woo yea

2022-07-30 06:54:32 +03:00 · 2022-07-30 06:54:32 +03:00 · bc0fd49ad1
commit bc0fd49ad1
parent 91ad7a75f7
3 changed files with 96 additions and 3 deletions
--- a/flake.lock
+++ b/flake.lock
@ -1,5 +1,27 @@
 {
  "nodes": {
+    "blog": {
+      "inputs": {
+        "flakeUtils": "flakeUtils",
+        "htmlNix": "htmlNix",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1659152758,
+        "narHash": "sha256-nbCRaXMAXfNvrqtWT2WtcYsf2Rym0Zv2WFJDmXk5sgY=",
+        "owner": "yusdacra",
+        "repo": "yusdacra.gitlab.io",
+        "rev": "420e525b8b8210e997748e500f55690fd89a8fca",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "yusdacra",
+        "repo": "yusdacra.gitlab.io",
+        "type": "gitlab"
+      }
+    },
    "crane": {
      "flake": false,
      "locked": {
@ -110,6 +132,21 @@
        "type": "github"
      }
    },
+    "flakeUtils": {
+      "locked": {
+        "lastModified": 1648297722,
+        "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
    "fufexan": {
      "flake": false,
      "locked": {
@ -170,6 +207,31 @@
        "type": "github"
      }
    },
+    "htmlNix": {
+      "inputs": {
+        "flakeUtils": [
+          "blog",
+          "flakeUtils"
+        ],
+        "nixpkgs": [
+          "blog",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1645050947,
+        "narHash": "sha256-BHPdruYD+6VAyfgsZ33jn00okHQZuxY6Veg4EUei85o=",
+        "owner": "yusdacra",
+        "repo": "html.nix",
+        "rev": "18fa28319f4cdca933da8f413a3e3bcfb36d37b0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "yusdacra",
+        "repo": "html.nix",
+        "type": "github"
+      }
+    },
    "hyprland": {
      "inputs": {
        "nixpkgs": [
@ -301,6 +363,7 @@
    },
    "root": {
      "inputs": {
+        "blog": "blog",
        "fufexan": "fufexan",
        "helix": "helix",
        "home": "home",
--- a/flake.nix
+++ b/flake.nix
@ -20,6 +20,8 @@
    hyprland.inputs.nixpkgs.follows = "nixpkgs";
    fufexan.url = "github:fufexan/dotfiles";
    fufexan.flake = false;
+    blog.url = "gitlab:yusdacra/yusdacra.gitlab.io";
+    blog.inputs.nixpkgs.follows = "nixpkgs";
  };

  outputs = inputs: let
--- a/hosts/wolumonde/default.nix
+++ b/hosts/wolumonde/default.nix
@ -1,4 +1,8 @@
-{inputs, ...}: {
+{
+  inputs,
+  pkgs,
+  ...
+}: {
  imports = [
    ./hardware-configuration.nix
  ];
@ -6,16 +10,40 @@
  boot.cleanTmpDir = true;
  zramSwap.enable = true;

+  # ssh config
+  services.fail2ban.enable = true;
  services.openssh = {
    enable = true;
    passwordAuthentication = false;
  };
-  services.fail2ban.enable = true;
-
  users.users.root.openssh.authorizedKeys.keys = [
    (builtins.readFile "${inputs.self}/secrets/ssh-key.pub")
  ];

+  # nginx
+  services.nginx = {
+    enable = true;
+    virtualHosts."gaze.systems" = {
+      enableACME = true;
+      forceSSL = true;
+      root = "${inputs.blog.packages.${pkgs.system}.website}";
+    };
+  };
+  security.acme = {
+    acceptTerms = true;
+    certs = {
+      "gaze.systems".email = "y.bera003.06@pm.me";
+    };
+  };
+
+  # firewall stuffs
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 22 80 443 ];
+    allowedUDPPortRanges = [ ];
+  };
+
+  # nixinate for deployment
  _module.args.nixinate = {
    host = builtins.readFile "${inputs.self}/secrets/wolumonde-ip";
    sshUser = "root";