Slabity/default.nix Secret

## default.nix
let
  region = "us-east-1";
  accessKeyId = "personal";
  instanceType = "t2.micro";

  deployEC2 = resources: {
    targetEnv = "ec2";
    ec2 = {
      accessKeyId = accessKeyId;
      region = region;
      instanceType = instanceType;
      keyPair = resources.ec2KeyPairs.personal-key;
      securityGroups = [ "default" "http" "gitea" ];
    };
  };

  nixStoreFS = {
    autoFormat = true;
    fsType = "ext4";
    device = "/dev/xvdf";
    ec2.size = 32;
  };

  securityGroup = { name, port }: {
    inherit region accessKeyId;
    name = name;
    description = name;
    rules = [
      {
        fromPort = port;
        toPort = port;
        sourceIp = "0.0.0.0/0";
      }
    ];
  };
in
{
  network.description = "Personal network";

  leafeon = { resources, config, pkgs, ... }:
  {
    deployment = deployEC2 resources;
    fileSystems."/nix/store" = nixStoreFS;

    services.gitea = {
      enable = true;
      appName = "Leafeon";
    };

    services.nextcloud = {
      enable = true;
      hostName = "nextcloud.tld";
      nginx.enable = true;
      config = {
        dbtype = "pgsql";
        dbuser = "nextcloud";
        dbhost = "/tmp"; # nextcloud will add /.s.PGSQL.5432 by itself
        dbname = "nextcloud";
        adminpassFile = "/path/to/admin-pass-file";
        adminuser = "root";
      };
    };


    services.postgresql = {
      enable = true;
      initialScript = pkgs.writeText "psql-init" ''
        CREATE ROLE nextcloud WITH LOGIN;
        CREATE DATABASE nextcloud WITH OWNER nextcloud;
      '';
    };

    # ensure that postgres is running *before* running the setup
    systemd.services."nextcloud-setup" = {
      requires = ["postgresql.service"];
      after = ["postgresql.service"];
    };

    networking.firewall.allowedTCPPorts = [ 80 443 3000 ];
  };

  resources = {
    ec2KeyPairs.personal-key = {
      inherit region accessKeyId;
    };

    ec2SecurityGroups = {
      http = securityGroup { name = "http"; port = 80; };
      https = securityGroup { name = "https"; port = 443; };
      gitea = securityGroup { name = "gitea"; port = 3000; };
    };
  };
}
	let
	region = "us-east-1";
	accessKeyId = "personal";
	instanceType = "t2.micro";

	deployEC2 = resources: {
	targetEnv = "ec2";
	ec2 = {
	accessKeyId = accessKeyId;
	region = region;
	instanceType = instanceType;
	keyPair = resources.ec2KeyPairs.personal-key;
	securityGroups = [ "default" "http" "gitea" ];
	};
	};

	nixStoreFS = {
	autoFormat = true;
	fsType = "ext4";
	device = "/dev/xvdf";
	ec2.size = 32;
	};

	securityGroup = { name, port }: {
	inherit region accessKeyId;
	name = name;
	description = name;
	rules = [
	{
	fromPort = port;
	toPort = port;
	sourceIp = "0.0.0.0/0";
	}
	];
	};
	in
	{
	network.description = "Personal network";

	leafeon = { resources, config, pkgs, ... }:
	{
	deployment = deployEC2 resources;
	fileSystems."/nix/store" = nixStoreFS;

	services.gitea = {
	enable = true;
	appName = "Leafeon";
	};

	services.nextcloud = {
	enable = true;
	hostName = "nextcloud.tld";
	nginx.enable = true;
	config = {
	dbtype = "pgsql";
	dbuser = "nextcloud";
	dbhost = "/tmp"; # nextcloud will add /.s.PGSQL.5432 by itself
	dbname = "nextcloud";
	adminpassFile = "/path/to/admin-pass-file";
	adminuser = "root";
	};
	};


	services.postgresql = {
	enable = true;
	initialScript = pkgs.writeText "psql-init" ''
	CREATE ROLE nextcloud WITH LOGIN;
	CREATE DATABASE nextcloud WITH OWNER nextcloud;
	'';
	};

	# ensure that postgres is running before running the setup
	systemd.services."nextcloud-setup" = {
	requires = ["postgresql.service"];
	after = ["postgresql.service"];
	};

	networking.firewall.allowedTCPPorts = [ 80 443 3000 ];
	};

	resources = {
	ec2KeyPairs.personal-key = {
	inherit region accessKeyId;
	};

	ec2SecurityGroups = {
	http = securityGroup { name = "http"; port = 80; };
	https = securityGroup { name = "https"; port = 443; };
	gitea = securityGroup { name = "gitea"; port = 3000; };
	};
	};
	}