Skip to content

Instantly share code, notes, and snippets.

@hhefesto

hhefesto/laurus-nobilis-configuration.nix

Created July 2, 2020 15:23
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save hhefesto/a72b8b9fdae1352c13546030210b61a8 to your computer and use it in GitHub Desktop.
Save hhefesto/a72b8b9fdae1352c13546030210b61a8 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
laurus-nobilis-configuration.nix
{
laurus = {pkgs, ...}:{
networking.firewall.allowedTCPPorts = [ 22 80 5432 587 443 ];
nixpkgs.config = import ~/src/laurus-nobilis/config.nix;
systemd.services.laurus-nobilis =
{ description = "laurus-nobilis";
enable = true;
wantedBy = [ "multi-user.target" "nginx.service" ];
after = [ "network.service" "local-fs.target" ];
environment = {
AANALYZER_STATIC_DIR="${pkgs.configuration-files-aanalyzer}/static";
AANALYZER_PORT="3000";
# AANALYZER_APPROOT="https://aanalyzer.hhefesto.com";
# AANALYZER_APPROOT="https://www.rdata.com.mx";
AANALYZER_APPROOT="https://www.rdataa.com";
};
serviceConfig = {
Type = "simple";
User = "root";
WorkingDirectory = "${pkgs.configuration-files-aanalyzer}";
ExecStart = ''${pkgs.haskellPackages.laurus-nobilis}/bin/laurus-nobilis'';
ExecStop = "";
Restart = "always";
};
};
# security.acme.certs."www.hhefesto.com" = {
# email = "hhefesto@rdataa.com";
# };
security.acme.certs."www.rdataa.com" = {
email = "hhefesto@rdataa.com";
};
services.nginx = {
enable = true;
# virtualHosts."www.hhefesto.com" = {
# enableACME = true;
# forceSSL = true;
# locations = {
# "/" = {
# proxyPass = "http://localhost:3000";
# };
# };
# };
# virtualHosts."hhefesto.com" = {
# enableACME = true;
# forceSSL = true;
# locations = {
# "/" = {
# proxyPass = "http://localhost:3000";
# };
# };
# };
# virtualHosts."aanalyzer.hhefesto.com" = {
# enableACME = true;
# forceSSL = true;
# locations = {
# "/" = {
# proxyPass = "http://localhost:3000";
# };
# };
# };
# virtualHosts."dev.hhefesto.com" = {
# enableACME = true;
# forceSSL = true;
# locations = {
# "/" = {
# proxyPass = "http://localhost:3000";
# };
# };
# };
virtualHosts."www.rdataa.com" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://localhost:3000";
};
};
};
virtualHosts."rdataa.com" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://localhost:3000";
};
};
};
};
services.postgresql = {
enable = true;
package = pkgs.postgresql_11;
enableTCPIP = true;
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all ::1/128 trust
'';
initialScript = pkgs.writeText "backend-initScript" ''
CREATE ROLE analyzer WITH LOGIN PASSWORD 'SOMETHING THAT's NOT THIS';
CREATE DATABASE aanalyzer_yesod;
GRANT ALL PRIVILEGES ON DATABASE aanalyzer_yesod TO analyzer;
'';
};
environment.systemPackages = with pkgs; [
git
msmtp
vim
emacs
];
users.extraUsers.hhefesto = {
createHome = true;
isNormalUser = true;
home = "/home/hhefesto";
description = "Daniel Herrera";
extraGroups = [ "wheel" "networkmanager" "docker" ];
hashedPassword = "$6$/RvS0Se.iCx$A0eA/8PzgMj.Ms9ohNamfu53c9S.zdG30hEmUHLjmWP0CaXTPVA6QxGIZ6fy.abkjSOTJMAq7fFL6LUBGs4BU0";
# shell = pkgs.zsh; #"/run/current-system/sw/bin/bash";
};
};
#medicum = {pkgs, ...}: {
# networking.firewall.allowedTCPPorts = [ 22 80 5432 587 443 ];
# nixpkgs.config = import ~/src/medicum/config.nix;
# systemd.services.medicum =
# { description = "medicum";
# enable = true;
# wantedBy = [ "multi-user.target" "nginx.service" ];
# after = [ "network.service" "local-fs.target" ];
# environment = {
# MEDICUM_STATIC_DIR="${pkgs.configuration-files-medicum}/static";
# MEDICUM_PORT="3001";
# MEDICUM_APPROOT="https://medicum.hhefesto.com";
# };
# serviceConfig = {
# Type = "simple";
# User = "root";
# WorkingDirectory = "${pkgs.configuration-files-medicum}";
# ExecStart = ''${pkgs.haskellPackages.medicum}/bin/medicum'';
# ExecStop = "";
# Restart = "always";
# };
# };
# # security.acme.certs."www.hhefesto.com" = {
# # email = "hhefesto@rdataa.com";
# # };
# services.nginx = {
# enable = true;
# virtualHosts."medicum.hhefesto.com" = {
# enableACME = true;
# forceSSL = true;
# locations = {
# "/" = {
# proxyPass = "http://localhost:3001";
# };
# };
# };
# };
# services.postgresql = {
# enable = true;
# package = pkgs.postgresql_11;
# enableTCPIP = true;
# authentication = pkgs.lib.mkOverride 10 ''
# local all all trust
# host all all ::1/128 trust
# '';
# initialScript = pkgs.writeText "backend-initScript" ''
# CREATE ROLE medicum WITH LOGIN PASSWORD 'MaclovioHerreraCanochupofarosenTamaulipas' CREATEDB;
# CREATE DATABASE medicum;
# GRANT ALL PRIVILEGES ON DATABASE medicum TO medicum;
# '';
# };
# environment.systemPackages = with pkgs; [
# git
# msmtp
# vim
# emacs
# ];
# };
}
Raw
laurus-nobilis-gce.nix
{
laurus =
{ deployment.targetEnv = "gce";
deployment.gce = {
# credentials
project = "laurus-nobilis";
serviceAccount = "laurus-nobilis2@laurus-nobilis.iam.gserviceaccount.com";
accessKey = "~/.ssh/laurus-nobilis-key.json";
# instance properties
region = "us-west2-b";
# instanceType = "n1-standard-1";
instanceType = "g1-small";
tags = ["crazy"];
scheduling.automaticRestart = true;
scheduling.onHostMaintenance = "MIGRATE";
rootDiskSize = 30;
} ;
};
# medicum =
# { deployment.targetEnv = "gce";
# deployment.gce = {
# # credentials
# project = "laurus-nobilis";
# serviceAccount = "laurus-nobilis2@laurus-nobilis.iam.gserviceaccount.com";
# accessKey = "~/.ssh/laurus-nobilis-key.json";
# # instance properties
# region = "us-west2-b";
# instanceType = "g1-small";
# # instanceType = "n1-standard-1";
# tags = ["crazy"];
# scheduling.automaticRestart = true;
# scheduling.onHostMaintenance = "MIGRATE";
# rootDiskSize = 15;
# } ;
# };
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment