New host: meet.services.privatevoid.net
This commit is contained in:
parent
b1e9b98d1a
commit
cdcd4f7b67
4 changed files with 50 additions and 1 deletions
|
@ -49,7 +49,7 @@
|
|||
in {
|
||||
nixosModules = aspect.modules;
|
||||
nixosConfigurations =
|
||||
(lib.genAttrs [ "styx" ] mkNixOS);
|
||||
(lib.genAttrs [ "styx" "meet" ] mkNixOS);
|
||||
|
||||
deploy.nodes = with deploy-rs-lib; {
|
||||
styx = {
|
||||
|
@ -59,6 +59,13 @@
|
|||
path = activate.nixos self.nixosConfigurations.styx;
|
||||
};
|
||||
};
|
||||
meet = {
|
||||
hostname = "meet.services.privatevoid.net";
|
||||
profiles.system = {
|
||||
user = "root";
|
||||
path = activate.nixos self.nixosConfigurations.meet;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
packages.${system} = import ./packages {
|
||||
|
|
|
@ -4,6 +4,7 @@ in with tools.dns; {
|
|||
|
||||
# NixOS machines
|
||||
styx = import ./styx tools;
|
||||
meet = import ./meet tools;
|
||||
|
||||
# Non-NixOS machine metadata
|
||||
VEGAS = {
|
||||
|
|
7
hosts/meet/default.nix
Normal file
7
hosts/meet/default.nix
Normal file
|
@ -0,0 +1,7 @@
|
|||
tools: {
|
||||
ssh.id = with tools.dns; {
|
||||
publicKey = "ssh-invalid";
|
||||
hostNames = subResolve "meet" "services";
|
||||
};
|
||||
nixos = import ./system.nix;
|
||||
}
|
34
hosts/meet/system.nix
Normal file
34
hosts/meet/system.nix
Normal file
|
@ -0,0 +1,34 @@
|
|||
{ config, pkgs, modulesPath, aspect, inputs, ... }:
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/virtualisation/lxc-container.nix")
|
||||
inputs.agenix.nixosModules.age
|
||||
]
|
||||
++ (import ../../users "server").groups.admin
|
||||
++ aspect.sets.server
|
||||
++ (with aspect.modules; [ ]);
|
||||
|
||||
networking.hostName = "meet";
|
||||
networking.firewall.enable = false;
|
||||
|
||||
nix.trustedUsers = [ "root" "@wheel" ];
|
||||
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
|
||||
services.jitsi-meet = {
|
||||
enable = true;
|
||||
hostName = "meet.privatevoid.net";
|
||||
nginx.enable = true;
|
||||
jicofo.enable = true;
|
||||
videobridge.enable = true;
|
||||
prosody.enable = true;
|
||||
};
|
||||
services.nginx.virtualHosts."meet.privatevoid.net" = {
|
||||
enableACME = false;
|
||||
forceSSL = false;
|
||||
locations."=/images/watermark.svg" = {
|
||||
return = "200";
|
||||
};
|
||||
};
|
||||
environment.noXlibs = false;
|
||||
}
|
Loading…
Reference in a new issue