From bc0fd49ad16adb40bb28b8d75a4ace2c9a4ccf09 Mon Sep 17 00:00:00 2001 From: Yusuf Bera Ertan Date: Sat, 30 Jul 2022 06:54:32 +0300 Subject: [PATCH] woo yea --- flake.lock | 63 +++++++++++++++++++++++++++++++++++++ flake.nix | 2 ++ hosts/wolumonde/default.nix | 34 ++++++++++++++++++-- 3 files changed, 96 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index bb03db8..bf6ceaf 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,27 @@ { "nodes": { + "blog": { + "inputs": { + "flakeUtils": "flakeUtils", + "htmlNix": "htmlNix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1659152758, + "narHash": "sha256-nbCRaXMAXfNvrqtWT2WtcYsf2Rym0Zv2WFJDmXk5sgY=", + "owner": "yusdacra", + "repo": "yusdacra.gitlab.io", + "rev": "420e525b8b8210e997748e500f55690fd89a8fca", + "type": "gitlab" + }, + "original": { + "owner": "yusdacra", + "repo": "yusdacra.gitlab.io", + "type": "gitlab" + } + }, "crane": { "flake": false, "locked": { @@ -110,6 +132,21 @@ "type": "github" } }, + "flakeUtils": { + "locked": { + "lastModified": 1648297722, + "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "fufexan": { "flake": false, "locked": { @@ -170,6 +207,31 @@ "type": "github" } }, + "htmlNix": { + "inputs": { + "flakeUtils": [ + "blog", + "flakeUtils" + ], + "nixpkgs": [ + "blog", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1645050947, + "narHash": "sha256-BHPdruYD+6VAyfgsZ33jn00okHQZuxY6Veg4EUei85o=", + "owner": "yusdacra", + "repo": "html.nix", + "rev": "18fa28319f4cdca933da8f413a3e3bcfb36d37b0", + "type": "github" + }, + "original": { + "owner": "yusdacra", + "repo": "html.nix", + "type": "github" + } + }, "hyprland": { "inputs": { "nixpkgs": [ @@ -301,6 +363,7 @@ }, "root": { "inputs": { + "blog": "blog", "fufexan": "fufexan", "helix": "helix", "home": "home", diff --git a/flake.nix b/flake.nix index b1f9b57..3ab41b2 100644 --- a/flake.nix +++ b/flake.nix @@ -20,6 +20,8 @@ hyprland.inputs.nixpkgs.follows = "nixpkgs"; fufexan.url = "github:fufexan/dotfiles"; fufexan.flake = false; + blog.url = "gitlab:yusdacra/yusdacra.gitlab.io"; + blog.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = inputs: let diff --git a/hosts/wolumonde/default.nix b/hosts/wolumonde/default.nix index 2776db2..ce5ebfa 100644 --- a/hosts/wolumonde/default.nix +++ b/hosts/wolumonde/default.nix @@ -1,4 +1,8 @@ -{inputs, ...}: { +{ + inputs, + pkgs, + ... +}: { imports = [ ./hardware-configuration.nix ]; @@ -6,16 +10,40 @@ boot.cleanTmpDir = true; zramSwap.enable = true; + # ssh config + services.fail2ban.enable = true; services.openssh = { enable = true; passwordAuthentication = false; }; - services.fail2ban.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ (builtins.readFile "${inputs.self}/secrets/ssh-key.pub") ]; + # nginx + services.nginx = { + enable = true; + virtualHosts."gaze.systems" = { + enableACME = true; + forceSSL = true; + root = "${inputs.blog.packages.${pkgs.system}.website}"; + }; + }; + security.acme = { + acceptTerms = true; + certs = { + "gaze.systems".email = "y.bera003.06@pm.me"; + }; + }; + + # firewall stuffs + networking.firewall = { + enable = true; + allowedTCPPorts = [ 22 80 443 ]; + allowedUDPPortRanges = [ ]; + }; + + # nixinate for deployment _module.args.nixinate = { host = builtins.readFile "${inputs.self}/secrets/wolumonde-ip"; sshUser = "root";