Add the container for ingress at blowhole

Signed-off-by: Magic_RB <magic_rb@redalder.org>
2024-11-25 17:46:14 +01:00 · 2023-06-13 23:06:10 +02:00 · 2023-06-13 23:06:10 +02:00 · 7815dfcd46
parent a2c85e365f
commit 7815dfcd46
2 changed files with 92 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@ -47,6 +47,7 @@
        nixos/systems/liveusb
        nixos/systems/blowhole
        nixng/containers/ingress-blowhole
        nixng/containers/matrix/mautrix-signal
        nixng/containers/matrix/mautrix-discord
        nixng/containers/matrix/mautrix-facebook
--- a/nixng/containers/ingress-blowhole/default.nix
+++ b/nixng/containers/ingress-blowhole/default.nix
@ -0,0 +1,91 @@
 { inputs, ... }:
 {
  flake.nixngConfigurations.ingressBlowhole = inputs.nixng.nglib.makeSystem {
    system = "x86_64-linux";
    name = "ingress-blowhole";
    inherit (inputs) nixpkgs;
    config =
      { pkgs, lib, ... }:
      let
        inherit (lib)
          singleton;
      in
        {
          dumb-init = {
            enable = true;
            sigell.entries = [
              {
                signal = "HUP";
                action = {
                  type = "exec";
                  environment = {
                    PATH = "${pkgs.bash}/bin:${pkgs.busybox}/bin";
                  };
                  command =
                    [ "bash"
                      "-c"
                      "kill -s HUP \"$(cat /nginx.pid)\""
                    ];
                };
              }
              {
                signal = "TERM";
                action = {
                  type = "signal";
                  rewrite = "TERM";
                  selector = {
                    type = "child";
                  };
                };
              }
            ];
            type.services = {};
          };
          init.services.nginx.shutdownOnExit = true;
          services.nginx = {
            enable = true;
            envsubst = true;
            configuration = singleton {
              daemon = "off";
              worker_processes = 2;
              user = "nginx";
              events."" = {
                use = "epoll";
                worker_connections = 128;
              };
              error_log = [ "/dev/stderr" "warn" ];
              pid = "/nginx.pid";
              stream."" = {
                include = singleton [ "/local/streams.conf" ];
              };
              http."" = {
                server_tokens = "off";
                include = [
                  [ "${pkgs.nginx}/conf/mime.types" ]
                  [ "/local/upstreams.conf" ]
                ];
                charset = "utf-8";
                access_log = [ "/dev/stdout" "combined" ];
                server."" = {
                  listen = [ "80" "default_server" ];
                  server_name = singleton "blowhole.in.redalder.org";
                  location."/" = {
                    return = [ "301" "https://$$host$$request_uri" ];
                  };
                };
              };
            };
          };
        };
  };
 }