cleanup

webapps/README.md

@@ -0,0 +1,9 @@
+# Hosting webapps on home-server
+
+Host them on `pureintent` (home-server)
+
+Run nginx on `gate` (Hetzner VPS).
+
+Put the two in a Tailscale network. Profit!
+
+WARNING: This is not cleanly designed yet, so don't use it as a reference.

webapps/default.nix

@@ -0,0 +1,8 @@
+{ flake, system, ... }:
+{
+  actualism-app = {
+    port = 3000; # TODO: Change this, and pass to daemon (renaming `package` to `exec` or something)
+    domain = "actualism.app";
+    package = flake.inputs.actualism-app.packages.${system}.default;
+  };
+}

webapps/host.nix

@@ -0,0 +1,24 @@
+# Configuration for the host on which all webapps will run.
+{ flake, pkgs, lib, ... }:
+
+let
+  webapps = import ./. { inherit flake; system = pkgs.system; };
+in
+{
+  # Run each web app as a systemd service decided inside a container.
+  containers = lib.mapAttrs
+    (name: v: {
+      autoStart = true;
+      config = {
+        systemd.services.${name} = {
+          description = name;
+          wantedBy = [ "multi-user.target" ];
+          serviceConfig = {
+            ExecStart = "${lib.getExe v.package}";
+            Restart = "always";
+          };
+        };
+      };
+    })
+    webapps;
+}

webapps/proxy.nix

@@ -0,0 +1,30 @@
+# Configuration for the VPS running nginx reverse proxy
+{ flake, pkgs, lib, webapps, ... }:
+
+let
+  host = "pureintent"; # See host.nix
+  webapps = import ./. { inherit flake; system = pkgs.system; };
+in
+{
+  services.tailscale.enable = true;
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    virtualHosts = lib.mapAttrs'
+      (name: v: lib.nameValuePair v.domain {
+        locations."/".proxyPass = "http://${host}:${builtins.toString v.port}";
+        enableACME = true;
+        addSSL = true;
+      })
+      webapps;
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "srid@srid.ca";
+  };
+  networking.firewall.allowedTCPPorts = [ 80 443 22 ];
+}