87 lines
1.8 KiB
Nix
87 lines
1.8 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
modulesPath,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
"${modulesPath}/virtualisation/proxmox-lxc.nix"
|
|
];
|
|
|
|
sops = {
|
|
defaultSopsFile = ./secrets.sops.yaml;
|
|
secrets = {
|
|
"gradient-jwt".owner = "gradient";
|
|
"gradient-crypt".owner = "gradient";
|
|
"gradient-worker".owner = "gradient-worker";
|
|
};
|
|
};
|
|
|
|
networking = {
|
|
hostName = "gradient";
|
|
fqdn = "gradient.adm.htw.stura-dresden.de";
|
|
interfaces.eth0.ipv4.addresses = [
|
|
{
|
|
address = "141.56.51.127";
|
|
prefixLength = 24;
|
|
}
|
|
];
|
|
|
|
defaultGateway = {
|
|
address = "141.56.51.254";
|
|
interface = "eth0";
|
|
};
|
|
firewall.allowedTCPPorts = [
|
|
80
|
|
443
|
|
];
|
|
};
|
|
|
|
services = {
|
|
openssh.enable = true;
|
|
|
|
gradient = {
|
|
enable = true;
|
|
frontend.enable = true;
|
|
domain = "${config.networking.fqdn}";
|
|
jwtSecretFile = "/run/secrets/gradient-jwt";
|
|
cryptSecretFile = "/run/secrets/gradient-crypt";
|
|
configurePostgres = true;
|
|
configureNginx = true;
|
|
# serveCache = true;
|
|
reportErrors = true; # optional: will send crash reports to us
|
|
|
|
worker = {
|
|
enable = true;
|
|
serverUrl = "ws://127.0.0.1:3000/proto";
|
|
workerId = "8f56dd3a-5698-4512-8bf7-ab8dcfaed46c";
|
|
peersFile = "/run/secrets/gradient-worker-peers";
|
|
capabilities = {
|
|
fetch = true;
|
|
eval = true;
|
|
build = true;
|
|
};
|
|
settings = {
|
|
logLevel.default = "debug";
|
|
};
|
|
};
|
|
};
|
|
|
|
nginx.virtualHosts."${config.networking.fqdn}".listen = [
|
|
{
|
|
port = 80;
|
|
addr = "0.0.0.0";
|
|
}
|
|
{
|
|
port = 443;
|
|
addr = "0.0.0.0";
|
|
ssl = true;
|
|
proxyProtocol = true;
|
|
}
|
|
];
|
|
};
|
|
|
|
system.stateVersion = "25.11";
|
|
}
|