diff options
| author | EuAndreh <eu@euandre.org> | 2020-08-15 17:51:28 -0300 |
|---|---|---|
| committer | EuAndreh <eu@euandre.org> | 2020-08-15 18:17:40 -0300 |
| commit | 4e50cb29cb60969fbf7f567f676a3de90b4d7eae (patch) | |
| tree | 3a689f0743f8d164400886b9e1c50e95471a40d9 | |
| parent | Use new image with ownership of /etc/nixos/configuration.nix by user (diff) | |
| download | server-4e50cb29cb60969fbf7f567f676a3de90b4d7eae.tar.gz server-4e50cb29cb60969fbf7f567f676a3de90b4d7eae.tar.xz | |
Deploy "boneco" project at boneco.$TLD
| -rw-r--r-- | TODOs.org | 3 | ||||
| -rw-r--r-- | secrets/secret-envrc.sh | bin | 3326 -> 3582 bytes | |||
| -rw-r--r-- | vps-configuration.env.nix | 17 |
3 files changed, 20 insertions, 0 deletions
@@ -47,6 +47,7 @@ CLOSED: [2020-08-14 ven. 09:29] ** TODO snapshot with swap: nixos-rebuild switch takes too much memory Adding swap memory maybe be a lot slower, but allows me to stay inside the 512MB memory server plan ** TODO Configure PostgreSQL permissions correctly +Or even better: switch to SQLite. ** TODO Harden the server *** TODO [#C] [[https://www.reddit.com/r/selfhosted/comments/bw8hqq/top_3_measures_to_secure_your_virtual_private/][Top 3 measures to secure your Virtual Private Server? (VPS)]] *** TODO [#A] [[https://docs.nextcloud.com/server/stable/admin_manual/installation/harden_server.html][Nextcloud: Hardening and security guidance]] @@ -91,6 +92,8 @@ uploadHttp = { #+END_SRC ** DONE =git.$tld=: cgit server with repositories from ~/dev/libre/ CLOSED: [2020-08-14 ven. 09:29] +** DONE =boneco.$tld=: [[https://git.sr.ht/~euandreh/boneco][boneco]] deployment +CLOSED: [2020-08-15 sam. 18:17] ** TODO =mail.$tld=: postfix, dovecot, spamassasin, opendkim, etc No need for roundcube, Nextcloud has a web interface client. ** TODO =$tld=: current Jekyll blog diff --git a/secrets/secret-envrc.sh b/secrets/secret-envrc.sh Binary files differindex 9958959..905a2d7 100644 --- a/secrets/secret-envrc.sh +++ b/secrets/secret-envrc.sh diff --git a/vps-configuration.env.nix b/vps-configuration.env.nix index e330d2f..7bf5a4e 100644 --- a/vps-configuration.env.nix +++ b/vps-configuration.env.nix @@ -6,6 +6,7 @@ let nextcloudTLD = "$NEXTCLOUD_TLD"; gitTLD = "$GIT_TLD"; prosodyTLD = "$PROSODY_TLD"; + bonecoTLD = "$BONECO_TLD"; letsencryptEmail = "$LETSENCRYPT_EMAIL"; authorizedKey = "$AUTHORIZED_KEY"; userPassword = "$USER_PASSWORD"; @@ -23,6 +24,17 @@ let prosodyHTTPUploadTLD = "$PROSODY_HTTP_UPLOAD_TLD"; prosodyPort = "$PROSODY_PORT"; }; + boneco = pkgs.stdenv.mkDerivation { + name = "boneco"; + src = + fetchTarball "https://git.sr.ht/~euandreh/boneco/archive/master.tar.gz"; + phases = "unpackPhase buildPhase"; + buildPhase = '' + mkdir ${DOLLAR}out + cp index.html ${DOLLAR}out + cp favicon.ico ${DOLLAR}out + ''; + }; in { imports = [ ./hardware-configuration.nix ]; @@ -100,6 +112,11 @@ in { proxyPass = "http://localhost:${envsubstConfiguration.gitPort}"; }; }; + "${envsubstConfiguration.bonecoTLD}" = { + forceSSL = true; + enableACME = true; + root = boneco; + }; }; }; |