diff options
| author | polwex <polwex@sortug.com> | 2025-05-14 19:14:35 +0000 |
|---|---|---|
| committer | polwex <polwex@sortug.com> | 2025-05-14 19:14:35 +0000 |
| commit | bf6c3caf10952e96f389623a3107a151ce3b8c30 (patch) | |
| tree | b06c0f349628adbc9d1fc0026ff93d7f883ce51f /hosts/cloud/hetzner | |
| parent | 6dcb4af2623174c4c52202c7ea064f40a35091ed (diff) | |
m
Diffstat (limited to 'hosts/cloud/hetzner')
| -rw-r--r-- | hosts/cloud/hetzner/configuration.nix | 53 | ||||
| -rw-r--r-- | hosts/cloud/hetzner/default.nix | 4 | ||||
| -rw-r--r-- | hosts/cloud/hetzner/disk-config.nix | 55 | ||||
| -rw-r--r-- | hosts/cloud/hetzner/nginx.nix | 29 |
4 files changed, 141 insertions, 0 deletions
diff --git a/hosts/cloud/hetzner/configuration.nix b/hosts/cloud/hetzner/configuration.nix new file mode 100644 index 0000000..73ca07e --- /dev/null +++ b/hosts/cloud/hetzner/configuration.nix @@ -0,0 +1,53 @@ +{ + modulesPath, + lib, + pkgs, + ... +}: { + imports = [ + # ./hardware-configuration.nix + (modulesPath + "/installer/scan/not-detected.nix") + (modulesPath + "/profiles/qemu-guest.nix") + ./nginx.nix + ./disk-config.nix + ../../base.nix + ../users.nix + ../packages.nix + ../../server.nix + ]; + boot = { + loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + }; + }; + + networking = { + hostName = "yn-hel"; + }; + networking.firewall = { + enable = false; + # allowedTCPPorts = [ 993 465 40308 80 443 53 51820 5522 ]; + # allowedUDPPorts = [ 993 465 40308 80 443 53 50000 50001 50002 50003 50004 50005 50006 50007 50008 50009 50010 51820 5522 ]; + }; + # services.ntfy-sh = { + # enable = true; + # settings = { + # base-url = "https://n.urbit.men"; + # listen-http = ":8090"; + # }; + # }; + + # services.headscale = { + # enable = true; + # address = "0.0.0.0"; + # port = 8001; + # settings = { + # server_url = "https://head.urbit.men"; + # dns.baseDomain = "urbit.men"; + # logtail.enabled = false; + # }; + # }; + + system.stateVersion = "24.11"; # Did you read the comment? +} diff --git a/hosts/cloud/hetzner/default.nix b/hosts/cloud/hetzner/default.nix new file mode 100644 index 0000000..3669483 --- /dev/null +++ b/hosts/cloud/hetzner/default.nix @@ -0,0 +1,4 @@ +inputs: [ + inputs.disko.nixosModules.disko + ./configuration.nix +] diff --git a/hosts/cloud/hetzner/disk-config.nix b/hosts/cloud/hetzner/disk-config.nix new file mode 100644 index 0000000..c72a8d4 --- /dev/null +++ b/hosts/cloud/hetzner/disk-config.nix @@ -0,0 +1,55 @@ +# Example to create a bios compatible gpt partition +{lib, ...}: { + disko.devices = { + disk.disk1 = { + device = lib.mkDefault "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "lvm_pv"; + vg = "pool"; + }; + }; + }; + }; + }; + lvm_vg = { + pool = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%FREE"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = [ + "defaults" + ]; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/cloud/hetzner/nginx.nix b/hosts/cloud/hetzner/nginx.nix new file mode 100644 index 0000000..4a6d708 --- /dev/null +++ b/hosts/cloud/hetzner/nginx.nix @@ -0,0 +1,29 @@ +{ + config, + pkgs, + ... +}: { + security.acme.acceptTerms = true; + security.acme.defaults.email = "security@urbit.cam"; + services.nginx = { + enable = true; + virtualHosts."u.urbit.cloud" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8080"; + # proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header Forwarded $proxy_add_x_forwarded_for; + ''; + }; + extraConfig = '' + chunked_transfer_encoding off; + proxy_http_version 1.1; + proxy_buffering off; + proxy_cache off; + ''; + }; + }; +} |