diff options
Diffstat (limited to 'modules/private/system')
-rw-r--r-- | modules/private/system/dilion.nix | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/modules/private/system/dilion.nix b/modules/private/system/dilion.nix index 379117c..a0d56cc 100644 --- a/modules/private/system/dilion.nix +++ b/modules/private/system/dilion.nix | |||
@@ -1,5 +1,5 @@ | |||
1 | { privateFiles }: | 1 | { privateFiles }: |
2 | { config, pkgs, name, ... }: | 2 | { config, pkgs, name, lib, ... }: |
3 | { | 3 | { |
4 | boot.supportedFilesystems = [ "zfs" ]; | 4 | boot.supportedFilesystems = [ "zfs" ]; |
5 | boot.kernelPackages = pkgs.linuxPackages_latest; | 5 | boot.kernelPackages = pkgs.linuxPackages_latest; |
@@ -41,6 +41,8 @@ | |||
41 | }; | 41 | }; |
42 | }; | 42 | }; |
43 | 43 | ||
44 | system.nssModules = [ pkgs.libvirt ]; | ||
45 | system.nssHosts = lib.mkForce [ "files" "libvirt_guest" "mymachines" "dns" "myhostname" ]; | ||
44 | programs.zsh.enable = true; | 46 | programs.zsh.enable = true; |
45 | 47 | ||
46 | users.users.backup = { | 48 | users.users.backup = { |
@@ -76,12 +78,24 @@ | |||
76 | install -m 0750 -o backup -g root -d /var/lib/backup/eldiron | 78 | install -m 0750 -o backup -g root -d /var/lib/backup/eldiron |
77 | ''; | 79 | ''; |
78 | 80 | ||
81 | system.activationScripts.libvirtd_exports = '' | ||
82 | install -m 0755 -o root -g root -d /var/lib/caldance | ||
83 | ''; | ||
79 | virtualisation.docker.enable = true; | 84 | virtualisation.docker.enable = true; |
80 | virtualisation.libvirtd.enable = true; | 85 | virtualisation.libvirtd.enable = true; |
81 | users.extraUsers.immae.extraGroups = [ "libvirtd" "docker" ]; | 86 | users.extraUsers.immae.extraGroups = [ "libvirtd" "docker" ]; |
82 | systemd.services.libvirtd.postStart = '' | 87 | systemd.services.libvirtd.postStart = '' |
83 | install -m 0770 -g libvirtd -d /var/lib/libvirt/images | 88 | install -m 0770 -g libvirtd -d /var/lib/libvirt/images |
84 | ''; | 89 | ''; |
90 | systemd.services.socat-caldance = { | ||
91 | description = "Forward ssh port to caldance"; | ||
92 | wantedBy = [ "multi-user.target" ]; | ||
93 | after = [ "network.target" ]; | ||
94 | |||
95 | serviceConfig = { | ||
96 | ExecStart = "${pkgs.socat}/bin/socat TCP-LISTEN:8022,fork TCP:nixops-99a7e1ba-54dc-11ea-a965-10bf487fe63b-caldance:22"; | ||
97 | }; | ||
98 | }; | ||
85 | 99 | ||
86 | time.timeZone = "Europe/Paris"; | 100 | time.timeZone = "Europe/Paris"; |
87 | nix = { | 101 | nix = { |
@@ -117,6 +131,7 @@ | |||
117 | "discourse.immae.eu" = null; | 131 | "discourse.immae.eu" = null; |
118 | "discourse.cip-ca.fr" = null; | 132 | "discourse.cip-ca.fr" = null; |
119 | "dev.immae.eu" = null; | 133 | "dev.immae.eu" = null; |
134 | "caldance.immae.eu" = null; | ||
120 | }; | 135 | }; |
121 | }; | 136 | }; |
122 | services.nginx = { | 137 | services.nginx = { |
@@ -124,6 +139,9 @@ | |||
124 | recommendedOptimisation = true; | 139 | recommendedOptimisation = true; |
125 | recommendedGzipSettings = true; | 140 | recommendedGzipSettings = true; |
126 | recommendedProxySettings = true; | 141 | recommendedProxySettings = true; |
142 | upstreams = { | ||
143 | caldance.servers."nixops-99a7e1ba-54dc-11ea-a965-10bf487fe63b-caldance:3031" = {}; | ||
144 | }; | ||
127 | virtualHosts = { | 145 | virtualHosts = { |
128 | "dev.immae.eu" = { | 146 | "dev.immae.eu" = { |
129 | acmeRoot = config.myServices.certificates.webroot; | 147 | acmeRoot = config.myServices.certificates.webroot; |
@@ -143,6 +161,20 @@ | |||
143 | forceSSL = true; | 161 | forceSSL = true; |
144 | locations."/".proxyPass = "http://localhost:18031"; | 162 | locations."/".proxyPass = "http://localhost:18031"; |
145 | }; | 163 | }; |
164 | "caldance.immae.eu" = { | ||
165 | acmeRoot = config.myServices.certificates.webroot; | ||
166 | useACMEHost = name; | ||
167 | forceSSL = true; | ||
168 | locations."/".extraConfig = '' | ||
169 | uwsgi_pass caldance; | ||
170 | ''; | ||
171 | locations."/static/".alias = "/var/lib/caldance/caldance/app/www/static/"; | ||
172 | locations."/media/".alias = "/var/lib/caldance/caldance/media/"; | ||
173 | extraConfig = '' | ||
174 | auth_basic "Authentification requise"; | ||
175 | auth_basic_user_file ${pkgs.writeText "htpasswd" config.myEnv.websites.caldance.integration.password}; | ||
176 | ''; | ||
177 | }; | ||
146 | }; | 178 | }; |
147 | }; | 179 | }; |
148 | 180 | ||