feat(tazjin/nixos): run Radicle seed node & httpd on koptevo

Change-Id: Icd433f433c0abe8f54735ab45a636b4561fe8d3e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12486
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
This commit is contained in:
Vincent Ambo 2024-09-15 01:24:34 +03:00 committed by tazjin
parent 0022285600
commit af6dc48971

View file

@ -225,6 +225,47 @@ in
};
};
# TODO(tazjin): move this to a module for radicle stuff
services.radicle = {
enable = true;
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILHs6jSvMdtu9oJCt48etEs8ExjfGY5PmWQsRzFleogS";
privateKeyFile = "/etc/secrets/radicle"; # TODO: to manage, or not to manage ...
settings = {
web.pinned.repositories = [
"rad:z2mdnBK1tX6pibdBfRct3ThCgheHu" # tvix-go
];
node = {
alias = "rad.tazj.in";
seedingPolicy.default = "block";
};
};
node = {
openFirewall = true;
listenAddress = "[::]";
};
httpd = {
enable = true;
listenAddress = "127.0.0.1";
listenPort = 7235; # radl
};
};
services.nginx.virtualHosts."rad.tazj.in" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://127.0.0.1:7235";
};
services.nginx.virtualHosts."rad.y.tazj.in" = {
enableSSL = true;
useACMEHost = "y.tazj.in";
locations."/".proxyPass = "http://127.0.0.1:7235";
};
programs.mtr.enable = true;
programs.mosh.enable = true;
zramSwap.enable = true;