think.greaterchiangmai.com is running on ramus
This commit is contained in:
@@ -1,4 +1,4 @@
|
||||
{ config, ... }:
|
||||
{ self, config, ... }:
|
||||
{
|
||||
system.stateVersion = "25.11";
|
||||
nixpkgs.hostPlatform = {
|
||||
@@ -12,4 +12,24 @@
|
||||
|
||||
clan.core.sops.defaultGroups = [ "admins" ];
|
||||
clan.core.networking.targetHost = "root@[${config.clan.core.vars.generators.zerotier.files.zerotier-ip.value}]";
|
||||
|
||||
clan.core.vars.generators.acme = {
|
||||
share = true;
|
||||
files.email.secret = false;
|
||||
|
||||
prompts.email = {
|
||||
type = "line";
|
||||
description = "Email for ACME registeration";
|
||||
};
|
||||
|
||||
script = ''
|
||||
cat $prompts/email > $out/email
|
||||
'';
|
||||
};
|
||||
|
||||
users.users.nginx.extraGroups = [ "acme" ];
|
||||
|
||||
security.acme.acceptTerms = true;
|
||||
|
||||
imports = [ ./think-greater-chiangmai.nix ];
|
||||
}
|
||||
|
||||
136
machines/ramus/think-greater-chiangmai.nix
Normal file
136
machines/ramus/think-greater-chiangmai.nix
Normal file
@@ -0,0 +1,136 @@
|
||||
{ self, config, ... }:
|
||||
let
|
||||
commonSettings = {
|
||||
APP_NAME = "Laravel";
|
||||
APP_ENV = "local";
|
||||
APP_KEY._secret = config.clan.core.vars.generators.greaterchiangmai.files.app_key.path;
|
||||
APP_DEBUG = "false";
|
||||
APP_URL = "http://localhost";
|
||||
|
||||
DB_CONNECTION = "mysql";
|
||||
DB_HOST = "localhost";
|
||||
DB_PORT = 3306;
|
||||
DB_DATABASE = "thinkgtcm";
|
||||
DB_USERNAME = "gtcm";
|
||||
|
||||
R2_ACCESS_KEY_ID = config.clan.core.vars.generators.greaterchiangmai-s3.files.access_key_id.value;
|
||||
R2_SECRET_ACCESS_KEY._secret =
|
||||
config.clan.core.vars.generators.greaterchiangmai-s3.files.secret_access_key.path;
|
||||
R2_REGION = config.clan.core.vars.generators.greaterchiangmai-s3.files.region.value;
|
||||
R2_BUCKET = config.clan.core.vars.generators.greaterchiangmai-s3.files.bucket.value;
|
||||
R2_ENDPOINT = config.clan.core.vars.generators.greaterchiangmai-s3.files.endpoint.value;
|
||||
|
||||
LOG_CHANNEL = "stack";
|
||||
LOG_LEVEL = "debug";
|
||||
|
||||
FILESYSTEM_DISK = "local";
|
||||
|
||||
BROADCAST_DRIVER = "log";
|
||||
CACHE_DRIVER = "file";
|
||||
QUEUE_CONNECTION = "sync";
|
||||
SESSION_DRIVER = "file";
|
||||
SESSION_LIFETIME = 120;
|
||||
|
||||
MEMCACHED_HOST = "127.0.0.1";
|
||||
|
||||
REDIS_HOST = "127.0.0.1";
|
||||
REDIS_PORT = 6379;
|
||||
|
||||
UPLOAD_MAX_FILESIZE = "5000M";
|
||||
POST_MAX_SIZE = "5000M";
|
||||
|
||||
TEST_LOCAL = true;
|
||||
};
|
||||
|
||||
baseDomain = "greaterchiangmai.com";
|
||||
domain = "think.${baseDomain}";
|
||||
domainBackend = "think-backend.${baseDomain}";
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
self.nixosModules.think-gtcm
|
||||
self.nixosModules.think-backend-gtcm
|
||||
];
|
||||
nixpkgs.overlays = [ self.overlays.packagesOverlay ];
|
||||
|
||||
clan.core.vars.generators.greaterchiangmai = {
|
||||
files = {
|
||||
app_key = {
|
||||
secret = true;
|
||||
owner = config.services.think-greaterchiangmai.user;
|
||||
group = config.services.think-greaterchiangmai.group;
|
||||
};
|
||||
};
|
||||
|
||||
prompts = {
|
||||
app_key.persist = true;
|
||||
};
|
||||
|
||||
script = ''
|
||||
cat $prompts/app_key > $out/app_key
|
||||
'';
|
||||
};
|
||||
|
||||
clan.core.vars.generators.greaterchiangmai-s3 = {
|
||||
files = {
|
||||
access_key_id.secret = false;
|
||||
secret_access_key = {
|
||||
secret = true;
|
||||
owner = config.services.think-greaterchiangmai.user;
|
||||
group = config.services.think-greaterchiangmai.group;
|
||||
};
|
||||
endpoint.secret = false;
|
||||
region.secret = false;
|
||||
bucket.secret = false;
|
||||
};
|
||||
|
||||
prompts = {
|
||||
access_key_id.persist = true;
|
||||
secret_access_key.persist = true;
|
||||
endpoint.persist = true;
|
||||
region.persist = true;
|
||||
bucket.persist = true;
|
||||
};
|
||||
|
||||
script = ''
|
||||
cat $prompts/access_key_id > $out/access_key_id
|
||||
cat $prompts/secret_access_key > $out/secret_access_key
|
||||
cat $prompts/endpoint > $out/endpoint
|
||||
cat $prompts/region > $out/region
|
||||
cat $prompts/bucket > $out/bucket
|
||||
'';
|
||||
};
|
||||
|
||||
services.think-greaterchiangmai = {
|
||||
enable = true;
|
||||
domain = domain;
|
||||
settings = commonSettings;
|
||||
};
|
||||
services.think-backend-greaterchiangmai = {
|
||||
enable = true;
|
||||
domain = domainBackend;
|
||||
settings = commonSettings;
|
||||
};
|
||||
|
||||
security.acme.certs = {
|
||||
"${domain}" = {
|
||||
email = config.clan.core.vars.generators.acme.files.email.value;
|
||||
webroot = "/var/lib/acme/acme-challenge/${domain}";
|
||||
};
|
||||
"${domainBackend}" = {
|
||||
email = config.clan.core.vars.generators.acme.files.email.value;
|
||||
webroot = "/var/lib/acme/acme-challenge/${domainBackend}";
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts.${domain} = {
|
||||
forceSSL = true;
|
||||
useACMEHost = domain;
|
||||
acmeRoot = config.security.acme.certs.${domain}.webroot;
|
||||
};
|
||||
services.nginx.virtualHosts.${domainBackend} = {
|
||||
forceSSL = true;
|
||||
useACMEHost = domainBackend;
|
||||
acmeRoot = config.security.acme.certs.${domainBackend}.webroot;
|
||||
};
|
||||
}
|
||||
Reference in New Issue
Block a user