Fediversity/simple-nixos-fediverse
6
1
Fork 2
Code Issues 21 Pull requests 1 Actions Projects Wiki Activity

Compare commits

base: Fediversity:pixelfed-on-metal-2
Branches Tags
Fediversity:main
Fediversity:pixelfed-on-metal-2
Fediversity:ci
Fediversity:valentin-rebase
..
compare: Fediversity:main
Branches Tags
Fediversity:pixelfed-on-metal-2
Fediversity:main
Fediversity:ci
Fediversity:valentin-rebase

No commits in common. "pixelfed-on-metal-2" and "main" have entirely different histories.
pixelfed-o ... main

2 changed files with 16 additions and 30 deletions
Show stats Expand all files Collapse all files

29
fediversity/garage.nix
View file

@ -14,7 +14,6 @@ let
inherit (builtins) toString; inherit (builtins) toString;
inherit (lib) types mkOption mkEnableOption optionalString concatStringsSep; inherit (lib) types mkOption mkEnableOption optionalString concatStringsSep;
inherit (lib.strings) escapeShellArg; inherit (lib.strings) escapeShellArg;
inherit (lib.attrsets) filterAttrs mapAttrs';
cfg = config.services.garage; cfg = config.services.garage;
fedicfg = config.fediversity.internal.garage; fedicfg = config.fediversity.internal.garage;
concatMapAttrs = scriptFn: attrset: concatStringsSep "\n" (lib.mapAttrsToList scriptFn attrset); concatMapAttrs = scriptFn: attrset: concatStringsSep "\n" (lib.mapAttrsToList scriptFn attrset);
@ -160,23 +159,17 @@ in
}; };
}; };
## Create a proxy from <bucket>.web.garage.<domain> to localhost:3902 for services.nginx.virtualHosts.${fedicfg.web.rootDomain} = {
## each bucket that has `website = true`. forceSSL = true;
services.nginx.virtualHosts = enableACME = true;
let serverAliases = lib.mapAttrsToList (bucket: _: fedicfg.web.domainForBucket bucket) cfg.ensureBuckets; ## TODO: use wildcard certificates?
value = { locations."/" = {
forceSSL = true; proxyPass = "http://localhost:3902";
enableACME = true; extraConfig = ''
locations."/" = { proxy_set_header Host $host;
proxyPass = "http://localhost:3902"; '';
extraConfig = '' };
proxy_set_header Host $host; };
'';
};
};
in mapAttrs'
(bucket: _: {name = fedicfg.web.domainForBucket bucket; inherit value;})
(filterAttrs (_: {website, ...}: website) cfg.ensureBuckets);
systemd.services.ensure-garage = { systemd.services.ensure-garage = {
after = [ "garage.service" ]; after = [ "garage.service" ];

17
vm/garage-vm.nix
View file

@ -1,24 +1,17 @@
{ lib, config, modulesPath, ... }: { lib, config, modulesPath, ... }:
let let
inherit (lib) mkVMOverride mapAttrs' filterAttrs; inherit (lib) mkVMOverride;
cfg = config.services.garage;
fedicfg = config.fediversity.internal.garage; fedicfg = config.fediversity.internal.garage;
in { in {
imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ]; imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ];
services.nginx.virtualHosts = services.nginx.virtualHosts.${fedicfg.web.rootDomain} = {
let forceSSL = mkVMOverride false;
value = { enableACME = mkVMOverride false;
forceSSL = mkVMOverride false; };
enableACME = mkVMOverride false;
};
in mapAttrs'
(bucket: _: {name = fedicfg.web.domainForBucket bucket; inherit value;})
(filterAttrs (_: {website, ...}: website) cfg.ensureBuckets);
virtualisation.diskSize = 2048; virtualisation.diskSize = 2048;
virtualisation.forwardPorts = [ virtualisation.forwardPorts = [