Semi working setup: Terraform and LetsEncrypt working

1 files changed, 32 insertions, 30 deletions

diff --git a/vps-configuration.env.nix b/vps-configuration.env.nix
index 8afa57d..6ffd900 100644
--- a/vps-configuration.env.nix
+++ b/vps-configuration.env.nix
@@ -6,6 +6,10 @@ let
     gitTLD = "$GIT_TLD";
     letsencryptEmail = "$LETSENCRYPT_EMAIL";
     authorizedKey = "$AUTHORIZED_KEY";
+    userPassword = "$USER_PASSWORD";
+    nextcloudDatabasePassword = "$NEXTCLOUD_DATABASE_PASSWORD";
+    nextcloudAdminPassword = "$NEXTCLOUD_ADMIN_PASSWORD";
+    gitRoot = "$GIT_ROOT";
   };
 in {
   imports = [ ./hardware-configuration.nix ];
@@ -21,7 +25,10 @@ in {
     interfaces.ens3.useDHCP = true;
   };
 
-  environment.systemPackages = with pkgs; [ vim ];
+  environment.systemPackages = with pkgs; [
+    vim
+    git
+  ];
 
   networking.firewall.allowedTCPPorts = [ 80 443 22 ];
 
@@ -43,24 +50,20 @@ in {
       recommendedOptimisation = true;
       recommendedProxySettings = true;
       recommendedTlsSettings = true;
-      sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
-      virtualHosts = let
-        customConfigTLDs = { };
-        defaultConfigTLDs =
-          [ envsubstConfiguration.nextcloudTLD envsubstConfiguration.gitTLD ];
-        buildDefaultConfiguration = tld: {
-          "${tld}" = {
-            forceSSL = true;
-            enableACME = true;
-          };
+      virtualHosts = {
+        "${envsubstConfiguration.nextcloudTLD}" = {
+          forceSSL = true;
+          enableACME = true;
         };
-      in pkgs.lib.fold
-      (tldString: acc: acc // buildDefaultConfiguration tldString)
-      customConfigTLDs defaultConfigTLDs;
+        "${envsubstConfiguration.gitTLD}" = {
+          forceSSL = true;
+          enableACME = true;
+        };
+      };
 
       gitweb = {
         enable = true;
-        location = "/";
+        location = "";
         virtualHost = envsubstConfiguration.gitTLD;
       };
     };
@@ -68,37 +71,35 @@ in {
     nextcloud = {
       enable = true;
       hostName = envsubstConfiguration.nextcloudTLD;
-      nginx.enable = true;
       https = true;
       autoUpdateApps.enable = true;
       autoUpdateApps.startAt = "05:00:00";
       config = {
         overwriteProtocol = "https";
-
         dbtype = "pgsql";
         dbuser = "nextcloud";
-        dbhost =
-          "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
+        dbhost = "/run/postgresql";
         dbname = "nextcloud";
-        dbpassFile = "/var/nextcloud-db-pass";
-
-        adminpassFile = "/var/nextcloud-admin-pass";
+        dbpass = envsubstConfiguration.nextcloudDatabasePassword;
         adminuser = "admin";
+        adminpass = envsubstConfiguration.nextcloudAdminPassword;
       };
     };
 
     postgresql = {
       enable = true;
       ensureDatabases = [ "nextcloud" ];
-      ensureUsers = [{
-        name = "nextcloud";
-        ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
-      }];
+      ensureUsers = [
+        {
+          name = "nextcloud";
+          ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
+        }
+      ];
     };
 
     gitweb = {
       gitwebTheme = true;
-      projectroot = "/srv/git";
+      projectroot = envsubstConfiguration.gitRoot;
     };
   };
 
@@ -107,12 +108,13 @@ in {
     after = [ "postgresql.service" ];
   };
 
-  users.users.nixos = {
+  users.extraUsers.andreh = {
     uid = 1000;
+    isNormalUser = true;
     extraGroups = [ "wheel" ];
-    useDefaultShell = true;
+    password = envsubstConfiguration.userPassword;
     openssh.authorizedKeys.keys = [ envsubstConfiguration.authorizedKey ];
   };
 
-  system.stateVersion = "19.09";
+  system.stateVersion = "20.03";
 }