From b1b8633945681a76065c465e3acd6705090455df Mon Sep 17 00:00:00 2001 From: Tine Date: Thu, 22 Aug 2024 20:48:15 +0200 Subject: [PATCH] feat: nginx and webhooks --- configuration.nix | 60 +++++++++++++++++++++++++++++++++++++---------- 1 file changed, 47 insertions(+), 13 deletions(-) diff --git a/configuration.nix b/configuration.nix index a94f1c7..08c42f9 100644 --- a/configuration.nix +++ b/configuration.nix @@ -4,7 +4,23 @@ config, pkgs, ... -} : { +}: +let + ngx_http_geoip2_module = pkgs.stdenv.mkDerivation rec { + name = "ngx_http_geoip2_module-a28ceff"; + src = pkgs.fetchgit { + url = "https://github.com/leev/ngx_http_geoip2_module"; + rev = "445df24ef3781e488cee3dfe8a1e111997fc1dfe"; + sha256 = "1h2xkxpb2nk4r3pkbzgas5rbl95i59jpa59rh94x2hyzxmzrzvv8"; + }; + installPhase = '' + mkdir $out + cp *.c config $out/ + ''; + fixupPhase = ""; + }; +in +{ system.stateVersion = "23.11"; #boot.loader.systemd-boot.enable = true; @@ -15,14 +31,13 @@ # USER MANAGEMENT nix.settings.trusted-users = [ "nixos" ]; - users.users.nixos = - { - isNormalUser = true; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICXAlzwziqfUUb2qmFwNF/nrBYc5MNT1MMOx81ohBmB+ tine@little.sys.tjo.space" - ]; - }; + users.users.nixos = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICXAlzwziqfUUb2qmFwNF/nrBYc5MNT1MMOx81ohBmB+ tine@little.sys.tjo.space" + ]; + }; services.openssh = { enable = true; settings.PasswordAuthentication = false; @@ -32,9 +47,28 @@ security.sudo.wheelNeedsPassword = false; # NGINX - services.nginx.enable = true; + services.nginx = { + enable = true; + package = pkgs.nginx.overrideAttrs (oldAttrs: { + configureFlags = oldAttrs.configureFlags ++ [ "--add-module=${ngx_http_geoip2_module}" ]; + buildInputs = oldAttrs.buildInputs ++ [ pkgs.libmaxminddb ]; + }); + }; - environment.systemPackages = [ - pkgs.nginx - ]; + # WEBHOOK + # TODO: we will have multiple instances of these, + # should they somehow broadcast changes to eachother? + # Should this be a GO service instead? With some raft mechanism? + # At that point, we could also switch from nginx to envoy or something... + services.webhook = { + enable = true; + port = 9000; + hooks = { + test = { + execute-command = "echo 'test'"; + }; + }; + }; + + environment.systemPackages = [ pkgs.nginx ]; }