joepie91
/
morph-rc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: joepie91:ec6d1a95dc75817de366531b4c4575da23fb23e2
Branches Tags
joepie91:master
...
compare: joepie91:16be86c472cfdeae1cfd2db314122472aeb5e183
Branches Tags
joepie91:master

2 Commits
ec6d1a95dc ... 16be86c472

Author SHA1 Message Date
Sven Slootweg 16be86c472 Now with more TLS! 5 years ago
Sven Slootweg 2212c6446b Remove unnecessary default.nix suffix 5 years ago
2 changed files with 61 additions and 22 deletions
Show Stats

79
configuration/default.nix
Unescape Escape View File

@ -4,11 +4,10 @@ let
(self: super: { (self: super: {
/* NOTE: Namespaced under `pkgs.cryto.*` to prevent naming conflicts with upstream nixpkgs */ /* NOTE: Namespaced under `pkgs.cryto.*` to prevent naming conflicts with upstream nixpkgs */
cryto = { cryto = {
# FIXME: Remove default.nix suffix?
fetchFromCrytoGit = self.callPackage ./lib/fetch/from-cryto-git.nix {}; fetchFromCrytoGit = self.callPackage ./lib/fetch/from-cryto-git.nix {};
nodeApplication = self.callPackage ./lib/node-application.nix {}; nodeApplication = self.callPackage ./lib/node-application.nix {};
unpack = self.callPackage ./lib/unpack.nix {}; unpack = self.callPackage ./lib/unpack.nix {};
mobileProxy = self.callPackage ./packages/mobile-proxy/default.nix { configFile = null; }; mobileProxy = self.callPackage ./packages/mobile-proxy { configFile = null; };
}; };
}) })
]; ];
@ -23,6 +22,7 @@ let
php = (import ./presets/nginx/php.nix); php = (import ./presets/nginx/php.nix);
cphpApplication = (import ./presets/nginx/cphp-application.nix); cphpApplication = (import ./presets/nginx/cphp-application.nix);
reverseProxy = (import ./presets/nginx/reverse-proxy.nix); reverseProxy = (import ./presets/nginx/reverse-proxy.nix);
letsEncrypt = (import ./presets/nginx/lets-encrypt.nix);
}; };
in { in {
network = { network = {
@ -39,17 +39,38 @@ in {
./hardware-configurations/machine-haless-03.nix ./hardware-configurations/machine-haless-03.nix
]; ];
deployment.healthChecks.http = [ deployment.healthChecks.http = let
{ scheme = "http"; port = 80; path = "/"; host = "todo.cryto.net"; description = "todo.cryto.net is up"; } makeHostChecker = { protocol, port }: host: {
{ scheme = "http"; port = 80; path = "/"; host = "books.cryto.net"; description = "books.cryto.net is up"; } scheme = protocol;
{ scheme = "http"; port = 80; path = "/"; host = "learn.cryto.net"; description = "learn.cryto.net is up"; } port = port;
{ scheme = "http"; port = 80; path = "/"; host = "vps-list.cryto.net"; description = "vps-list.cryto.net is up"; } path = "/";
{ scheme = "http"; port = 80; path = "/"; host = "iomfats.cryto.net"; description = "iomfats.cryto.net is up"; } host = host;
{ scheme = "http"; port = 80; path = "/"; host = "castleroland.cryto.net"; description = "castleroland.cryto.net is up"; } description = "${host} (${protocol} :${toString port}) is up";
{ scheme = "http"; port = 80; path = "/"; host = "awesomedude.cryto.net"; description = "awesomedude.cryto.net is up"; } };
httpHosts = hosts: map (makeHostChecker { protocol = "http"; port = 80; }) hosts;
httpsHosts = hosts: map (makeHostChecker { protocol = "https"; port = 443; }) hosts;
in lib.mkMerge [
(httpHosts [
# "haless.cryto.net"
"todo.cryto.net"
"books.cryto.net"
"learn.cryto.net"
"vps-list.cryto.net"
"iomfats.cryto.net"
"castleroland.cryto.net"
"awesomedude.cryto.net"
])
(httpsHosts [
# "haless.cryto.net"
"books.cryto.net"
"vps-list.cryto.net"
"iomfats.cryto.net"
"castleroland.cryto.net"
"awesomedude.cryto.net"
])
]; ];
networking.firewall.allowedTCPPorts = [ 80 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = { services.nginx = {
enable = true; enable = true;
@ -60,15 +81,19 @@ in {
return 404; return 404;
''; '';
}; };
"haless.cryto.net" = { "haless.cryto.net" = lib.mkMerge [
locations."/shadow" = { (nginxPresets.letsEncrypt)
alias = ./sources/shadow-generator; {
}; locations."/shadow" = {
locations."/knex-mirror" = { alias = ./sources/shadow-generator;
alias = ./sources/knex-mirror; };
}; locations."/knex-mirror" = {
}; alias = ./sources/knex-mirror;
};
}
];
"books.cryto.net" = lib.mkMerge [ "books.cryto.net" = lib.mkMerge [
(nginxPresets.letsEncrypt)
(nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */ (nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */
{ {
root = pkgs.stdenv.mkDerivation { root = pkgs.stdenv.mkDerivation {
@ -110,6 +135,7 @@ in {
})) }))
]; ];
"vps-list.cryto.net" = lib.mkMerge [ "vps-list.cryto.net" = lib.mkMerge [
(nginxPresets.letsEncrypt)
(nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */ (nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */
(nginxPresets.cphpApplication (pkgs.stdenv.mkDerivation { (nginxPresets.cphpApplication (pkgs.stdenv.mkDerivation {
name = "vps-list"; name = "vps-list";
@ -124,9 +150,18 @@ in {
''; '';
})) }))
]; ];
"iomfats.cryto.net" = nginxPresets.reverseProxy "http://127.0.0.1:3000/"; "iomfats.cryto.net" = lib.mkMerge [
"castleroland.cryto.net" = nginxPresets.reverseProxy "http://127.0.0.1:3000/"; (nginxPresets.letsEncrypt)
"awesomedude.cryto.net" = nginxPresets.reverseProxy "http://127.0.0.1:3000/"; (nginxPresets.reverseProxy "http://127.0.0.1:3000/")
];
"castleroland.cryto.net" = lib.mkMerge [
(nginxPresets.letsEncrypt)
(nginxPresets.reverseProxy "http://127.0.0.1:3000/")
];
"awesomedude.cryto.net" = lib.mkMerge [
(nginxPresets.letsEncrypt)
(nginxPresets.reverseProxy "http://127.0.0.1:3000/")
];
}; };
}; };

4
configuration/presets/nginx/lets-encrypt.nix
Unescape Escape View File

@ -0,0 +1,4 @@
{
enableACME = true;
forceSSL = true;
}
Write Preview
Loading…
Cancel
Save