-
-
Save Slabity/11e188f931be9150603b747bb539749e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
let | |
region = "us-east-1"; | |
accessKeyId = "personal"; | |
instanceType = "t2.micro"; | |
deployEC2 = resources: { | |
targetEnv = "ec2"; | |
ec2 = { | |
accessKeyId = accessKeyId; | |
region = region; | |
instanceType = instanceType; | |
keyPair = resources.ec2KeyPairs.personal-key; | |
securityGroups = [ "default" "http" "gitea" ]; | |
}; | |
}; | |
nixStoreFS = { | |
autoFormat = true; | |
fsType = "ext4"; | |
device = "/dev/xvdf"; | |
ec2.size = 32; | |
}; | |
securityGroup = { name, port }: { | |
inherit region accessKeyId; | |
name = name; | |
description = name; | |
rules = [ | |
{ | |
fromPort = port; | |
toPort = port; | |
sourceIp = "0.0.0.0/0"; | |
} | |
]; | |
}; | |
in | |
{ | |
network.description = "Personal network"; | |
leafeon = { resources, config, pkgs, ... }: | |
{ | |
deployment = deployEC2 resources; | |
fileSystems."/nix/store" = nixStoreFS; | |
services.gitea = { | |
enable = true; | |
appName = "Leafeon"; | |
}; | |
services.nextcloud = { | |
enable = true; | |
hostName = "nextcloud.tld"; | |
nginx.enable = true; | |
config = { | |
dbtype = "pgsql"; | |
dbuser = "nextcloud"; | |
dbhost = "/tmp"; # nextcloud will add /.s.PGSQL.5432 by itself | |
dbname = "nextcloud"; | |
adminpassFile = "/path/to/admin-pass-file"; | |
adminuser = "root"; | |
}; | |
}; | |
services.postgresql = { | |
enable = true; | |
initialScript = pkgs.writeText "psql-init" '' | |
CREATE ROLE nextcloud WITH LOGIN; | |
CREATE DATABASE nextcloud WITH OWNER nextcloud; | |
''; | |
}; | |
# ensure that postgres is running *before* running the setup | |
systemd.services."nextcloud-setup" = { | |
requires = ["postgresql.service"]; | |
after = ["postgresql.service"]; | |
}; | |
networking.firewall.allowedTCPPorts = [ 80 443 3000 ]; | |
}; | |
resources = { | |
ec2KeyPairs.personal-key = { | |
inherit region accessKeyId; | |
}; | |
ec2SecurityGroups = { | |
http = securityGroup { name = "http"; port = 80; }; | |
https = securityGroup { name = "https"; port = 443; }; | |
gitea = securityGroup { name = "gitea"; port = 3000; }; | |
}; | |
}; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment