Compare commits
2 Commits
5dfa4aaf96
...
e3aed7ec05
Author | SHA1 | Date |
---|---|---|
Joshua Potter | e3aed7ec05 | |
Joshua Potter | fa3999a2a8 |
|
@ -1,5 +1,6 @@
|
|||
keys:
|
||||
- &admin_jrpotter age1huyyxsy4g0e5svmcejxvvdjnnk6qkulgd3qfpue59exnfrnqzudspxnn62
|
||||
- &server_deimos age109zux7z2n5qjzfntvj9u52hr30hkvhecas0hvu9p6ehd9zugxqps4p4g4q
|
||||
- &server_thebe age1pjgqvdyzxz30rxvu3zysjpmxrjjsvklggfepswhmwdaunx0kg3vsfept24
|
||||
- &server_europa age1z0rfzzfll963msxfschxn7m65pz5p8nuz9p3h940mhhfr6uxe5mqpl4dul
|
||||
creation_rules:
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
{ lib, ... }:
|
||||
{ sops-nix, lib, ... }:
|
||||
{
|
||||
imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
|
||||
sops-nix.nixosModules.sops
|
||||
../../digital-ocean/configuration.nix
|
||||
../../services/blog.nix
|
||||
../../services/bookshelf.nix
|
||||
../../services/notebook.nix
|
||||
../../services/portfolio.nix
|
||||
../../services/portfolio
|
||||
];
|
||||
|
||||
networking = {
|
||||
|
|
|
@ -1,21 +0,0 @@
|
|||
{ system, ... }:
|
||||
let
|
||||
blog = builtins.getFlake
|
||||
"github:jrpotter/blog/457bfd6c521d5d8eeb41deb7d5d6a925fd55dda9";
|
||||
in
|
||||
{
|
||||
services.nginx = {
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
|
||||
virtualHosts."blog.jrpotter.com" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
root = blog.packages.${system}.app;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,22 +0,0 @@
|
|||
{ system, ... }:
|
||||
let
|
||||
portfolio = builtins.getFlake
|
||||
"github:jrpotter/portfolio/88457c1f03e467e965654d10998875f3b40a9eb5";
|
||||
in
|
||||
{
|
||||
services.nginx = {
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
|
||||
virtualHosts."www.jrpotter.com" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
serverAliases = [ "jrpotter.com" ];
|
||||
locations."/" = {
|
||||
root = portfolio.packages.${system}.app;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,49 @@
|
|||
{ system, ... }:
|
||||
let
|
||||
portfolio = (
|
||||
builtins.getFlake "github:jrpotter/portfolio/0e507765ed4652836af29747d9c384dd91157ec8"
|
||||
).packages.${system}.app;
|
||||
in
|
||||
{
|
||||
services.nginx = {
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
|
||||
virtualHosts."www.jrpotter.com" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
serverAliases = [ "jrpotter.com" ];
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:4000";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.portfolio = {
|
||||
enable = true;
|
||||
description = "Portfolio Server";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
requires = [ "network-online.target" ];
|
||||
environment = {
|
||||
PHX_HOST = "jrpotter.com";
|
||||
};
|
||||
serviceConfig = {
|
||||
Type = "exec";
|
||||
EnvironmentFile = "/run/secrets/PORTFOLIO_SECRET_KEY_BASE";
|
||||
ExecStart = "${portfolio}/bin/server start";
|
||||
ExecStop = "${portfolio}/bin/server stop";
|
||||
ExecReload = "${portfolio}/bin/server restart";
|
||||
Restart = "on-failure";
|
||||
};
|
||||
};
|
||||
|
||||
sops = {
|
||||
secrets.PORTFOLIO_SECRET_KEY_BASE = {
|
||||
sopsFile = ./secrets.yaml;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,30 @@
|
|||
PORTFOLIO_SECRET_KEY_BASE: ENC[AES256_GCM,data:QaucF6l4KsSysB+Q0Z7N5dwhkcCvjJT5RtAxMpNP3jgYQE1Cn06m7KzZNnsQZ/xczOmv6IRmV/tBau0P3/zBLrwGgOn4C6684dUwoRGaY3Q=,iv:T1iHXsbKXwhJyFDPegaphF2r+mcDPBeRl3cx35y1OhE=,tag:PTArnILaBy6DBGfioIfIww==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1huyyxsy4g0e5svmcejxvvdjnnk6qkulgd3qfpue59exnfrnqzudspxnn62
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKb25BSUxGZDBLd1lOUDRj
|
||||
VVF1b2xUalhzNldNQVB0dnNBMVplSkNwT21rCk92ZTQ0SE1WMGRoN0ZoT0JqTEJi
|
||||
MjZnbHJjSmFnVzhoUUtjKy9RK1c1TDgKLS0tIDZBS0hidXBHN3RwSFc5dEdnNk9V
|
||||
QUdnanR3YWZpbE4yVk90NW80RHFOTW8KR/1t8vkJbBPLnomWjsCVDk98e2U1yGdg
|
||||
ah8vt4wCB80RfV7GK4ey+9RlV6jsZPLiuCbI/O+bkljnxwVenJyiSQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age109zux7z2n5qjzfntvj9u52hr30hkvhecas0hvu9p6ehd9zugxqps4p4g4q
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHOFJTYWVkNk9HYXpibnVY
|
||||
VERHT01GWmYzaVpOWC92WC9hcmpDR2ZKNUE0CnQ1OEd4UGlGUEE0Z0lBZ3B0MXRk
|
||||
bElheVJhZkNLaUZFclhUZitnanEvelkKLS0tIHlNam1ncFFtNzBock5RQ3pNQnRq
|
||||
YXY1Z3F0R2NNeWZ5aU95bm9nOXhCMVkK4wKE+2xJW6NCwP1UkdiRhCp4AfzGblDk
|
||||
c1CrBFSXy1SPNoF1IFovzmXaeBTP/z2lL5V3acle/jUDu6lqiFoThA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-05-18T18:01:36Z"
|
||||
mac: ENC[AES256_GCM,data:W/KwLKfYPjO4U21BeAWc2pXoHrQFvhUzuaBoxD42urTABM4rIRdFyfnZxOWvGONYx625pT0g50PaJQVdl3yKwhw7SrjLPnrB1i/eiGiDrHI1CYaO1JkCab4dVacSia8xu0Kn/A9dEhvh2l1kEafh1q9iplpSlnhhJY9VhHLBOfI=,iv:7JxLYbOgvs1yfeCPkySpcMKvJ1r4Kz+gA6A8P1nku38=,tag:Ql8yaiNFpX9W1irNVWY1RA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
|
@ -1,7 +1,7 @@
|
|||
{ system, pkgs, lib, ... }:
|
||||
let
|
||||
reconn = (
|
||||
builtins.getFlake "git+ssh://forgejo@git.jrpotter.com/r/reconn?rev=14219c713f132846818d6e90e5de3116654e1cb7"
|
||||
builtins.getFlake "git+ssh://forgejo@git.jrpotter.com/r/reconn?rev=d91d4b7fb764251adb6d57575437807700bf1de7"
|
||||
).packages.${system}.app;
|
||||
in
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue