Add the container for ingress at blowhole

Signed-off-by: Magic_RB <magic_rb@redalder.org>
This commit is contained in:
Magic_RB 2023-06-13 23:06:10 +02:00
parent a2c85e365f
commit 7815dfcd46
2 changed files with 92 additions and 0 deletions

View file

@ -47,6 +47,7 @@
nixos/systems/liveusb nixos/systems/liveusb
nixos/systems/blowhole nixos/systems/blowhole
nixng/containers/ingress-blowhole
nixng/containers/matrix/mautrix-signal nixng/containers/matrix/mautrix-signal
nixng/containers/matrix/mautrix-discord nixng/containers/matrix/mautrix-discord
nixng/containers/matrix/mautrix-facebook nixng/containers/matrix/mautrix-facebook

View file

@ -0,0 +1,91 @@
{ inputs, ... }:
{
flake.nixngConfigurations.ingressBlowhole = inputs.nixng.nglib.makeSystem {
system = "x86_64-linux";
name = "ingress-blowhole";
inherit (inputs) nixpkgs;
config =
{ pkgs, lib, ... }:
let
inherit (lib)
singleton;
in
{
dumb-init = {
enable = true;
sigell.entries = [
{
signal = "HUP";
action = {
type = "exec";
environment = {
PATH = "${pkgs.bash}/bin:${pkgs.busybox}/bin";
};
command =
[ "bash"
"-c"
"kill -s HUP \"$(cat /nginx.pid)\""
];
};
}
{
signal = "TERM";
action = {
type = "signal";
rewrite = "TERM";
selector = {
type = "child";
};
};
}
];
type.services = {};
};
init.services.nginx.shutdownOnExit = true;
services.nginx = {
enable = true;
envsubst = true;
configuration = singleton {
daemon = "off";
worker_processes = 2;
user = "nginx";
events."" = {
use = "epoll";
worker_connections = 128;
};
error_log = [ "/dev/stderr" "warn" ];
pid = "/nginx.pid";
stream."" = {
include = singleton [ "/local/streams.conf" ];
};
http."" = {
server_tokens = "off";
include = [
[ "${pkgs.nginx}/conf/mime.types" ]
[ "/local/upstreams.conf" ]
];
charset = "utf-8";
access_log = [ "/dev/stdout" "combined" ];
server."" = {
listen = [ "80" "default_server" ];
server_name = singleton "blowhole.in.redalder.org";
location."/" = {
return = [ "301" "https://$$host$$request_uri" ];
};
};
};
};
};
};
};
}