about summary refs log tree commit diff
path: root/users
diff options
context:
space:
mode:
Diffstat (limited to 'users')
-rw-r--r--users/wpcarro/nixos/diogenes/default.nix60
1 files changed, 58 insertions, 2 deletions
diff --git a/users/wpcarro/nixos/diogenes/default.nix b/users/wpcarro/nixos/diogenes/default.nix
index 076261eb5026..0f5f78cd3fdf 100644
--- a/users/wpcarro/nixos/diogenes/default.nix
+++ b/users/wpcarro/nixos/diogenes/default.nix
@@ -8,7 +8,10 @@ in {
     (pkgs.path + "/nixos/modules/virtualisation/google-compute-image.nix")
   ];
 
-  networking.hostName = "diogenes";
+  networking = {
+    hostName = "diogenes";
+    firewall.allowedTCPPorts = [ 80 443 ];
+  };
 
   # Use the TVL binary cache
   tvl.cache.enable = true;
@@ -32,7 +35,12 @@ in {
   };
 
 
-  security.sudo.wheelNeedsPassword = false;
+  security = {
+    # Provision SSL certificates to support HTTPS connections.
+    acme.acceptTerms = true;
+    acme.email = "wpcarro@gmail.com";
+  };
+
 
   environment.systemPackages = with pkgs; [
     fd
@@ -52,6 +60,54 @@ in {
       maxFreed = 10; # GiB
       preserveGenerations = "14d";
     };
+
+    journaldriver = {
+      enable = true;
+      logStream = "home";
+      googleCloudProject = "wpcarros-infrastructure";
+      applicationCredentials = "/etc/gcp/key.json";
+    };
+
+    nginx = {
+      enable = true;
+      enableReload = true;
+
+      recommendedTlsSettings = true;
+      recommendedGzipSettings = true;
+      recommendedProxySettings = true;
+
+      # for journaldriver
+      commonHttpConfig = ''
+        log_format json_combined escape=json
+        '{'
+            '"remote_addr":"$remote_addr",'
+            '"method":"$request_method",'
+            '"host":"$host",'
+            '"uri":"$request_uri",'
+            '"status":$status,'
+            '"request_size":$request_length,'
+            '"response_size":$body_bytes_sent,'
+            '"response_time":$request_time,'
+            '"referrer":"$http_referer",'
+            '"user_agent":"$http_user_agent"'
+        '}';
+
+        access_log syslog:server=unix:/dev/log,nohostname json_combined;
+      '';
+
+      virtualHosts = {
+        "wpcarro.dev" = {
+          addSSL = true;
+          enableACME = true;
+          root = depot.users.wpcarro.website;
+        };
+        "blog.wpcarro.dev" = {
+          addSSL = true;
+          enableACME = true;
+          root = depot.users.wpcarro.website.blog;
+        };
+      };
+    };
   };
 
   system.stateVersion = "21.11";