services: web: Add c8h4.io deployment
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
This commit is contained in:
parent
c2fa377bf9
commit
eca3464a55
|
@ -18,6 +18,7 @@ in {
|
|||
../secrets/morph/acme.nix
|
||||
../secrets/morph/wireguard
|
||||
../services/nginx.nix
|
||||
../services/web/c8h4-io.nix
|
||||
../system/virtual-machine.nix
|
||||
];
|
||||
|
||||
|
|
Binary file not shown.
28
services/web/c8h4-io.nix
Normal file
28
services/web/c8h4-io.nix
Normal file
|
@ -0,0 +1,28 @@
|
|||
{
|
||||
imports = [ ../../system/deploy-target.nix ];
|
||||
|
||||
system.activationScripts.var-www = ''
|
||||
mkdir -p /var/www/c8h4.io
|
||||
chown -R deploy:deploy /var/www
|
||||
chmod -R u=rwX,go=rX /var/www
|
||||
'';
|
||||
|
||||
services.nginx.virtualHosts."c8h4.io" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
default = true;
|
||||
root = "/var/www/c8h4.io";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."christoph-heiss.me" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
globalRedirect = "c8h4.io";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."christoph-heiss.at" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
globalRedirect = "c8h4.io";
|
||||
};
|
||||
}
|
18
system/deploy-target.nix
Normal file
18
system/deploy-target.nix
Normal file
|
@ -0,0 +1,18 @@
|
|||
{ lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
users.groups.deploy.gid = 2000;
|
||||
users.users.deploy = {
|
||||
isNormalUser = true;
|
||||
uid = 2000;
|
||||
createHome = false;
|
||||
group = "deploy";
|
||||
shell = pkgs.deploy-sink;
|
||||
home = "/var/empty";
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDBf2khUKpvOYvMEUbh+ETNh9J3p51VSjUFIRERH7zQz deploy@c8h4.io"
|
||||
];
|
||||
};
|
||||
|
||||
services.openssh.settings.AllowUsers = lib.mkForce "christoph deploy";
|
||||
}
|
Loading…
Reference in a new issue