migration: finalize

5 files changed, 188 insertions, 0 deletions

diff --git a/modules/nixos/services/web/default.nix b/modules/nixos/services/web/default.nix
new file mode 100644
index 0000000..1e1e854
--- /dev/null
+++ b/modules/nixos/services/web/default.nix
@@ -0,0 +1,23 @@
+{ options, config, lib, namespace, ... }:
+
+with lib; with lib.${namespace}; let
+  cfg = config.${namespace}.services.web;
+  impermanence = config.${namespace}.system.impermanence;
+in {
+  options.${namespace}.services.web = with types; {
+    enable = mkEnableOption "web";
+  };
+
+  config = mkIf cfg.enable {
+    environment.persistence.${impermanence.location} = {
+      directories = [
+        "/var/lib/acme"
+      ];
+    };
+
+    security.acme = {
+      acceptTerms = true;
+      defaults.email = "caroline@larimo.re";
+    };
+  };
+}
diff --git a/modules/nixos/services/web/images/default.nix b/modules/nixos/services/web/images/default.nix
new file mode 100644
index 0000000..b1c44e6
--- /dev/null
+++ b/modules/nixos/services/web/images/default.nix
@@ -0,0 +1,34 @@
+{ options, config, lib, namespace, ... }:
+
+with lib; with lib.${namespace}; let
+  cfg = config.${namespace}.services.web.images;
+  impermanence = config.${namespace}.system.impermanence;
+in {
+  options.${namespace}.services.web.images = with types; {
+    enable = mkEnableOption "image webserver";
+  };
+
+  config = mkIf cfg.enable {
+    cxl.services.web.enable = true;
+
+    environment.persistence.${impermanence.location} = {
+      directories = [
+        "/srv/web/images"
+      ];
+    };
+
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+    
+    services.nginx = {
+      enable = true;
+      virtualHosts = {
+        "i.cxl.sh" = {
+          addSSL = true;
+          enableACME = true;
+
+          root = "/srv/web/images";
+        };
+      };
+    };
+  };
+}
diff --git a/modules/nixos/services/web/landing/default.nix b/modules/nixos/services/web/landing/default.nix
new file mode 100644
index 0000000..fe9e92b
--- /dev/null
+++ b/modules/nixos/services/web/landing/default.nix
@@ -0,0 +1,34 @@
+{ options, config, lib, namespace, ... }:
+
+with lib; with lib.${namespace}; let
+  cfg = config.${namespace}.services.web.landing;
+  impermanence = config.${namespace}.system.impermanence;
+in {
+  options.${namespace}.services.web.landing = with types; {
+    enable = mkEnableOption "cxl.sh landing page webserver";
+  };
+
+  config = mkIf cfg.enable {
+    cxl.services.web.enable = true;
+
+    environment.persistence.${impermanence.location} = {
+      directories = [
+        "/srv/web/landing"
+      ];
+    };
+
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+    
+    services.nginx = {
+      enable = true;
+      virtualHosts = {
+        "cxl.sh" = {
+          addSSL = true;
+          enableACME = true;
+
+          root = "/srv/web/landing";
+        };
+      };
+    };
+  };
+}
diff --git a/modules/nixos/services/web/personal/default.nix b/modules/nixos/services/web/personal/default.nix
new file mode 100644
index 0000000..daf94c1
--- /dev/null
+++ b/modules/nixos/services/web/personal/default.nix
@@ -0,0 +1,63 @@
+{ options, config, lib, pkgs, namespace, ... }:
+
+with lib; with lib.${namespace}; let
+  cfg = config.${namespace}.services.web.personal;
+  impermanence = config.${namespace}.system.impermanence;
+
+  package = (pkgs.buildGoModule rec {
+    pname = "site";
+    version = "6612d84c63a7bbc2a5b70607f2ec32ea070c4659";
+
+    src = pkgs.fetchFromGitHub {
+      owner = "CartConnoisseur";
+      repo = "site";
+      rev = "${version}";
+      hash = "sha256-n54+LdtMyjoLfaFqd7tcDQqBiYCdUW/Rs67Vc4QwEJ0=";
+    };
+
+    # kinda a hack, but whatever
+    postBuild = ''
+      mkdir -p $out/share/site
+      cp -r $src/* $out/share/site/
+    '';
+
+    vendorHash = "sha256-2/4Wv7nsaT0wnUzkRgHKpSswigDj9nOvlmYXK29rvLU=";
+  });
+in {
+  options.${namespace}.services.personal.images = with types; {
+    enable = mkEnableOption "personal site webserver";
+  };
+
+  config = mkIf cfg.enable {
+    cxl.services.web.enable = true;
+
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+    
+    services.nginx = {
+      enable = true;
+      virtualHosts = {
+        "caroline.larimo.re" = {
+          # serverAliases = [ "cxl.sh" ];
+
+          addSSL = true;
+          enableACME = true;
+
+          locations."/" = {
+            recommendedProxySettings = true;
+            proxyPass = "http://127.0.0.1:8080/";
+          };
+        };
+      };
+    };
+
+    systemd.services."cxl.web.personal" = {
+      enable = true;
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig = {
+        WorkingDirectory = "${package}/share/site";
+        ExecStart = "${package}/bin/site";
+      };
+    };
+  };
+}
diff --git a/modules/nixos/services/web/stargazers/default.nix b/modules/nixos/services/web/stargazers/default.nix
new file mode 100644
index 0000000..3e9b46e
--- /dev/null
+++ b/modules/nixos/services/web/stargazers/default.nix
@@ -0,0 +1,34 @@
+{ options, config, lib, namespace, ... }:
+
+with lib; with lib.${namespace}; let
+  cfg = config.${namespace}.services.web.stargazers;
+  impermanence = config.${namespace}.system.impermanence;
+in {
+  options.${namespace}.services.web.stargazers = with types; {
+    enable = mkEnableOption "stargazers webserver";
+  };
+
+  config = mkIf cfg.enable {
+    cxl.services.web.enable = true;
+
+    environment.persistence.${impermanence.location} = {
+      directories = [
+        "/srv/web/stargazers"
+      ];
+    };
+
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+    
+    services.nginx = {
+      enable = true;
+      virtualHosts = {
+        "stargazers.xn--6frz82g" = {
+          addSSL = true;
+          enableACME = true;
+
+          root = "/srv/web/stargazers";
+        };
+      };
+    };
+  };
+}