|
|
@ -22,6 +22,7 @@ let
|
|
|
|
php = (import ./presets/nginx/php.nix);
|
|
|
|
php = (import ./presets/nginx/php.nix);
|
|
|
|
cphpApplication = (import ./presets/nginx/cphp-application.nix);
|
|
|
|
cphpApplication = (import ./presets/nginx/cphp-application.nix);
|
|
|
|
reverseProxy = (import ./presets/nginx/reverse-proxy.nix);
|
|
|
|
reverseProxy = (import ./presets/nginx/reverse-proxy.nix);
|
|
|
|
|
|
|
|
letsEncrypt = (import ./presets/nginx/lets-encrypt.nix);
|
|
|
|
};
|
|
|
|
};
|
|
|
|
in {
|
|
|
|
in {
|
|
|
|
network = {
|
|
|
|
network = {
|
|
|
@ -38,17 +39,38 @@ in {
|
|
|
|
./hardware-configurations/machine-haless-03.nix
|
|
|
|
./hardware-configurations/machine-haless-03.nix
|
|
|
|
];
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
|
|
deployment.healthChecks.http = [
|
|
|
|
deployment.healthChecks.http = let
|
|
|
|
{ scheme = "http"; port = 80; path = "/"; host = "todo.cryto.net"; description = "todo.cryto.net is up"; }
|
|
|
|
makeHostChecker = { protocol, port }: host: {
|
|
|
|
{ scheme = "http"; port = 80; path = "/"; host = "books.cryto.net"; description = "books.cryto.net is up"; }
|
|
|
|
scheme = protocol;
|
|
|
|
{ scheme = "http"; port = 80; path = "/"; host = "learn.cryto.net"; description = "learn.cryto.net is up"; }
|
|
|
|
port = port;
|
|
|
|
{ scheme = "http"; port = 80; path = "/"; host = "vps-list.cryto.net"; description = "vps-list.cryto.net is up"; }
|
|
|
|
path = "/";
|
|
|
|
{ scheme = "http"; port = 80; path = "/"; host = "iomfats.cryto.net"; description = "iomfats.cryto.net is up"; }
|
|
|
|
host = host;
|
|
|
|
{ scheme = "http"; port = 80; path = "/"; host = "castleroland.cryto.net"; description = "castleroland.cryto.net is up"; }
|
|
|
|
description = "${host} (${protocol} :${toString port}) is up";
|
|
|
|
{ scheme = "http"; port = 80; path = "/"; host = "awesomedude.cryto.net"; description = "awesomedude.cryto.net is up"; }
|
|
|
|
};
|
|
|
|
|
|
|
|
httpHosts = hosts: map (makeHostChecker { protocol = "http"; port = 80; }) hosts;
|
|
|
|
|
|
|
|
httpsHosts = hosts: map (makeHostChecker { protocol = "https"; port = 443; }) hosts;
|
|
|
|
|
|
|
|
in lib.mkMerge [
|
|
|
|
|
|
|
|
(httpHosts [
|
|
|
|
|
|
|
|
# "haless.cryto.net"
|
|
|
|
|
|
|
|
"todo.cryto.net"
|
|
|
|
|
|
|
|
"books.cryto.net"
|
|
|
|
|
|
|
|
"learn.cryto.net"
|
|
|
|
|
|
|
|
"vps-list.cryto.net"
|
|
|
|
|
|
|
|
"iomfats.cryto.net"
|
|
|
|
|
|
|
|
"castleroland.cryto.net"
|
|
|
|
|
|
|
|
"awesomedude.cryto.net"
|
|
|
|
|
|
|
|
])
|
|
|
|
|
|
|
|
(httpsHosts [
|
|
|
|
|
|
|
|
# "haless.cryto.net"
|
|
|
|
|
|
|
|
"books.cryto.net"
|
|
|
|
|
|
|
|
"vps-list.cryto.net"
|
|
|
|
|
|
|
|
"iomfats.cryto.net"
|
|
|
|
|
|
|
|
"castleroland.cryto.net"
|
|
|
|
|
|
|
|
"awesomedude.cryto.net"
|
|
|
|
|
|
|
|
])
|
|
|
|
];
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
|
|
|
|
|
|
|
|
services.nginx = {
|
|
|
|
services.nginx = {
|
|
|
|
enable = true;
|
|
|
|
enable = true;
|
|
|
@ -59,15 +81,19 @@ in {
|
|
|
|
return 404;
|
|
|
|
return 404;
|
|
|
|
'';
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
"haless.cryto.net" = {
|
|
|
|
"haless.cryto.net" = lib.mkMerge [
|
|
|
|
|
|
|
|
(nginxPresets.letsEncrypt)
|
|
|
|
|
|
|
|
{
|
|
|
|
locations."/shadow" = {
|
|
|
|
locations."/shadow" = {
|
|
|
|
alias = ./sources/shadow-generator;
|
|
|
|
alias = ./sources/shadow-generator;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
locations."/knex-mirror" = {
|
|
|
|
locations."/knex-mirror" = {
|
|
|
|
alias = ./sources/knex-mirror;
|
|
|
|
alias = ./sources/knex-mirror;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
];
|
|
|
|
"books.cryto.net" = lib.mkMerge [
|
|
|
|
"books.cryto.net" = lib.mkMerge [
|
|
|
|
|
|
|
|
(nginxPresets.letsEncrypt)
|
|
|
|
(nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */
|
|
|
|
(nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */
|
|
|
|
{
|
|
|
|
{
|
|
|
|
root = pkgs.stdenv.mkDerivation {
|
|
|
|
root = pkgs.stdenv.mkDerivation {
|
|
|
@ -109,6 +135,7 @@ in {
|
|
|
|
}))
|
|
|
|
}))
|
|
|
|
];
|
|
|
|
];
|
|
|
|
"vps-list.cryto.net" = lib.mkMerge [
|
|
|
|
"vps-list.cryto.net" = lib.mkMerge [
|
|
|
|
|
|
|
|
(nginxPresets.letsEncrypt)
|
|
|
|
(nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */
|
|
|
|
(nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */
|
|
|
|
(nginxPresets.cphpApplication (pkgs.stdenv.mkDerivation {
|
|
|
|
(nginxPresets.cphpApplication (pkgs.stdenv.mkDerivation {
|
|
|
|
name = "vps-list";
|
|
|
|
name = "vps-list";
|
|
|
@ -123,9 +150,18 @@ in {
|
|
|
|
'';
|
|
|
|
'';
|
|
|
|
}))
|
|
|
|
}))
|
|
|
|
];
|
|
|
|
];
|
|
|
|
"iomfats.cryto.net" = nginxPresets.reverseProxy "http://127.0.0.1:3000/";
|
|
|
|
"iomfats.cryto.net" = lib.mkMerge [
|
|
|
|
"castleroland.cryto.net" = nginxPresets.reverseProxy "http://127.0.0.1:3000/";
|
|
|
|
(nginxPresets.letsEncrypt)
|
|
|
|
"awesomedude.cryto.net" = nginxPresets.reverseProxy "http://127.0.0.1:3000/";
|
|
|
|
(nginxPresets.reverseProxy "http://127.0.0.1:3000/")
|
|
|
|
|
|
|
|
];
|
|
|
|
|
|
|
|
"castleroland.cryto.net" = lib.mkMerge [
|
|
|
|
|
|
|
|
(nginxPresets.letsEncrypt)
|
|
|
|
|
|
|
|
(nginxPresets.reverseProxy "http://127.0.0.1:3000/")
|
|
|
|
|
|
|
|
];
|
|
|
|
|
|
|
|
"awesomedude.cryto.net" = lib.mkMerge [
|
|
|
|
|
|
|
|
(nginxPresets.letsEncrypt)
|
|
|
|
|
|
|
|
(nginxPresets.reverseProxy "http://127.0.0.1:3000/")
|
|
|
|
|
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|