Move ponthirtaekwondo.co.uk

2025-11-19 18:44:21 +00:00 · 2025-11-19 18:44:21 +00:00 · 17be52b377
commit 17be52b377
parent 49729903cd
15 changed files with 136 additions and 107 deletions
--- a/modules/hosts/homelab/home02/configuration.nix
+++ b/modules/hosts/homelab/home02/configuration.nix
@ -1,5 +1,29 @@
+{ inputs, ... }:
+
 {
  flake.modules.nixos."nixosConfigurations/home02" = {
+    imports = with inputs.self.modules.nixos; [
+      inputs.agenix.nixosModules.default
+
+      nginx-ponthir-taekwondo
+    ];
+
+    nix.settings = {
+      auto-optimise-store = true;
+
+      experimental-features = [
+        "nix-command"
+        "flakes"
+      ];
+
+      warn-dirty = false;
+    };
+
+    age.secrets = {
+      cloudflare.file = ../../../../secrets/cloudflare.age;
+      cloudflared.file = ../../../../secrets/cloudflared-credentials2.age;
+    };
+
    networking.hostName = "home02";

    system.stateVersion = "25.05";
--- a/modules/hosts/homelab/home02/nginx.nix
+++ b/modules/hosts/homelab/home02/nginx.nix
@ -1,5 +0,0 @@
-{
-  flake.modules.nixos."nixosConfigurations/home02".services.nginx = {
-    enable = true;
-  };
-}
--- a/modules/nixos-configurations.nix
+++ b/modules/nixos-configurations.nix
@ -32,7 +32,7 @@
            ++ (
              # TODO: remove once everything has bee moved to modules.
              if builtins.pathExists "${self}/hosts/${hostname}/configuration.nix" then
-                "${self}/hosts/${hostname}/configuration.nix"
+                [ "${self}/hosts/${hostname}/configuration.nix" ]
              else
                [ ]
            )
--- a/modules/server/home02/ponthir-taekwondo.nix
+++ b/modules/server/home02/ponthir-taekwondo.nix
@ -0,0 +1,57 @@
+{
+  flake.modules.nixos.nginx-ponthir-taekwondo =
+    { config, ... }:
+    let
+      domain = "ponthirtaekwondo.co.uk";
+      port = 9099;
+    in
+    {
+      security.acme = {
+        acceptTerms = true;
+
+        certs.${domain} = {
+          dnsProvider = "cloudflare";
+          domain = "${domain}";
+          email = "oliver@oliverdavies.uk";
+          environmentFile = config.age.secrets.cloudflare.path;
+          extraDomainNames = [ "www.${domain}" ];
+          webroot = null;
+        };
+      };
+
+      services.nginx = {
+        enable = true;
+
+        virtualHosts."www.${domain}" = {
+          root = "/var/www/vhosts/${domain}";
+
+          listen = [
+            {
+              inherit port;
+
+              addr = "localhost";
+            }
+          ];
+
+          locations."/".tryFiles = "$uri $uri.html $uri/index.html =404";
+
+          extraConfig = ''
+            port_in_redirect off;
+
+            # Remove trailing slashes.
+            rewrite ^/(.*)/$ /$1 permanent;
+          '';
+        };
+      };
+
+      services.cloudflared = {
+        enable = true;
+
+        tunnels."c1537889-81ac-4d41-b80d-9657f8db30c7" = {
+          credentialsFile = config.age.secrets.cloudflared.path;
+          default = "http_status:404";
+          ingress."www.${domain}" = "http://localhost:${toString port}";
+        };
+      };
+    };
+}