97 lines
2 KiB
Nix
97 lines
2 KiB
Nix
|
{ depot, ... }:
|
||
|
|
||
|
let
|
||
|
inherit (depot.users.grfn)
|
||
|
terraform
|
||
|
;
|
||
|
|
||
|
in
|
||
|
terraform.workspace "bbbg"
|
||
|
{
|
||
|
plugins = (p: with p; [
|
||
|
aws
|
||
|
cloudflare
|
||
|
]);
|
||
|
}
|
||
|
{
|
||
|
machine = terraform.nixosMachine {
|
||
|
name = "bbbg";
|
||
|
instanceType = "t3a.small";
|
||
|
rootVolumeSizeGb = 250;
|
||
|
extraIngressPorts = [ 80 443 ];
|
||
|
configuration = { pkgs, lib, config, depot, ... }: {
|
||
|
imports = [
|
||
|
./module.nix
|
||
|
"${depot.third_party.agenix.src}/modules/age.nix"
|
||
|
];
|
||
|
|
||
|
services.openssh.enable = true;
|
||
|
|
||
|
services.nginx = {
|
||
|
enable = true;
|
||
|
recommendedTlsSettings = true;
|
||
|
recommendedOptimisation = true;
|
||
|
recommendedGzipSettings = true;
|
||
|
recommendedProxySettings = true;
|
||
|
};
|
||
|
|
||
|
networking.firewall.enable = false;
|
||
|
|
||
|
programs.zsh.enable = true;
|
||
|
|
||
|
users.users.grfn = {
|
||
|
isNormalUser = true;
|
||
|
initialPassword = "password";
|
||
|
extraGroups = [
|
||
|
"wheel"
|
||
|
"networkmanager"
|
||
|
"audio"
|
||
|
"docker"
|
||
|
];
|
||
|
shell = pkgs.zsh;
|
||
|
openssh.authorizedKeys.keys = [
|
||
|
depot.users.grfn.keys.main
|
||
|
];
|
||
|
};
|
||
|
|
||
|
security.sudo.extraRules = [{
|
||
|
groups = [ "wheel" ];
|
||
|
commands = [{ command = "ALL"; options = [ "NOPASSWD" ]; }];
|
||
|
}];
|
||
|
|
||
|
nix.gc = {
|
||
|
automatic = true;
|
||
|
dates = "weekly";
|
||
|
options = "--delete-older-than 30d";
|
||
|
};
|
||
|
|
||
|
age.secrets = {
|
||
|
bbbg.file =
|
||
|
depot.users.grfn.secrets."bbbg.age";
|
||
|
};
|
||
|
|
||
|
services.bbbg.enable = true;
|
||
|
services.bbbg.database.enable = true;
|
||
|
services.bbbg.proxy.enable = true;
|
||
|
services.bbbg.domain = "bbbg.gws.fyi";
|
||
|
|
||
|
security.acme.defaults.email = "root@gws.fyi";
|
||
|
security.acme.acceptTerms = true;
|
||
|
};
|
||
|
};
|
||
|
|
||
|
dns = {
|
||
|
data.cloudflare_zone.gws-fyi = {
|
||
|
name = "gws.fyi";
|
||
|
};
|
||
|
|
||
|
resource.cloudflare_record.bbbg = {
|
||
|
zone_id = "\${data.cloudflare_zone.gws-fyi.id}";
|
||
|
name = "bbbg";
|
||
|
type = "A";
|
||
|
value = "\${aws_instance.bbbg_machine.public_ip}";
|
||
|
proxied = false;
|
||
|
};
|
||
|
};
|
||
|
}
|