67 lines
1.6 KiB
Nix
67 lines
1.6 KiB
Nix
state-version: { pkgs, ... }:
|
|
let secrets = import ./secrets/secrets.nix;
|
|
services = with builtins;
|
|
map (s: import (./services + "/${s}") { inherit pkgs; })
|
|
(filter (s: ! isNull (match ".*\.nix" s))
|
|
(attrNames (readDir ./services)));
|
|
lib = import ./lib.nix;
|
|
in
|
|
|
|
lib.foldMap ({ name, ip, config, ports, ... }:
|
|
{
|
|
containers.${name} = {
|
|
autoStart = true;
|
|
ephemeral = true;
|
|
privateNetwork = true;
|
|
hostAddress = ip.host;
|
|
localAddress = ip.local;
|
|
config = config // {
|
|
boot.isContainer = true;
|
|
networking.hostName = "${name}";
|
|
networking.useDHCP = false;
|
|
|
|
networking.firewall.enable = true;
|
|
networking.firewall.allowedTCPPorts = ports.tcp;
|
|
networking.firewall.allowedUDPPorts = ports.udp;
|
|
|
|
system.stateVersion = state-version;
|
|
};
|
|
};
|
|
}
|
|
) services
|
|
|
|
//
|
|
|
|
{
|
|
# [NGINX]
|
|
services.nginx = {
|
|
enable = true;
|
|
recommendedProxySettings = true;
|
|
virtualHosts =
|
|
lib.foldMap ({ ip, ports, hosts, ... }:
|
|
lib.foldMap (host:
|
|
{
|
|
"${host}" = {
|
|
locations."/".proxyPass = "http://${ip.local}:${builtins.toString ports.http}";
|
|
};
|
|
}
|
|
) hosts
|
|
) services;
|
|
};
|
|
|
|
# [NETWORK]
|
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
|
networking.firewall.allowedUDPPorts = [ ];
|
|
networking.hostName = "cafe";
|
|
|
|
# VM test user
|
|
users.users.admin.isNormalUser = true;
|
|
users.users.admin.hashedPassword = pkgs.lib.removeSuffix "\n"
|
|
(builtins.readFile ./secrets/admin_password);
|
|
users.users.admin.group = "admin";
|
|
users.groups.admin = {};
|
|
|
|
system.stateVersion = state-version;
|
|
|
|
}
|