fixed bugs with cirrostratus.

2024-08-07 15:24:17 -05:00 · 2024-08-07 15:24:17 -05:00 · f37f68c70e
commit f37f68c70e
parent fa96291493
7 changed files with 36 additions and 15 deletions
--- a/hosts/cirrostratus/default.nix
+++ b/hosts/cirrostratus/default.nix
@ -13,6 +13,7 @@ inputs.nixpkgs.lib.nixosSystem {
    inputs.disko.nixosModules.disko
    ./disk-config.nix
    ./hardware-configuration.nix
+    ./nginx.nix
    ../../configs/nixos/common.nix
    ../../configs/nixos/tailscale.nix
    ../../configs/nixos/sshd.nix
@ -29,6 +30,7 @@ inputs.nixpkgs.lib.nixosSystem {
        fullName = "Gabe Venberg";
        gui.enable = false;
      };
+      boot.zfs.extraPools = ["storage"];
      networking.hostName = "cirrostratus"; # Define your hostname.
      networking.hostId = "1b9da0b9";
      networking.useNetworkd = true;
@ -52,6 +54,11 @@ inputs.nixpkgs.lib.nixosSystem {
      sops = lib.mkIf (inputs ? nix-secrets) {
        secrets = {
          duckdns-token.sopsFile = "${inputs.nix-secrets}/duckdns.yaml";
+          gabevenberg-draft-credentials = {
+            sopsFile = "${inputs.nix-secrets}/draft.gabevenberg.com";
+            format = "binary";
+            owner = config.services.nginx.user;
+          };
        };
      };

--- a/hosts/cirrostratus/disk-config.nix
+++ b/hosts/cirrostratus/disk-config.nix
@ -66,13 +66,7 @@
        mode = "mirror";
        rootFsOptions = {
          compression = "zstd";
-        };
-
-        datasets = {
-          dataset = {
-            type = "zfs_fs";
-            options.mountpoint = "/storage/dataset";
-          };
+          mountpoint = "/storage";
        };
      };
    };
--- a/hosts/cirrostratus/nginx.nix
+++ b/hosts/cirrostratus/nginx.nix
@ -13,4 +13,10 @@
    forceSSL = true;
    root = "/var/www/gabevenberg.com";
  };
+  services.nginx.virtualHosts."draft.gabevenberg.com" = {
+    enableACME = true;
+    forceSSL = true;
+    root = "/var/www/draft.gabevenberg.com";
+    basicAuthFile = config.sops.secrets.gabevenberg-draft-credentials.path;
+  };
 }
--- a/hosts/cirrus/default.nix
+++ b/hosts/cirrus/default.nix
@ -12,18 +12,18 @@ inputs.nixpkgs.lib.nixosSystem {
    inputs.home-manager.nixosModules.home-manager
    inputs.disko.nixosModules.disko
    ./disk-config.nix
-    ./nginx.nix
    ../../roles/nixos/vm.nix
    ../../configs/nixos/common.nix
    ../../configs/nixos/tailscale.nix
    ../../configs/nixos/sshd.nix
-    # ../../configs/nixos/secrets.nix
+    ../../configs/nixos/secrets.nix
    ../../configs/nixos/radicale.nix
    ../../configs/nixos/forgejo.nix
    ({
      config,
      pkgs,
      configLib,
+      lib,
      ...
    }: {
      host = {
@ -44,6 +44,15 @@ inputs.nixpkgs.lib.nixosSystem {
        };
      };

+      sops = lib.mkIf (inputs ? nix-secrets) {
+        secrets = {
+          radicale-users = {
+            sopsFile = "${inputs.nix-secrets}/radicale-users";
+            format = "binary";
+            owner = "radicale";
+          };
+        };
+      };
      home-manager.users.${config.host.user} = {
        inputs,
        osConfig,