maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
snix/users/grfn/bbbg/tf.nix
Vincent Ambo aa122cbae7 style: format entire depot with nixpkgs-fmt 
This CL can be used to compare the style of nixpkgs-fmt against other
formatters (nixpkgs, alejandra).

Change-Id: I87c6abff6bcb546b02ead15ad0405f81e01b6d9e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4397
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: wpcarro <wpcarro@gmail.com>
Reviewed-by: Profpatsch <mail@profpatsch.de>
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: cynthia <cynthia@tvl.fyi>
Reviewed-by: edef <edef@edef.eu>
Reviewed-by: eta <tvl@eta.st>
Reviewed-by: grfn <grfn@gws.fyi>
2022-01-31 16:11:53 +00:00

96 lines
2 KiB
Nix
Raw Blame History

{ depot, ... }:
let
inherit (depot.users.grfn)
terraform
;
in
terraform.workspace "bbbg"
{
plugins = (p: with p; [
aws
cloudflare
]);
}
{
machine = terraform.nixosMachine {
name = "bbbg";
instanceType = "t3a.small";
rootVolumeSizeGb = 250;
extraIngressPorts = [ 80 443 ];
configuration = { pkgs, lib, config, depot, ... }: {
imports = [
./module.nix
"${depot.third_party.agenix.src}/modules/age.nix"
];
services.openssh.enable = true;
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
};
networking.firewall.enable = false;
programs.zsh.enable = true;
users.users.grfn = {
isNormalUser = true;
initialPassword = "password";
extraGroups = [
"wheel"
"networkmanager"
"audio"
"docker"
];
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
depot.users.grfn.keys.main
];
};
security.sudo.extraRules = [{
groups = [ "wheel" ];
commands = [{ command = "ALL"; options = [ "NOPASSWD" ]; }];
}];
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
age.secrets = {
bbbg.file =
depot.users.grfn.secrets."bbbg.age";
};
services.bbbg.enable = true;
services.bbbg.database.enable = true;
services.bbbg.proxy.enable = true;
services.bbbg.domain = "bbbg.gws.fyi";
security.acme.defaults.email = "root@gws.fyi";
security.acme.acceptTerms = true;
};
};
dns = {
data.cloudflare_zone.gws-fyi = {
name = "gws.fyi";
};
resource.cloudflare_record.bbbg = {
zone_id = "\${data.cloudflare_zone.gws-fyi.id}";
name = "bbbg";
type = "A";
value = "\${aws_instance.bbbg_machine.public_ip}";
proxied = false;
};
};
}
Reference in a new issue View git blame Copy permalink