From e879c76778729730fd6041cbccfc474a2a6c3efb Mon Sep 17 00:00:00 2001
From: William Carroll <wpcarro@gmail.com>
Date: Thu, 16 Dec 2021 19:12:13 -0500
Subject: feat(wpcarro/diogenes): support wpcarro.dev

TL;DR:
- support wpcarro.dev
- support blog.wpcarro.dev
- journaldriver (need to figure out how to install key.json)

Change-Id: I585008b6af74c58bbf831765e800323dabb2272c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4389
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
---
 users/wpcarro/nixos/diogenes/default.nix | 60 ++++++++++++++++++++++++++++++--
 1 file changed, 58 insertions(+), 2 deletions(-)

diff --git a/users/wpcarro/nixos/diogenes/default.nix b/users/wpcarro/nixos/diogenes/default.nix
index 076261eb50..0f5f78cd3f 100644
--- a/users/wpcarro/nixos/diogenes/default.nix
+++ b/users/wpcarro/nixos/diogenes/default.nix
@@ -8,7 +8,10 @@ in {
     (pkgs.path + "/nixos/modules/virtualisation/google-compute-image.nix")
   ];
 
-  networking.hostName = "diogenes";
+  networking = {
+    hostName = "diogenes";
+    firewall.allowedTCPPorts = [ 80 443 ];
+  };
 
   # Use the TVL binary cache
   tvl.cache.enable = true;
@@ -32,7 +35,12 @@ in {
   };
 
 
-  security.sudo.wheelNeedsPassword = false;
+  security = {
+    # Provision SSL certificates to support HTTPS connections.
+    acme.acceptTerms = true;
+    acme.email = "wpcarro@gmail.com";
+  };
+
 
   environment.systemPackages = with pkgs; [
     fd
@@ -52,6 +60,54 @@ in {
       maxFreed = 10; # GiB
       preserveGenerations = "14d";
     };
+
+    journaldriver = {
+      enable = true;
+      logStream = "home";
+      googleCloudProject = "wpcarros-infrastructure";
+      applicationCredentials = "/etc/gcp/key.json";
+    };
+
+    nginx = {
+      enable = true;
+      enableReload = true;
+
+      recommendedTlsSettings = true;
+      recommendedGzipSettings = true;
+      recommendedProxySettings = true;
+
+      # for journaldriver
+      commonHttpConfig = ''
+        log_format json_combined escape=json
+        '{'
+            '"remote_addr":"$remote_addr",'
+            '"method":"$request_method",'
+            '"host":"$host",'
+            '"uri":"$request_uri",'
+            '"status":$status,'
+            '"request_size":$request_length,'
+            '"response_size":$body_bytes_sent,'
+            '"response_time":$request_time,'
+            '"referrer":"$http_referer",'
+            '"user_agent":"$http_user_agent"'
+        '}';
+
+        access_log syslog:server=unix:/dev/log,nohostname json_combined;
+      '';
+
+      virtualHosts = {
+        "wpcarro.dev" = {
+          addSSL = true;
+          enableACME = true;
+          root = depot.users.wpcarro.website;
+        };
+        "blog.wpcarro.dev" = {
+          addSSL = true;
+          enableACME = true;
+          root = depot.users.wpcarro.website.blog;
+        };
+      };
+    };
   };
 
   system.stateVersion = "21.11";
-- 
cgit 1.4.1