50 lines
1.2 KiB
Nix
50 lines
1.2 KiB
Nix
{ system, ... }:
|
|
let
|
|
portfolio = (
|
|
builtins.getFlake "github:jrpotter/portfolio/0e507765ed4652836af29747d9c384dd91157ec8"
|
|
).packages.${system}.app;
|
|
in
|
|
{
|
|
services.nginx = {
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
|
|
virtualHosts."www.jrpotter.com" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
serverAliases = [ "jrpotter.com" ];
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:4000";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
systemd.services.portfolio = {
|
|
enable = true;
|
|
description = "Portfolio Server";
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [ "network.target" ];
|
|
requires = [ "network-online.target" ];
|
|
environment = {
|
|
PHX_HOST = "jrpotter.com";
|
|
};
|
|
serviceConfig = {
|
|
Type = "exec";
|
|
EnvironmentFile = "/run/secrets/PORTFOLIO_SECRET_KEY_BASE";
|
|
ExecStart = "${portfolio}/bin/server start";
|
|
ExecStop = "${portfolio}/bin/server stop";
|
|
ExecReload = "${portfolio}/bin/server restart";
|
|
Restart = "on-failure";
|
|
};
|
|
};
|
|
|
|
sops = {
|
|
secrets.PORTFOLIO_SECRET_KEY_BASE = {
|
|
sopsFile = ./secrets.yaml;
|
|
};
|
|
};
|
|
}
|