feat: nginx and webhooks
This commit is contained in:
parent
19678552e6
commit
b1b8633945
1 changed files with 47 additions and 13 deletions
|
@ -4,7 +4,23 @@
|
|||
config,
|
||||
pkgs,
|
||||
...
|
||||
} : {
|
||||
}:
|
||||
let
|
||||
ngx_http_geoip2_module = pkgs.stdenv.mkDerivation rec {
|
||||
name = "ngx_http_geoip2_module-a28ceff";
|
||||
src = pkgs.fetchgit {
|
||||
url = "https://github.com/leev/ngx_http_geoip2_module";
|
||||
rev = "445df24ef3781e488cee3dfe8a1e111997fc1dfe";
|
||||
sha256 = "1h2xkxpb2nk4r3pkbzgas5rbl95i59jpa59rh94x2hyzxmzrzvv8";
|
||||
};
|
||||
installPhase = ''
|
||||
mkdir $out
|
||||
cp *.c config $out/
|
||||
'';
|
||||
fixupPhase = "";
|
||||
};
|
||||
in
|
||||
{
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
#boot.loader.systemd-boot.enable = true;
|
||||
|
@ -15,14 +31,13 @@
|
|||
|
||||
# USER MANAGEMENT
|
||||
nix.settings.trusted-users = [ "nixos" ];
|
||||
users.users.nixos =
|
||||
{
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICXAlzwziqfUUb2qmFwNF/nrBYc5MNT1MMOx81ohBmB+ tine@little.sys.tjo.space"
|
||||
];
|
||||
};
|
||||
users.users.nixos = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICXAlzwziqfUUb2qmFwNF/nrBYc5MNT1MMOx81ohBmB+ tine@little.sys.tjo.space"
|
||||
];
|
||||
};
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings.PasswordAuthentication = false;
|
||||
|
@ -32,9 +47,28 @@
|
|||
security.sudo.wheelNeedsPassword = false;
|
||||
|
||||
# NGINX
|
||||
services.nginx.enable = true;
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
package = pkgs.nginx.overrideAttrs (oldAttrs: {
|
||||
configureFlags = oldAttrs.configureFlags ++ [ "--add-module=${ngx_http_geoip2_module}" ];
|
||||
buildInputs = oldAttrs.buildInputs ++ [ pkgs.libmaxminddb ];
|
||||
});
|
||||
};
|
||||
|
||||
environment.systemPackages = [
|
||||
pkgs.nginx
|
||||
];
|
||||
# WEBHOOK
|
||||
# TODO: we will have multiple instances of these,
|
||||
# should they somehow broadcast changes to eachother?
|
||||
# Should this be a GO service instead? With some raft mechanism?
|
||||
# At that point, we could also switch from nginx to envoy or something...
|
||||
services.webhook = {
|
||||
enable = true;
|
||||
port = 9000;
|
||||
hooks = {
|
||||
test = {
|
||||
execute-command = "echo 'test'";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [ pkgs.nginx ];
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue