Luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-04-03 18:50:54 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

deployment module

Browse source
This commit is contained in:
Julien Malka 2023-07-27 21:08:00 +02:00
parent 361d3c57c4
commit 7b8c08c068
Signed by: Luj
GPG key ID: 6FC74C847011FD83
4 changed files with 27 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
base.nix
View file

@ -6,6 +6,7 @@
#luj.secrets.enable = true; #luj.secrets.enable = true;
luj.ssh-server.enable = true; luj.ssh-server.enable = true;
luj.programs.mosh.enable = true; luj.programs.mosh.enable = true;
luj.deployment.enable = true;
sops.defaultSopsFile = ./secrets/secrets.yaml; sops.defaultSopsFile = ./secrets/secrets.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];

6
machines/core-security/default.nix
View file

@ -14,12 +14,6 @@
boot.loader.grub.device = "/dev/sda"; boot.loader.grub.device = "/dev/sda";
boot.loader.grub.useOSProber = true; boot.loader.grub.useOSProber = true;
deployment = {
targetHost = "core-security.luj";
targetPort = 45;
targetUser = "root";
};
security.acme.defaults.email = "julien@malka.sh"; security.acme.defaults.email = "julien@malka.sh";
networking.hostName = "core-security"; # Define your hostname. networking.hostName = "core-security"; # Define your hostname.

6
machines/lambda/default.nix
View file

@ -12,6 +12,8 @@
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
deployment.buildOnTarget = true;
networking.hostName = "lambda"; networking.hostName = "lambda";
time.timeZone = "Europe/Paris"; time.timeZone = "Europe/Paris";
@ -56,7 +58,7 @@
}; };
}; };
security.acme.certs."uptime.luj".server = "https://ca.luj:8444/acme/acme/directory"; security.acme.certs."uptime.luj".server = "https://ca.luj/acme/acme/directory";
services.nginx.virtualHosts."uptime.luj" = { services.nginx.virtualHosts."uptime.luj" = {
forceSSL = true; forceSSL = true;
@ -92,7 +94,7 @@
}; };
security.acme.certs."prometheus.luj".server = "https://ca.luj:8444/acme/acme/directory"; security.acme.certs."prometheus.luj".server = "https://ca.luj/acme/acme/directory";
services.nginx.virtualHosts."prometheus.luj" = { services.nginx.virtualHosts."prometheus.luj" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;

22
modules/deployment/default.nix Normal file
View file

@ -0,0 +1,22 @@
{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.luj.deployment;
hostname = config.networking.hostName;
in
{
options.luj.deployment.enable = mkEnableOption "activate deployment on machine";
config = mkIf cfg.enable {
deployment = {
targetHost = "${hostname}.${lib.luj.machines.${hostname}.tld}";
targetPort = 45;
targetUser = "root";
allowLocalDeployment = true;
};
};
}