rhelmot
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

blog time

This commit is contained in:
Audrey 2025-04-20 12:54:48 -07:00
parent d8a6cb79cd
commit 1380f1500f
5 changed files with 190 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
configuration.nix
View File

@ -164,7 +164,7 @@ in {
sshKey = "/var/lib/syncoid/.ssh/id_ed25519";
commands."system" = {
source = "system";
target = "backup@home.rhelmot.io:main/backup/daisy/system";
target = "backup@home.rhelmot.io:main/backup/${config.networking.hostName}/system";
# xeni note - option w is weeeeeeeird but the only consequnce is a lack of encryption
#sendOptions = "w";
recursive = true;

42
deploy.nix Normal file
View File

@ -0,0 +1,42 @@
{
flakeInputs,
platform,
site,
}:
let
pkgs = flakeInputs.nixpkgs.legacyPackages.${platform};
lib = pkgs.lib;
mkDeploy = { site, targetPkg, profileName, extraCommands ? "" }: pkgs.substituteAll {
name = "deploy-${profileName}";
src = builtins.toFile "deploy-template" ''
#!@runtimeShell@
set -ex
nix-copy-closure --to @site@ @targetPkg@
ssh @site@ sudo nix-env --set -p /nix/var/nix/profiles/@profileName@ @targetPkg@
@extraCommands@
'';
env = {
inherit site targetPkg profileName extraCommands;
inherit (pkgs) runtimeShell;
};
isExecutable = true;
passthru.site = site;
};
deployments = builtins.map mkDeploy [
{
profileName = "blog-rhelmot-io";
site = "sunflower";
targetPkg = flakeInputs."blog-rhelmot-io".packages.${platform}.blog;
}
];
filteredDeployments = builtins.filter (deployment: deployment.site == site) deployments;
filteredDeploymentsAttrs = builtins.listToAttrs (builtins.map (value: { name = value.profileName; inherit value; }) filteredDeployments);
targetSystem = flakeInputs.self.packages.${platform}.${site}.system;
deployAll = pkgs.writeShellScriptBin "deploy-all-${site}" (''
set -ex
# TODO take advantage of the nixos-rebuild infrastructure
nix-copy-closure --to ${site} ${targetSystem}
ssh ${site} 'sudo nix-env --set -p /nix/var/nix/profiles/system ${targetSystem} && sudo ${targetSystem}/bin/switch-to-configuration switch'
set +e
'' + lib.concatStringsSep "\n" filteredDeployments);
in deployAll // filteredDeploymentsAttrs

85
flake.lock
View File

@ -15,6 +15,49 @@
"type": "github"
}
},
"blog-rhelmot-io": {
"inputs": {
"coricamu": "coricamu",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1745178146,
"narHash": "sha256-O+i/U/cWdhsO0xIjd3EgWJooI7+CsIMPxAhuNKluzso=",
"ref": "refs/heads/main",
"rev": "eb251b99807f1b5ee041755cb313b4880315eff6",
"revCount": 5,
"type": "git",
"url": "https://git.lain.faith/rhelmot/blog.rhelmot.io"
},
"original": {
"type": "git",
"url": "https://git.lain.faith/rhelmot/blog.rhelmot.io"
}
},
"coricamu": {
"inputs": {
"nixpkgs": [
"blog-rhelmot-io",
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1745178120,
"narHash": "sha256-2CQDWkN475WFzYXvUciYhzEn7+UcmR2iLoqZxJq9pcM=",
"owner": "rhelmot",
"repo": "coricamu",
"rev": "b6440b4763a202d727e7a89d8fc3e503c55329f1",
"type": "github"
},
"original": {
"owner": "rhelmot",
"repo": "coricamu",
"type": "github"
}
},
"flake-compat": {
"locked": {
"lastModified": 1733328505,
@ -47,7 +90,7 @@
},
"flake-utils": {
"inputs": {
"systems": "systems"
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
@ -219,11 +262,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1743367904,
"narHash": "sha256-sOos1jZGKmT6xxPvxGQyPTApOunXvScV4lNjBCXd/CI=",
"lastModified": 1744440957,
"narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7ffe0edc685f14b8c635e3d6591b0bbb97365e6c",
"rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d",
"type": "github"
},
"original": {
@ -252,6 +295,7 @@
"root": {
"inputs": {
"bingosync": "bingosync",
"blog-rhelmot-io": "blog-rhelmot-io",
"lix-module": "lix-module",
"nixbsd": "nixbsd",
"nixpkgs": "nixpkgs_2"
@ -271,6 +315,39 @@
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",

5
flake.nix
View File

@ -8,8 +8,10 @@
};
bingosync.url = "github:rhelmot/bingosync";
blog-rhelmot-io.url = "git+https://git.lain.faith/rhelmot/blog.rhelmot.io";
blog-rhelmot-io.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, nixbsd, lix-module, bingosync, ... }: let
outputs = { self, nixpkgs, nixbsd, lix-module, bingosync, ... }@flakeInputs: let
sitesFiles = builtins.readDir ./sites;
sitesNames = builtins.filter (name: builtins.pathExists ./sites/${name}/configuration.nix) (builtins.attrNames sitesFiles);
systemTypes = {
@ -31,6 +33,7 @@
}; in {
inherit (evaluated) config options;
system = evaluated.config.system.build.toplevel;
deploy = import ./deploy.nix { inherit flakeInputs platform; site = name; };
};
}) sitesNames);
in {

111
sites/sunflower/configuration.nix
View File

@ -45,60 +45,73 @@
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."rhelmot.io" = {
default = true;
forceSSL = true;
enableACME = true;
locations."/" = {
root = "/var/www/rhelmot.io/";
virtualHosts = {
"rhelmot.io" = {
default = true;
forceSSL = true;
enableACME = true;
locations."/" = {
root = "/var/www/rhelmot.io/";
};
locations."/secret/" = {
basicAuthFile = "/var/lib/rhelmot.io/secret";
root = "/var/www/rhelmot.io/";
};
};
locations."/secret/" = {
basicAuthFile = "/var/lib/rhelmot.io/secret";
root = "/var/www/rhelmot.io/";
"www.rhelmot.io" = {
globalRedirect = "rhelmot.io";
enableACME = true;
};
"blog.rhelmot.io" = {
forceSSL = true;
enableACME = true;
locations."/" = {
root = "/nix/var/nix/profiles/blog-rhelmot-io";
};
};
"www.blog.rhelmot.io" = {
globalRedirect = "blog.rhelmot.io";
enableACME = true;
};
};
virtualHosts."www.rhelmot.io" = {
globalRedirect = "rhelmot.io";
enableACME = true;
};
virtualHosts."bingosync.rhelmot.io" = {
locations."/" = {
proxyPass = "https://bingosync.com/";
proxyWebsockets = true;
"bingosync.rhelmot.io" = {
locations."/" = {
proxyPass = "https://bingosync.com/";
proxyWebsockets = true;
};
};
# proxy conf generated by services.bingosync
"celestebingo.rhelmot.io" = {
forceSSL = true;
enableACME = true;
};
"sockets-celestebingo.rhelmot.io" = {
forceSSL = true;
enableACME = true;
};
"www.celestebingo.rhelmot.io" = {
globalRedirect = "celestebingo.rhelmot.io";
enableACME = true;
};
};
# proxy conf generated by services.bingosync
virtualHosts."celestebingo.rhelmot.io" = {
forceSSL = true;
enableACME = true;
};
virtualHosts."sockets-celestebingo.rhelmot.io" = {
forceSSL = true;
enableACME = true;
};
virtualHosts."www.celestebingo.rhelmot.io" = {
globalRedirect = "celestebingo.rhelmot.io";
enableACME = true;
};
virtualHosts."minal.rhelmot.io" = {
forceSSL = true;
enableACME = true;
locations."/".root = "/var/www/minal.rhelmot.io/";
};
virtualHosts."www.minal.rhelmot.io" = {
globalRedirect = "minal.rhelmot.io";
enableACME = true;
};
virtualHosts."mimispastrypost.com" = {
forceSSL = true;
enableACME = true;
locations."/".root = "/var/www/mimispastrypost.com/";
};
virtualHosts."www.mimispastrypost.com" = {
globalRedirect = "mimispastrypost.com";
enableACME = true;
"minal.rhelmot.io" = {
forceSSL = true;
enableACME = true;
locations."/".root = "/var/www/minal.rhelmot.io/";
};
"www.minal.rhelmot.io" = {
globalRedirect = "minal.rhelmot.io";
enableACME = true;
};
"mimispastrypost.com" = {
forceSSL = true;
enableACME = true;
locations."/".root = "/var/www/mimispastrypost.com/";
};
"www.mimispastrypost.com" = {
globalRedirect = "mimispastrypost.com";
enableACME = true;
};
};
};
}