forked from Fediversity/Fediversity
60 lines
1.7 KiB
Nix
60 lines
1.7 KiB
Nix
# A simple, hermetic NixOS configuration for an AWS EC2 instance that
|
|
# uses a nixpkgs pinned to a specific Git revision with an integrity
|
|
# hash to ensure that we construct a NixOS system as purely as
|
|
# possible.
|
|
#
|
|
# i.e. we explicitly specify which nixpkgs to use instead of relying
|
|
# on the nixpkgs supplied on the NIX_PATH.
|
|
#
|
|
# The primary benefit of this is that it removes deployment surprises
|
|
# when other developers supply a different nix-channel in the NIX_PATH
|
|
# of their environment (even if you only add the 20.09 channel,
|
|
# nix-channel --update can mutate that channel to a 20.09 with
|
|
# backported changes).
|
|
#
|
|
# The secondary benefit is that you guard the `nixpkgs` you use, with
|
|
# an integrity hash.
|
|
let
|
|
nixpkgs =
|
|
let
|
|
rev = "cd63096d6d887d689543a0b97743d28995bc9bc3";
|
|
sha256 = "1wg61h4gndm3vcprdcg7rc4s1v3jkm5xd7lw8r2f67w502y94gcy";
|
|
in
|
|
builtins.fetchTarball {
|
|
url = "https://github.com/NixOS/nixpkgs/archive/${rev}.tar.gz";
|
|
inherit sha256;
|
|
};
|
|
|
|
system = "x86_64-linux";
|
|
|
|
configuration = { config, pkgs, ... }: {
|
|
imports = [
|
|
"${nixpkgs}/nixos/modules/virtualisation/amazon-image.nix"
|
|
];
|
|
|
|
ec2.hvm = true;
|
|
|
|
networking.firewall.allowedTCPPorts = [ 22 80 ];
|
|
|
|
environment.systemPackages = [
|
|
pkgs.cloud-utils
|
|
];
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
virtualHosts = {
|
|
"_" = {
|
|
root = pkgs.writeTextDir "html/index.html" ''
|
|
<html>
|
|
<body>
|
|
<h1>This is a hermetic NixOS configuration!</h1>
|
|
</body>
|
|
</html>
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
in
|
|
import "${nixpkgs}/nixos" { inherit system configuration; }
|