Radish alpha
r
radicle-infra
rad:z254T5p17bdFPmzfDojsdjo4HjpoZ
Radicle Infrastructure as Code (NixOS, OpenTofu, …)
Radicle
Git
Commits 2aaabf9
seed: Enable `radicle-httpd` and clean up
Lorenz Leutgeb committed 11 months ago
commit 2aaabf9be3f34ecf00696ee308342fe58c9f5157
parent 23ef05f
2 files changed +20 -25
modified os/host/xyz/seed/default.nix
@@ -20,8 +20,6 @@
    (modulesPath + "/profiles/qemu-guest.nix")

  ];
- 
  # /var/lib/radicle /mnt/HC_Volume_30473554/heartwood/.radicle/
- 


  systemd.network.enable = true;



  fileSystems =
@@ -73,9 +71,6 @@
    ];

  };
- 
  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
- 
  # Per-interface useDHCP will be mandatory in the future, so this generated config
- 
  # replicates the default behaviour.

  networking = {

    hostName = "seed";

    domain = "radicle.xyz";
@@ -85,19 +80,17 @@
    firewall = {

      allowedTCPPorts = [

        22 # ssh
+ 
        80 # http

        443 # https
+ 
        8776 # radicle-node
+ 
      ];
+
+ 
      allowedUDPPorts = [
+ 
        443 # http3

      ];

    };

  };
- 
  # Select internationalisation properties.
- 
  # i18n.defaultLocale = "en_US.UTF-8";
- 
  # console = {
- 
  #   font = "Lat2-Terminus16";
- 
  #   keyMap = "us";
- 
  # };
-
- 
  # Set your time zone.

  time.timeZone = "UTC";

  i18n.defaultLocale = "en_US.UTF-8";
@@ -117,18 +110,7 @@
  services = {

    accounts-daemon.enable = true;

    resolved.enable = true;
-
- 
    caddy = {
- 
      enable = true;
- 
      email = "team@radicle.xyz";
- 
      virtualHosts = {
- 
        # TODO: Remove once radicle-httpd is up.
- 
        "https://${config.networking.fqdn}".extraConfig = "respond `${builtins.toJSON {
- 
          rev = self.rev or self.dirtyRev;
- 
          inherit (self) lastModified;
- 
        }}`";
- 
      };
- 
    };
+ 
    nginx.enable = true;

  };



  networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
@@ -136,6 +118,10 @@
  nixpkgs.hostPlatform = "x86_64-linux";



  security = {
+ 
    acme = {
+ 
      defaults.email = "team@radicle.xyz";
+ 
      acceptTerms = true;
+ 
    };

    sudo.wheelNeedsPassword = false;

  };

}
modified os/host/xyz/seed/radicle.nix
@@ -36,5 +36,14 @@
        "rad:z4D5UCArafTzTQpDZNQRuqswh3ury"

      ];

    };
+
+ 
    httpd = {
+ 
      enable = true;
+ 
      nginx = {
+ 
        addSSL = true;
+ 
        enableACME = true;
+ 
        serverName = config.networking.fqdn;
+ 
      };
+ 
    };

  };

}