auth and git

fili/services/websites/default.nix

@@ -0,0 +1,9 @@
+_: {
+  imports = [
+    ./reviewqueue.nix
+    ./homepage.nix
+    ./totpal.nix
+    ./harmonica-tabs.nix
+    ./mapf.nix
+  ];
+}

fili/services/websites/harmonica-tabs.nix

@@ -0,0 +1,29 @@
+{ pkgs, flakes, ... }:
+{
+  services.nginx = {
+    virtualHosts."harmonica.donsz.nl" = {
+      forceSSL = true;
+      http2 = true;
+      enableACME = true;
+
+      locations."/" = {
+        proxyPass = "http://[::1]:42424";
+      };
+    };
+  };
+
+  systemd.services.harmonica-tabs = {
+    description = "harmonica tabs";
+
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+    restartIfChanged = true;
+
+    serviceConfig = {
+      DynamicUser = true;
+      ExecStart = "${flakes.harmonica.packages.${pkgs.system}.default}/bin/services";
+      WorkingDirectory = "${flakes.harmonica.packages.${pkgs.system}.default}";
+      Restart = "always";
+    };
+  };
+}

fili/services/websites/homepage.nix

@@ -0,0 +1,22 @@
+{flakes, pkgs, ...}: {
+  services.nginx = {
+    virtualHosts."donsz.nl" = {
+      forceSSL = true;
+      http2 = true;
+      enableACME = true;
+
+      locations."/" = {
+        root = flakes.homepage.packages.${pkgs.system}.website;
+      };
+    };
+    virtualHosts."jdonszelmann.nl" = {
+      forceSSL = true;
+      http2 = true;
+      enableACME = true;
+
+      locations."/" = {
+        root = flakes.homepage.packages.${pkgs.system}.website;
+      };
+    };
+  };
+}

fili/services/websites/mapf.nix

@@ -0,0 +1,29 @@
+{flakes,...}: {
+  # imports = [
+  #   flakes.mapf.nixosModules.default
+  # ];
+
+  sops.secrets.mapf = {
+    sopsFile = ../../../secrets/mapf-prod.env;
+  };
+
+  services.nginx = {
+    virtualHosts."mapf.donsz.nl" = {
+      forceSSL = true;
+      http2 = true;
+      enableACME = true;
+
+      locations."/" = {
+        proxyPass = "http://[::1]:8080";
+      };
+    };
+  };
+
+  # donsz.services.mapf = {
+  #   enable = true;
+  #   envfile = "/run/secrets/sops/mapf";
+  #   db_name = "mapfprod";
+  #   db_user = "mapfprod";
+  #   db_password = "";
+  # };
+}

fili/services/websites/reviewqueue.nix

@@ -0,0 +1,38 @@
+{ pkgs, flakes, ... }:
+{
+  sops.secrets.reviewqueue = {
+    sopsFile = ../../../secrets/reviewqueue.env;
+  };
+
+  services.nginx = {
+    virtualHosts."queue.donsz.nl" = {
+      forceSSL = true;
+      http2 = true;
+      enableACME = true;
+
+      locations."/" = {
+        proxyPass = "http://[::1]:3000";
+      };
+    };
+  };
+
+  systemd.services.reviewqueue = {
+    description = "Review Queue";
+
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ]; # if networking is needed
+
+    restartIfChanged = true; # set to false, if restarting is problematic
+
+    serviceConfig = {
+      ExecStart = "${flakes.reviewqueue.packages.${pkgs.system}.default}/bin/reviewqueue";
+      Restart = "always";
+      EnvironmentFile = "/run/secrets/reviewqueue";
+      StateDirectory = "/var/lib/reviewqueue";
+    };
+
+    environment = {
+      DB_PATH = "/var/lib/reviewqueue/db.sqlite";
+    };
+  };
+}

fili/services/websites/totpal.nix

@@ -0,0 +1,28 @@
+{ flakes, pkgs,... }:
+let
+  totpal =
+    flakes.totpal.packages.${pkgs.system}.default
+  ;
+in
+{
+  services.nginx = {
+    virtualHosts."totpal.donsz.nl" = {
+      forceSSL = true;
+      http2 = true;
+      enableACME = true;
+
+      locations."/" = {
+        proxyPass = "http://[::1]:2442";
+      };
+    };
+  };
+
+  systemd.services.totpal =
+    {
+      description = "totpal";
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = "${totpal}/bin/totpal";
+      };
+    };
+}