a big mess of specific service config

2024-02-23 22:31:46 +01:00 · 2024-02-23 22:31:46 +01:00 · fbacdee578
commit fbacdee578
parent 648c853e7c
3 changed files with 105 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,3 @@
 .directory
 result
+secrets
--- a/modules/hardware/vinzenz-lpt2.nix
+++ b/modules/hardware/vinzenz-lpt2.nix
@ -30,7 +30,12 @@
      };
    };

-    swapDevices = [];
+    swapDevices = [
+      {
+        device = "/var/lib/swapfile";
+        size = 32 * 1024;
+      }
+    ];

    services.thermald.enable = true;
  };
--- a/vinzenz-lpt2.nix
+++ b/vinzenz-lpt2.nix
@ -17,7 +17,14 @@
      };
      buildtools = {
        dotnet = true;
+        #objective-c = true;
      };
+
+      allowUnfreePackages = [
+        "rider"
+        "clion"
+        "pycharm-professional"
+      ];
    };

    environment.systemPackages = with pkgs; [anydesk];
@ -35,5 +42,96 @@
    users.users.ronja.openssh.authorizedKeys.keys = [
      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ssh-host-key''
    ];
+
+    # TODO: move to own module
+    services.openvscode-server = {
+      enable = true;
+      telemetryLevel = "off";
+      port = 8542;
+      host = "127.0.0.1";
+      extraPackages = with pkgs; [nodejs];
+    };
+
+    services.nginx = {
+      enable = true;
+      virtualHosts = {
+        "vscode" = {
+          serverName = "vinzenz-lpt2";
+          locations = {
+            "/" = {
+              proxyPass = "http://127.0.0.1:8542";
+              extraConfig = ''
+                proxy_http_version 1.1;
+                proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Connection "Upgrade";
+                proxy_set_header Host $host;
+              '';
+            };
+          };
+
+          listen = [
+            {
+              addr = "0.0.0.0";
+              port = 5000;
+              ssl = true;
+            }
+          ];
+
+          serverAliases = ["localhost" "vinzenz-lpt2.lan"];
+          addSSL = true;
+          sslCertificateKey = "/etc/nginx-secrets/nginx-selfsigned.key";
+          sslCertificate = "/etc/nginx-secrets/nginx-selfsigned.crt";
+        };
+        "app" = {
+          serverName = "vinzenz-lpt2";
+          locations = {
+            "/" = {
+              proxyPass = "http://127.0.0.1:3000/";
+            };
+          };
+
+          listen = [
+            {
+              addr = "0.0.0.0";
+              port = 5001;
+              ssl = true;
+            }
+          ];
+
+          serverAliases = ["localhost" "vinzenz-lpt2.lan"];
+          addSSL = true;
+          sslCertificateKey = "/etc/nginx-secrets/nginx-selfsigned.key";
+          sslCertificate = "/etc/nginx-secrets/nginx-selfsigned.crt";
+        };
+        "api" = {
+          serverName = "vinzenz-lpt2";
+          locations = {
+            "/" = {
+              proxyPass = "http://127.0.0.1:3002/";
+            };
+          };
+
+          listen = [
+            {
+              addr = "0.0.0.0";
+              port = 5002;
+              ssl = true;
+            }
+          ];
+
+          serverAliases = ["localhost" "vinzenz-lpt2.lan"];
+          addSSL = true;
+          sslCertificateKey = "/etc/nginx-secrets/nginx-selfsigned.key";
+          sslCertificate = "/etc/nginx-secrets/nginx-selfsigned.crt";
+        };
+      };
+    };
+
+    networking.firewall.allowedTCPPortRanges = [
+      {
+        from = 5000;
+        to = 5005;
+      }
+    ];
  };
 }