From 8febb2fad131dc1ff42a2c667b26b013d64c17b8 Mon Sep 17 00:00:00 2001 From: sinanmohd Date: Sat, 1 Jun 2024 19:25:59 +0530 Subject: repo: ./nixos -> ./os --- os/dspace/modules/network.nix | 18 ++++++++++++++++++ os/dspace/modules/www.nix | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+) create mode 100644 os/dspace/modules/network.nix create mode 100644 os/dspace/modules/www.nix (limited to 'os/dspace/modules') diff --git a/os/dspace/modules/network.nix b/os/dspace/modules/network.nix new file mode 100644 index 0000000..007cfba --- /dev/null +++ b/os/dspace/modules/network.nix @@ -0,0 +1,18 @@ +{ ... }: + +let + wan = "ens18"; +in +{ + networking = { + interfaces.${wan}.ipv4.addresses = [{ + address = "10.0.8.107"; + prefixLength = 16; + }]; + defaultGateway = { + address = "10.0.0.1"; + interface = wan; + }; + nameservers = [ "10.0.0.2" "10.0.0.3" ]; + }; +} diff --git a/os/dspace/modules/www.nix b/os/dspace/modules/www.nix new file mode 100644 index 0000000..90ab841 --- /dev/null +++ b/os/dspace/modules/www.nix @@ -0,0 +1,39 @@ +{ config, ... }: + +let + domain = "dsp.fscusat.ac.in"; +in +{ + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + sops.secrets = let + opts = { + owner = config.services.nginx.user; + group = config.services.nginx.group; + }; + in{ + "cusat.ac.in/key" = opts; + "cusat.ac.in/crt" = opts; + }; + + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedZstdSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + recommendedBrotliSettings = true; + + virtualHosts.${domain} = { + forceSSL = true; + sslCertificateKey = config.sops.secrets."cusat.ac.in/key".path; + sslCertificate = config.sops.secrets."cusat.ac.in/crt".path; + + locations."/" = { + return = "200 '

under construction

'"; + extraConfig = "add_header Content-Type text/html;"; + }; + }; + }; +} -- cgit v1.2.3