_bytes_sent,' + '"response_time":$request_time,' + '"referrer":"$http_referer",' + '"user_agent":"$http_user_agent"' + '}'; + + access_log syslog:server=unix:/dev/log,nohostname json_combined; + ''; + + virtualHosts = { + "wpcarro.dev" = { + addSSL = true; + enableACME = true; + root = depot.users.wpcarro.website; + }; + "blog.wpcarro.dev" = { + addSSL = true; + enableACME = true; + root = depot.users.wpcarro.website.blog; + }; + }; + }; }; system.stateVersion = "21.11"; |