jana/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

switch to cap based home configs

Browse source
This commit is contained in:
Jana Dönszelmann 2026-01-20 16:57:10 +01:00
parent 50ee9aac83
commit 49b6f5bde0
No known key found for this signature in database
64 changed files with 2064 additions and 1779 deletions
Download patch file Download diff file Expand all files Collapse all files

14
hosts/fili/services/websites/compiler-construction-2021.nix Normal file
View file

@ -0,0 +1,14 @@
{ pkgs, flakes, ... }:
{
services.nginx = {
virtualHosts."compiler-construction-2021.donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
root = flakes.compiler-construction-2021.packages.${pkgs.system}.website;
};
};
};
}

12
hosts/fili/services/websites/default.nix Normal file
View file

@ -0,0 +1,12 @@
_: {
imports = [
./reviewqueue.nix
./homepage.nix
./totpal.nix
./harmonica-tabs.nix
./mapf.nix
./compiler-construction-2021.nix
./mapfm-poster.nix
./money-is-fckn-gay.nix
];
}

29
hosts/fili/services/websites/harmonica-tabs.nix Normal file
View file

@ -0,0 +1,29 @@
{ pkgs, flakes, ... }:
{
services.nginx = {
virtualHosts."harmonica.donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
proxyPass = "http://[::1]:42424";
};
};
};
systemd.services.harmonica-tabs = {
description = "harmonica tabs";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
restartIfChanged = true;
serviceConfig = {
DynamicUser = true;
ExecStart = "${flakes.harmonica.packages.${pkgs.system}.default}/bin/services";
WorkingDirectory = "${flakes.harmonica.packages.${pkgs.system}.default}";
Restart = "always";
};
};
}

48
hosts/fili/services/websites/homepage.nix Normal file
View file

@ -0,0 +1,48 @@
{ flakes, pkgs, ... }:
{
services.nginx = {
virtualHosts."donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
root = "${flakes.homepage.packages.${pkgs.system}.website}";
};
};
virtualHosts."blog.donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/".return = "301 https://donsz.nl/blog";
};
virtualHosts."gay.donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
root = "${flakes.homepage.packages.${pkgs.system}.website-gay}";
};
};
virtualHosts."jana.is.fckn.gay" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
root = "${flakes.homepage.packages.${pkgs.system}.website-gay}";
};
};
virtualHosts."jdonszelmann.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
root = "${flakes.homepage.packages.${pkgs.system}.website}";
};
};
};
}

51
hosts/fili/services/websites/mapf.nix Normal file
View file

@ -0,0 +1,51 @@
{
config,
flakes,
pkgs,
secrets,
...
}:
{
sops.secrets.mapf = {
sopsFile = "${secrets}/mapf-prod.env";
};
services.nginx = {
virtualHosts."mapf.donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
proxyPass = "http://[::1]:8080";
};
};
};
systemd.services.mapf-server =
let
package = flakes.mapf.packages.${pkgs.system}.default;
in
{
description = "mapf-server";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
DynamicUser = "yes";
ExecStart = "${package}/mapf_server_bin";
Restart = "on-failure";
RestartSec = "5s";
EnvironmentFile = config.sops.secrets.mapf.path;
WorkingDirectory = "${package}";
};
environment = {
MAPF_TEMPLATEFOLDER = "${package}/templates";
MAPF_DBUSER = "mapfprod";
MAPF_DBPASSWORD = "";
MAPF_DBPORT = "3306";
MAPF_DBHOST = "localhost";
MAPF_DBDATABASE = "mapfprod";
};
};
}

26
hosts/fili/services/websites/mapfm-poster.nix Normal file
View file

@ -0,0 +1,26 @@
{ pkgs, ... }:
{
services.nginx.virtualHosts."mapfm-poster.donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
root = pkgs.stdenv.mkDerivation rec {
pname = "research-project-poster";
version = "2021-06-27";
src = pkgs.fetchFromGitHub {
owner = "jdonszelmann";
repo = "research-project";
rev = "f1c0c5d839197f825b555780271781281ba10ac3";
sha256 = "sha256-YJxcLRABU3yRS/U/XNLpTIXtve0cFfnwPKr+1oY0HeY=";
};
installPhase = ''
mkdir -p $out
cp -r assets/final_poster/* $out
'';
};
};
};
}

86
hosts/fili/services/websites/money-is-fckn-gay.nix Normal file
View file

@ -0,0 +1,86 @@
{
pkgs,
flakes,
...
}:
let
mifg-config = api-url: api-port: public-url: service-name: {
nginx = {
virtualHosts."${api-url}" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString api-port}";
proxyWebsockets = true;
};
};
virtualHosts."${public-url}" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
root = flakes.mifg.packages.${pkgs.system}.frontend.override {
api_base_url = "https://${api-url}";
};
tryFiles = "$uri $uri/ /index.html";
};
};
};
service = {
description = "money is fckn gay";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
restartIfChanged = true;
serviceConfig = {
ExecStart = "${flakes.mifg.packages.${pkgs.system}.backend}/bin/backend";
Restart = "always";
# EnvironmentFile = "/run/secrets/reviewqueue";
StateDirectory = "${service-name}";
};
environment = {
MIFG_DATABASE_LOCATION = "/var/lib/${service-name}/db.sqlite";
MIFG_FRONTEND_ORIGIN = "https://${public-url}";
MIFG_PORT = toString api-port;
LD_LIBRARY_PATH =
with pkgs;
lib.makeLibraryPath [
openssl
sqlite
];
};
};
};
real = (mifg-config "api.money.is.fckn.gay" 11009 "money.is.fckn.gay" "money");
staging = (mifg-config "api.money-staging.donsz.nl" 11010 "money-staging.donsz.nl" "money-staging");
lib = pkgs.lib;
in
{
services.nginx = lib.mkMerge [
real.nginx
staging.nginx
];
systemd.services.money = real.service;
systemd.services.money-staging = lib.mkMerge [
staging.service
{
serviceConfig.ExecStartPre = "${(pkgs.writeShellScriptBin "setup-staging" ''
REAL_DB_LOCATION="/var/lib/money/"
STAGING_DB_LOCATION="/var/lib/money-staging/"
echo "$REAL_DB_LOCATION"
echo "$STAGING_DB_LOCATION"
mkdir -p $STAGING_DB_LOCATION
cp -r $REAL_DB_LOCATION/* $STAGING_DB_LOCATION
'')}/bin/setup-staging";
}
];
}

50
hosts/fili/services/websites/reviewqueue.nix Normal file
View file

@ -0,0 +1,50 @@
{
pkgs,
flakes,
secrets,
...
}:
{
sops.secrets.reviewqueue = {
sopsFile = "${secrets}/reviewqueue.env";
};
services.nginx = {
virtualHosts."queue.donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:3000";
proxyWebsockets = true;
};
};
};
systemd.services.reviewqueue = {
description = "Review Queue";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
restartIfChanged = true;
serviceConfig = {
ExecStart = "${flakes.reviewqueue.packages.${pkgs.system}.default}/bin/reviewqueue";
Restart = "always";
EnvironmentFile = "/run/secrets/reviewqueue";
StateDirectory = "reviewqueue";
};
environment = {
DB_PATH = "/var/lib/reviewqueue/db.sqlite";
LD_LIBRARY_PATH =
with pkgs;
lib.makeLibraryPath [
openssl
sqlite
];
};
};
}

25
hosts/fili/services/websites/totpal.nix Normal file
View file

@ -0,0 +1,25 @@
{ flakes, pkgs, ... }:
let
totpal = flakes.totpal.packages.${pkgs.system}.default;
in
{
services.nginx = {
virtualHosts."totpal.donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
proxyPass = "http://[::1]:2442";
};
};
};
systemd.services.totpal = {
description = "totpal";
serviceConfig = {
Type = "simple";
ExecStart = "${totpal}/bin/totpal";
};
};
}