From fbacdee5781bb2b777880c9ff9a9985dfb747554 Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Fri, 23 Feb 2024 22:31:46 +0100 Subject: [PATCH] a big mess of specific service config --- .gitignore | 1 + modules/hardware/vinzenz-lpt2.nix | 7 ++- vinzenz-lpt2.nix | 98 +++++++++++++++++++++++++++++++ 3 files changed, 105 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 8e21b1d..d3f13a7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .directory result +secrets diff --git a/modules/hardware/vinzenz-lpt2.nix b/modules/hardware/vinzenz-lpt2.nix index 3d86615..2f296c4 100644 --- a/modules/hardware/vinzenz-lpt2.nix +++ b/modules/hardware/vinzenz-lpt2.nix @@ -30,7 +30,12 @@ }; }; - swapDevices = []; + swapDevices = [ + { + device = "/var/lib/swapfile"; + size = 32 * 1024; + } + ]; services.thermald.enable = true; }; diff --git a/vinzenz-lpt2.nix b/vinzenz-lpt2.nix index 08c1f34..cc9fe02 100644 --- a/vinzenz-lpt2.nix +++ b/vinzenz-lpt2.nix @@ -17,7 +17,14 @@ }; buildtools = { dotnet = true; + #objective-c = true; }; + + allowUnfreePackages = [ + "rider" + "clion" + "pycharm-professional" + ]; }; environment.systemPackages = with pkgs; [anydesk]; @@ -35,5 +42,96 @@ users.users.ronja.openssh.authorizedKeys.keys = [ ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ssh-host-key'' ]; + + # TODO: move to own module + services.openvscode-server = { + enable = true; + telemetryLevel = "off"; + port = 8542; + host = "127.0.0.1"; + extraPackages = with pkgs; [nodejs]; + }; + + services.nginx = { + enable = true; + virtualHosts = { + "vscode" = { + serverName = "vinzenz-lpt2"; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:8542"; + extraConfig = '' + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + ''; + }; + }; + + listen = [ + { + addr = "0.0.0.0"; + port = 5000; + ssl = true; + } + ]; + + serverAliases = ["localhost" "vinzenz-lpt2.lan"]; + addSSL = true; + sslCertificateKey = "/etc/nginx-secrets/nginx-selfsigned.key"; + sslCertificate = "/etc/nginx-secrets/nginx-selfsigned.crt"; + }; + "app" = { + serverName = "vinzenz-lpt2"; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:3000/"; + }; + }; + + listen = [ + { + addr = "0.0.0.0"; + port = 5001; + ssl = true; + } + ]; + + serverAliases = ["localhost" "vinzenz-lpt2.lan"]; + addSSL = true; + sslCertificateKey = "/etc/nginx-secrets/nginx-selfsigned.key"; + sslCertificate = "/etc/nginx-secrets/nginx-selfsigned.crt"; + }; + "api" = { + serverName = "vinzenz-lpt2"; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:3002/"; + }; + }; + + listen = [ + { + addr = "0.0.0.0"; + port = 5002; + ssl = true; + } + ]; + + serverAliases = ["localhost" "vinzenz-lpt2.lan"]; + addSSL = true; + sslCertificateKey = "/etc/nginx-secrets/nginx-selfsigned.key"; + sslCertificate = "/etc/nginx-secrets/nginx-selfsigned.crt"; + }; + }; + }; + + networking.firewall.allowedTCPPortRanges = [ + { + from = 5000; + to = 5005; + } + ]; }; }