feat(tazjin/nixos): serve homepage on yggdrasil

First test of running an Yggdrasil service, lets see how that goes!

Change-Id: Iac10b72f7314a45df13ea539c5c1cef6c994154f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12484
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
This commit is contained in:
Vincent Ambo 2024-09-14 23:24:30 +03:00 committed by tazjin
parent 7593592241
commit c9eeb7da70
2 changed files with 41 additions and 30 deletions

View file

@ -98,6 +98,8 @@ in
openssh.authorizedKeys.keys = depot.users.tazjin.keys.all; openssh.authorizedKeys.keys = depot.users.tazjin.keys.all;
}; };
users.users.nginx.extraGroups = [ "acme" ];
age.secrets = age.secrets =
let let
secretFile = name: depot.users.tazjin.secrets."${name}.age"; secretFile = name: depot.users.tazjin.secrets."${name}.age";

View file

@ -1,14 +1,7 @@
# serve tazjin's website & blog # serve tazjin's website & blog
{ depot, config, lib, pkgs, ... }: { depot, config, lib, pkgs, ... }:
{ let
config = {
services.nginx.virtualHosts."tazj.in" = {
enableACME = true;
forceSSL = true;
root = depot.users.tazjin.homepage;
serverAliases = [ "www.tazj.in" ];
extraConfig = '' extraConfig = ''
location = /en/rss.xml { location = /en/rss.xml {
return 301 https://tazj.in/feed.atom; return 301 https://tazj.in/feed.atom;
@ -39,6 +32,22 @@
alias /var/lib/tazjins-blobs/; alias /var/lib/tazjins-blobs/;
} }
''; '';
in
{
config = {
services.nginx.virtualHosts."tazj.in" = {
enableACME = true;
forceSSL = true;
root = depot.users.tazjin.homepage;
serverAliases = [ "www.tazj.in" ];
inherit extraConfig;
};
services.nginx.virtualHosts."y.tazj.in" = {
enableSSL = true;
useACMEHost = "y.tazj.in";
root = depot.users.tazjin.homepage;
inherit extraConfig;
}; };
services.nginx.virtualHosts."git.tazj.in" = { services.nginx.virtualHosts."git.tazj.in" = {