From 057174d7f1ef161178d8606cadcb9b8129af3160 Mon Sep 17 00:00:00 2001 From: Ivan Bushchik Date: Thu, 7 Sep 2023 20:19:06 +0300 Subject: [PATCH] Now hosting fully ivabus.dev --- common/base.nix | 2 +- common/networking.nix | 4 ++-- machines/celerrime/default.nix | 2 +- machines/example/default.nix | 2 ++ machines/rubusidaeus/default.nix | 2 +- pkgs/ivabus-dev.nix | 2 +- roles/server/ivabus-dev.nix | 4 +++- roles/server/nginx.nix | 6 ++++++ 8 files changed, 17 insertions(+), 7 deletions(-) diff --git a/common/base.nix b/common/base.nix index bcb9576..49e3e1c 100644 --- a/common/base.nix +++ b/common/base.nix @@ -30,7 +30,7 @@ curl usbutils pciutils - (uutils-coreutils.override { prefix = ""; }) + coreutils-full killall git git-crypt diff --git a/common/networking.nix b/common/networking.nix index 75ced12..abc4680 100644 --- a/common/networking.nix +++ b/common/networking.nix @@ -17,7 +17,7 @@ # Used by systemd-resolved, not directly by resolv.conf. networking.nameservers = - [ "8.8.8.8#dns.google" "1.0.0.1#cloudflare-dns.com" ]; + [ "1.0.0.1#cloudflare-dns.com" "8.8.8.8#dns.google" ]; networking.enableIPv6 = true; @@ -34,7 +34,7 @@ }; }; - services.chrony.enable = true; + services.ntp.enable = true; networking.timeServers = [ "ntp1.vniiftri.ru" "0.ru.pool.ntp.org" "0.pool.ntp.org" ]; diff --git a/machines/celerrime/default.nix b/machines/celerrime/default.nix index 319c9a5..bbfbd8a 100644 --- a/machines/celerrime/default.nix +++ b/machines/celerrime/default.nix @@ -24,7 +24,7 @@ in { virtualisation.enable = false; yggdrasil-client.enable = true; - server = { ivabus-dev.enable = true; }; + server = { ivabus-dev.enable = false; }; }; networking.useDHCP = true; diff --git a/machines/example/default.nix b/machines/example/default.nix index bfc2406..5c774dc 100644 --- a/machines/example/default.nix +++ b/machines/example/default.nix @@ -26,6 +26,8 @@ in { torrent.enable = true; virtualisation.enable = true; yggdrasil-client.enable = true; + + server = { ivabus-dev.enable = true; }; }; networking.useDHCP = true; diff --git a/machines/rubusidaeus/default.nix b/machines/rubusidaeus/default.nix index 632d091..e36ced6 100644 --- a/machines/rubusidaeus/default.nix +++ b/machines/rubusidaeus/default.nix @@ -15,7 +15,7 @@ in { graphical.enable = false; latex.enable = false; media-client.enable = false; - ntp-server.enable = true; + ntp-server.enable = false; torrent.enable = false; virtualisation.enable = false; yggdrasil-client.enable = true; diff --git a/pkgs/ivabus-dev.nix b/pkgs/ivabus-dev.nix index bbca9d0..7fb48be 100644 --- a/pkgs/ivabus-dev.nix +++ b/pkgs/ivabus-dev.nix @@ -1,6 +1,6 @@ { pkgs ? import { }, bundlerEnv, ... }: let - version = "130812885aee9f2e0a5f6a4b534a3b6b68431554"; + version = "8a9a1364bc2111ea4889134f8ca18f10699f26ef"; repo = builtins.fetchGit { url = "https://github.com/ivabus/website"; rev = version; diff --git a/roles/server/ivabus-dev.nix b/roles/server/ivabus-dev.nix index dd56b48..9895b3b 100644 --- a/roles/server/ivabus-dev.nix +++ b/roles/server/ivabus-dev.nix @@ -7,7 +7,9 @@ in { my.roles.server.nginx.enable = true; services.nginx = { virtualHosts."ivabus.dev" = { - # i don't want to call package like this + forceSSL = true; + enableACME = true; + root = pkgs.callPackage ../../pkgs/ivabus-dev.nix { }; extraConfig = '' diff --git a/roles/server/nginx.nix b/roles/server/nginx.nix index 163e3a2..848f01c 100644 --- a/roles/server/nginx.nix +++ b/roles/server/nginx.nix @@ -12,5 +12,11 @@ in { recommendedProxySettings = true; recommendedTlsSettings = true; }; + + security.acme = { + acceptTerms = true; + defaults.email = "ivabus@ivabus.dev"; + }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; }; }