Skip to content

Instantly share code, notes, and snippets.

@matejc

matejc/logical.nix

Created October 10, 2016 11:19
Show Gist options
  • Save matejc/688225bfec7f2e07abbeb474f7f59ea8 to your computer and use it in GitHub Desktop.
Save matejc/688225bfec7f2e07abbeb474f7f59ea8 to your computer and use it in GitHub Desktop.
Download ZIP
nixops example with nixos-conteiner
Raw
logical.nix
{ cert ? "", key ? "" }: {
server = { config, pkgs, ... }: {
services.openssh.enable = true;
services.panamax.enable = false;
};
hidden = { config, lib, pkgs, ... }: with lib; {
options = {
owncloudHost = lib.mkOption {
default = "";
description = "Hostname where owncloud listens.";
};
};
config = {
# and drupal needs this:
system.activationScripts.fuck_u = ''
mkdir -p /run/mysqld
ln -s /tmp/mysql.sock /run/mysqld/mysqld.sock || true
'';
services = {
postgresql = {
enable = true;
package = pkgs.postgresql92;
};
# post mysql script expects this:
mysql.extraOptions = ''
socket = /tmp/mysql.sock
'';
# civicrm cron for sending emails
cron.enable = true;
cron.systemCronJobs = [
"*/15 * * * * nginx ${pkgs.wget}/bin/wget --no-check-certificate -O - -q -t 1 'https://localhost:4455/sites/all/modules/civicrm/bin/cron.php?name=cronie&pass=<hidden>&key=<hidden>'"
];
# much faster responses if using newer php
phpfpm.phpPackage = pkgs.php56;
drupal = {
enable = true;
hostName = "hidden.beje.si";
dbPassword = "hidden";
adminUser = "admin";
adminPassword = "hidden";
listenAddress = "0.0.0.0";
listenPort = "4455";
enableSSL = mkIf (cert != "" && key != "") true;
sslCertificate = mkIf (cert != "") cert;
sslCertificateKey = mkIf (key != "") key;
cronKey = "hidden";
};
postfix = {
enable = true;
setSendmail = true;
};
httpd = {
enable = true;
adminAddr = "[email protected]";
sslServerCert = mkIf (cert != "") cert;
sslServerKey = mkIf (key != "") key;
enableSSL = mkIf (cert != "" && key != "") true;
extraSubservices = [{
serviceType = "owncloud";
dbServer = "localhost:/tmp/.s.PGSQL.5432";
dbPassword = "hidden";
adminUser = "admin";
adminPassword = "hidden"; # changeme
libreofficePath = "";
overwriteHost = config.owncloudHost;
}
{
serviceType = "limesurvey";
dbPassword = "hidden";
urlPrefix = "/survey";
adminPassword = "hidden";
}];
};
};
};
};
}
Raw
physical.nix
{
server = { config, pkgs, lib, ... }: {
imports = [
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_blk" ];
boot.loader.grub.device = "/dev/vda";
fileSystems."/" = {
device = "/dev/disk/by-uuid/942e5-ea2a-489e-a30f-46f16e0";
fsType = "ext4";
};
networking.hostName = "hidden";
networking.domain = "beje.si";
networking.hostId = "hidden";
networking.interfaces.eth0.ip4 = [{
address = "hi.dd.en.174";
prefixLength = 27;
}];
networking.defaultGateway = "hi.dd.en.161";
networking.nameservers = [ "hi.dd.en.2" "hi.dd.en.4" ];
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "eth0";
networking.nat.forwardPorts = [{
sourcePort = 80;
destination = "hi.dd.en..2:80";
}
{
sourcePort = 443;
destination = "hi.dd.en.2:443";
}
{
sourcePort = 4455;
destination = "hi.dd.en.2:4455";
}];
deployment.targetEnv = "none";
deployment.targetHost = "hidden.beje.si";
};
hidden = { config, pkgs, ... }: {
deployment.targetEnv = "container";
deployment.container.host = "hidden.beje.si";
networking.firewall.trustedInterfaces = [ "eth0" ];
environment.systemPackages = [ pkgs.tmux ];
owncloudHost = "hidden.beje.si";
};
}
@predkambrij
Copy link

beje.si is still available to register :P /hint /hint

@sorki
Copy link

sorki commented Feb 15, 2018

I've stumbled upon this while looking for drupal module - could you share this as well please?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment