diff options
Diffstat (limited to 'infra/nixos/tazserve.nix')
-rw-r--r-- | infra/nixos/tazserve.nix | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/infra/nixos/tazserve.nix b/infra/nixos/tazserve.nix new file mode 100644 index 000000000000..8fbb950b0d4c --- /dev/null +++ b/infra/nixos/tazserve.nix @@ -0,0 +1,106 @@ +{ pkgs, config, ... }: + +with pkgs; let blogSource = fetchgit { + url = "https://git.tazj.in/tazjin/tazblog.git"; + sha256 = "0m745vb8k6slzdsld63rbfg583k70q3g6i5lz576sccalkg0r2l2"; + rev = "aeeb11f1b76729115c4db98f419cbcda1a0f7660"; +}; +tazblog = import ./tazblog { inherit blogSource; }; +blog = tazblog.tazblog; +blogConfig = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8000"; + }; +}; +gemma = import ./pkgs/gemma.nix { inherit pkgs; }; +gemmaConfig = writeTextFile { + name = "config.lisp"; + text = builtins.readFile ./gemma-config.lisp; +}; +in { + # Ensure that blog software is installed + environment.systemPackages = [ + blog + blogSource + ]; + + # Set up database unit + systemd.services.tazblog-db = { + description = "Database engine for Tazblog"; + script = "${blog}/bin/tazblog-db"; + serviceConfig.restart = "always"; + wantedBy = [ "multi-user.target" ]; + }; + + # Set up blog unit + systemd.services.tazblog = { + description = "Tazjin's blog engine"; + script = "${blog}/bin/tazblog --resourceDir ${blogSource}/static"; + serviceConfig.restart = "always"; + requires = [ "tazblog-db.service" ]; + wantedBy = [ "multi-user.target" ]; + }; + + # Set up Gogs + services.gogs = { + enable = true; + appName = "Gogs: tazjin's private code"; + cookieSecure = true; + domain = "git.tazj.in"; + rootUrl = "https://git.tazj.in/"; + extraConfig = '' + [log] + ROOT_PATH = /var/lib/gogs/log + ''; + }; + + # Set up Gemma + systemd.services.gemma = { + description = "Recurring task tracking app"; + script = "${gemma}/bin/gemma"; + serviceConfig.Restart = "always"; + wantedBy = [ "multi-user.target" ]; + + environment = { + GEMMA_CONFIG = "${gemmaConfig}"; + }; + }; + + # Set up reverse proxy + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedProxySettings = true; + + # Blog! + virtualHosts."tazj.in" = blogConfig; + virtualHosts."www.tazj.in" = blogConfig; + + # Git! + virtualHosts."git.tazj.in" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:3000"; + }; + }; + + # oslo.pub redirect + virtualHosts."oslo.pub" = { + enableACME = true; + forceSSL = true; + extraConfig = "return 302 https://www.google.com/maps/d/viewer?mid=1pJIYY9cuEdt9DuMTbb4etBVq7hs;"; + }; + + # Gemma demo instance! + virtualHosts."gemma.tazj.in" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:4242"; + }; + }; + }; +} |