add nginx webserver

2024-11-09 07:43:31 -06:00
parent c724557c9e
commit 672b90933c
7 changed files with 59 additions and 15 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -1385,11 +1385,11 @@
      "locked": {
        "lastModified": 1,
        "narHash": "sha256-GNix63XYPLopvFgOUHyouU0d/V9lvKN9h3h1juttDgg=",
-        "path": "/nix/store/1w9iy5z4gb51v425r1i57983vi3bzdqk-source/home-manager",
+        "path": "/nix/store/ymfv7s9i4xhig39nyci7aifl9z34y78h-source/home-manager",
        "type": "path"
      },
      "original": {
-        "path": "/nix/store/1w9iy5z4gb51v425r1i57983vi3bzdqk-source/home-manager",
+        "path": "/nix/store/ymfv7s9i4xhig39nyci7aifl9z34y78h-source/home-manager",
        "type": "path"
      }
    },
@@ -2067,11 +2067,11 @@
      "locked": {
        "lastModified": 1,
        "narHash": "sha256-HAuZ9X84fuwUcit6NWUoJCjHj+29nST/YN6Rs8JQugY=",
-        "path": "/nix/store/f585mnr0xhrs90swbckv27h60c7hk8mp-source/programs",
+        "path": "/nix/store/lmily1c217gvdwsz3rlsjphdc15v2d2h-source/programs",
        "type": "path"
      },
      "original": {
-        "path": "/nix/store/f585mnr0xhrs90swbckv27h60c7hk8mp-source/programs",
+        "path": "/nix/store/lmily1c217gvdwsz3rlsjphdc15v2d2h-source/programs",
        "type": "path"
      }
    },
@@ -2155,11 +2155,11 @@
      "locked": {
        "lastModified": 1,
        "narHash": "sha256-0Ztx5DVQ2I7hvCK/qjGa4XTdRgbzM8rhf19m0al8lVM=",
-        "path": "/nix/store/f585mnr0xhrs90swbckv27h60c7hk8mp-source/services/sddm",
+        "path": "/nix/store/lmily1c217gvdwsz3rlsjphdc15v2d2h-source/services/sddm",
        "type": "path"
      },
      "original": {
-        "path": "/nix/store/f585mnr0xhrs90swbckv27h60c7hk8mp-source/services/sddm",
+        "path": "/nix/store/lmily1c217gvdwsz3rlsjphdc15v2d2h-source/services/sddm",
        "type": "path"
      }
    },
@@ -2226,12 +2226,12 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-d2cED6HwQD1a5sWYGKTkrXSYqvDecyIioUT5U2W4xds=",
-        "path": "/nix/store/1w9iy5z4gb51v425r1i57983vi3bzdqk-source/system-config",
+        "narHash": "sha256-YHm0+Ze4OZOFqRrorlnH/iz3DAZEukDLS8mbgGiExBc=",
+        "path": "/nix/store/ymfv7s9i4xhig39nyci7aifl9z34y78h-source/system-config",
        "type": "path"
      },
      "original": {
-        "path": "/nix/store/1w9iy5z4gb51v425r1i57983vi3bzdqk-source/system-config",
+        "path": "/nix/store/ymfv7s9i4xhig39nyci7aifl9z34y78h-source/system-config",
        "type": "path"
      }
    },
--- a/system-config/configuration/homebox/default.nix
+++ b/system-config/configuration/homebox/default.nix
@@ -19,7 +19,7 @@
    ];

    boot = {
-        kernelPackages = pkgs.linuxKernel.kernels.linux_6_11;
+        kernelPackages = pkgs.linuxKernel.packages.linux_6_1;
        loader = {
            systemd-boot.enable = true;
            efi.canTouchEfiVariables = true;
@@ -251,6 +251,8 @@

            authentik.enable = false;

+            "blunkall.us".enable = true;
+            
            gitlab.enable = false;
        };
    };
--- a/system-config/services/containers/authentik-nix/default.nix
+++ b/system-config/services/containers/authentik-nix/default.nix
@@ -5,10 +5,6 @@
        default = false;
    };

-    imports = [
-        inputs.authentik-nix.nixosModules.default
-    ];
-
    config = lib.mkIf config.sysconfig.opts.virtualization.authentik.enable {

        sops.templates."authentik.env" = {
@@ -34,6 +30,10 @@
            };
            config = {

+                imports = [
+                    inputs.authentik-nix.nixosModules.default
+                ];
+                
                services.authentik = {

                    enable = true;
@@ -43,6 +43,8 @@
                        avatars = "initials";
                    };
                };
+
+                networking.firewall.enable = false;
            };
        };

--- a/system-config/services/containers/default.nix
+++ b/system-config/services/containers/default.nix
@@ -4,5 +4,6 @@
        ./gitlab
        ./traefik
        ./authentik-nix
+        ./nginx
    ];
 }
--- a/system-config/services/containers/httpd/default.nix
+++ b/system-config/services/containers/httpd/default.nix
--- a/system-config/services/containers/nginx/default.nix
+++ b/system-config/services/containers/nginx/default.nix
@@ -0,0 +1,39 @@
+{ config, lib, ... }: {
+    
+    options.sysconfig.opts.virtualization."blunkall.us".enable = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+    };
+
+    config = lib.mkIf config.sysconfig.opts.virtualization."blunkall.us".enable {
+
+        containers.blunkall_us = {
+
+            autoStart = true;
+            privateNetwork = true;
+            hostAddress = "192.168.100.10";
+            localAddress = "192.168.100.13";
+
+            bindMounts = {
+                "/var/www/data" = {
+                    hostPath = "/ssd1/blunkall_us/data";
+                    isReadOnly = false;
+                };
+            };
+
+            config = {
+
+                services.nginx = {
+                    enable = true;
+                    virtualHosts."blunkall.us" = {
+                        enableACME = false;
+                        forceSSL = false;
+                        root = "/var/www/data";
+                    };
+                };
+
+                networking.firewall.allowedTCPPorts = [ 80 ];
+            };
+        };
+    };
+}
--- a/system-config/services/containers/traefik/default.nix
+++ b/system-config/services/containers/traefik/default.nix
@@ -176,7 +176,7 @@
                            services = {
                                #gitlab.loadBalancer.servers = [ { url = "http://192.168.100.12:80"; } ];

-                                homepage.loadBalancer.servers = [ { url = "http://192.168.100.10:8000"; } ];
+                                homepage.loadBalancer.servers = [ { url = "http://192.168.100.13:80"; } ];
                            };
                        };
                    };