hosts/ni: update config

2025-01-31 04:58:01 +00:00 · 2022-11-25 21:27:23 +08:00 · 2022-11-25 21:27:23 +08:00 · f9751a9510
commit f9751a9510
parent 30e75ebfc7
2 changed files with 22 additions and 18 deletions
--- a/hosts/plover/default.nix
+++ b/hosts/plover/default.nix
@ -1,13 +1,17 @@
 { config, options, lib, pkgs, ... }:

 let
+  inherit (builtins) toString;
  domain = "foodogsquared.one";
+  wikiDomain = "wiki.${domain}";
  passwordManagerDomain = "vault.${domain}";
  codeForgeDomain = "forge.${domain}";
 in
 {
  imports = [
+    ./hardware-configuration.nix
    (lib.getUser "nixos" "plover")
+    (lib.getUser "nixos" "admin")
  ];

  sops.secrets =
@ -43,26 +47,27 @@ in
    recommendedTlsSettings = true;

    virtualHosts = {
-      # These are just websites that are already deployed.
-      "www.${domain}" = {
+      # Personal website.
+      "${domain}" = {
+        forceSSL = false;
+        enableACME = true;
+        serverAliases = [ "www.${domain}" ];
        locations."/" = {
          proxyPass = "https://foodogsquared.netlify.app";
        };
      };
-      "wiki.${domain}" = {
+
+      # My digital notebook.
+      "${wikiDomain}" = {
+        forceSSL = false;
+        enableACME = true;
        locations."/" = {
          proxyPass = "https://foodogsquared-wiki.netlify.app";
        };
      };
-      "search.${domain}" = {
-        locations."/" = {
-          proxyPass = "https://search.brave.com";
-        };
-      };

      # Vaultwarden instance.
      "${passwordManagerDomain}" = {
-        http2 = true;
        forceSSL = true;
        enableACME = true;
        locations = let
@ -86,11 +91,12 @@ in
        };
      };

+      # Gitea instance.
      "${codeForgeDomain}" = {
-        http2 = true;
+        forceSSL = true;
        enableACME = true;
        locations."/" = {
-          proxyPass = "http://localhost:${config.services.gitea.httpPort}";
+          proxyPass = "http://localhost:${toString config.services.gitea.httpPort}";
        };
      };
    };
@ -102,11 +108,6 @@ in
  security.acme = {
    acceptTerms = true;
    defaults.email = "admin@foodogsquared.one";
-
-    certs = {
-      "${passwordManagerDomain}".keyType = "rs2048";
-      "${codeForgeDomain}" = {};
-    };
  };

  # Some additional dependencies for this system.
--- a/hosts/plover/hardware-configuration.nix
+++ b/hosts/plover/hardware-configuration.nix
@ -1,14 +1,17 @@
 { lib, pkgs, modulesPath, ... }:

+# Most of the filesystems listed here are supposed to be overriden to default
+# settings of whatever image format configuration this host system will import
+# from nixos-generators.
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-  fileSystems."/" = {
+  fileSystems."/" = lib.mkOverride 2000 {
    label = "nixos";
    fsType = "ext4";
    autoResize = true;
  };

-  fileSystems."/srv" = {
+  fileSystems."/srv" = lib.mkOverride 2000 {
    label = "data";
    options = [
      "discard"