aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--flake.lock183
-rw-r--r--flake.nix1
-rw-r--r--machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix29
-rw-r--r--terraform/admin/dns.nix23
4 files changed, 210 insertions, 26 deletions
diff --git a/flake.lock b/flake.lock
index 402377f..65ed0e7 100644
--- a/flake.lock
+++ b/flake.lock
@@ -166,6 +166,22 @@
"flake-compat_3": {
"flake": false,
"locked": {
+ "lastModified": 1696426674,
+ "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "flake-compat_4": {
+ "flake": false,
+ "locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
@@ -274,6 +290,24 @@
"type": "github"
}
},
+ "flake-utils_3": {
+ "inputs": {
+ "systems": "systems_3"
+ },
+ "locked": {
+ "lastModified": 1731533236,
+ "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
"gitignore": {
"inputs": {
"nixpkgs": [
@@ -299,6 +333,28 @@
"gitignore_2": {
"inputs": {
"nixpkgs": [
+ "my-site",
+ "pre-commit-hooks",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1709087332,
+ "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "type": "github"
+ }
+ },
+ "gitignore_3": {
+ "inputs": {
+ "nixpkgs": [
"pre-commit-hooks",
"nixpkgs"
]
@@ -380,6 +436,27 @@
"url": "https://code.fcuny.net/fcuny/x"
}
},
+ "my-site": {
+ "inputs": {
+ "flake-utils": "flake-utils_3",
+ "nixpkgs": "nixpkgs_2",
+ "pre-commit-hooks": "pre-commit-hooks_2",
+ "treefmt-nix": "treefmt-nix_2"
+ },
+ "locked": {
+ "lastModified": 1757197563,
+ "narHash": "sha256-VgDo0yV38ocazmnviCbPN5VBUuLRpSaVV+PN0v4RdUw=",
+ "ref": "refs/heads/main",
+ "rev": "25fa2237ba8a96a86bf5db30baa597a5b25168d7",
+ "revCount": 342,
+ "type": "git",
+ "url": "https://code.fcuny.net/fcuny/fcuny.net"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://code.fcuny.net/fcuny/fcuny.net"
+ }
+ },
"nix-github-actions": {
"inputs": {
"nixpkgs": [
@@ -451,6 +528,50 @@
},
"nixpkgs_2": {
"locked": {
+ "narHash": "sha256-m3AMudxoQ3CF/D74tuvrNKJwGUV7Gj5RnsEk5cJfY8U=",
+ "rev": "dab7a3a658ca886fdd5389cc4b2bdb17d1ae0139",
+ "type": "tarball",
+ "url": "https://releases.nixos.org/nixos/25.05-small/nixos-25.05.809501.dab7a3a658ca/nixexprs.tar.xz"
+ },
+ "original": {
+ "type": "tarball",
+ "url": "https://channels.nixos.org/nixos-25.05-small/nixexprs.tar.xz"
+ }
+ },
+ "nixpkgs_3": {
+ "locked": {
+ "lastModified": 1730768919,
+ "narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixpkgs-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_4": {
+ "locked": {
+ "lastModified": 1745377448,
+ "narHash": "sha256-jhZDfXVKdD7TSEGgzFJQvEEZ2K65UMiqW5YJ2aIqxMA=",
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "507b63021ada5fee621b6ca371c4fca9ca46f52c",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nixos",
+ "ref": "nixpkgs-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_5": {
+ "locked": {
"lastModified": 1754689972,
"narHash": "sha256-eogqv6FqZXHgqrbZzHnq43GalnRbLTkbBbFtEfm1RSc=",
"owner": "nixos",
@@ -513,6 +634,26 @@
"inputs": {
"flake-compat": "flake-compat_3",
"gitignore": "gitignore_2",
+ "nixpkgs": "nixpkgs_3"
+ },
+ "locked": {
+ "lastModified": 1742649964,
+ "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
+ "owner": "cachix",
+ "repo": "pre-commit-hooks.nix",
+ "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
+ "type": "github"
+ },
+ "original": {
+ "owner": "cachix",
+ "repo": "pre-commit-hooks.nix",
+ "type": "github"
+ }
+ },
+ "pre-commit-hooks_3": {
+ "inputs": {
+ "flake-compat": "flake-compat_4",
+ "gitignore": "gitignore_3",
"nixpkgs": [
"nixpkgs"
]
@@ -541,12 +682,13 @@
"flake-parts": "flake-parts",
"home-manager": "home-manager_2",
"my-go-tools": "my-go-tools",
- "nixpkgs": "nixpkgs_2",
+ "my-site": "my-site",
+ "nixpkgs": "nixpkgs_5",
"nixpkgsUnstable": "nixpkgsUnstable",
"nur": "nur",
- "pre-commit-hooks": "pre-commit-hooks_2",
+ "pre-commit-hooks": "pre-commit-hooks_3",
"terranix": "terranix",
- "treefmt-nix": "treefmt-nix_2"
+ "treefmt-nix": "treefmt-nix_3"
}
},
"stable": {
@@ -610,13 +752,28 @@
"type": "github"
}
},
+ "systems_4": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ },
"terranix": {
"inputs": {
"flake-parts": "flake-parts_3",
"nixpkgs": [
"nixpkgs"
],
- "systems": "systems_3"
+ "systems": "systems_4"
},
"locked": {
"lastModified": 1755942832,
@@ -655,6 +812,24 @@
},
"treefmt-nix_2": {
"inputs": {
+ "nixpkgs": "nixpkgs_4"
+ },
+ "locked": {
+ "lastModified": 1746216483,
+ "narHash": "sha256-4h3s1L/kKqt3gMDcVfN8/4v2jqHrgLIe4qok4ApH5x4=",
+ "owner": "numtide",
+ "repo": "treefmt-nix",
+ "rev": "29ec5026372e0dec56f890e50dbe4f45930320fd",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "treefmt-nix",
+ "type": "github"
+ }
+ },
+ "treefmt-nix_3": {
+ "inputs": {
"nixpkgs": [
"nixpkgs"
]
diff --git a/flake.nix b/flake.nix
index 1247dac..64f3d80 100644
--- a/flake.nix
+++ b/flake.nix
@@ -62,6 +62,7 @@
};
my-go-tools.url = "git+https://code.fcuny.net/fcuny/x";
+ my-site.url = "git+https://code.fcuny.net/fcuny/fcuny.net";
};
outputs =
diff --git a/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix b/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix
index fc273b7..5a16c95 100644
--- a/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix
+++ b/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix
@@ -1,4 +1,8 @@
-{ config, ... }:
+{
+ inputs,
+ config,
+ ...
+}:
{
networking.firewall.allowedTCPPorts = [
80
@@ -27,6 +31,12 @@
reloadServices = [ "nginx.service" ];
credentialFiles.CF_DNS_API_TOKEN_FILE = config.age.secrets."cloudflare-nginx".path;
};
+ "fcuny.net" = {
+ dnsProvider = "cloudflare";
+ dnsResolver = "1.1.1.1";
+ reloadServices = [ "nginx.service" ];
+ credentialFiles.CF_DNS_API_TOKEN_FILE = config.age.secrets."cloudflare-nginx".path;
+ };
};
};
@@ -68,6 +78,23 @@
proxyPass = "http://10.100.0.40:8080";
};
};
+ "fcuny.net" = {
+ enableACME = true;
+ acmeRoot = null;
+ forceSSL = true;
+
+ root = "${inputs.my-site.packages.x86_64-linux.default}/";
+
+ locations = {
+ "/".tryFiles = "$uri $uri/ $uri/index.html =404";
+ "/resume".return = "301 https://fcuny.net/resume.pdf";
+ "/resume/".return = "301 https://fcuny.net/resume.pdf";
+ };
+
+ extraConfig = ''
+ error_page 404 /404;
+ '';
+ };
};
};
}
diff --git a/terraform/admin/dns.nix b/terraform/admin/dns.nix
index eeddfd5..ff23e25 100644
--- a/terraform/admin/dns.nix
+++ b/terraform/admin/dns.nix
@@ -5,12 +5,6 @@ let
domain = "fcuny.net";
# GitHub Pages IP addresses for root domain
- githubPagesIPs = [
- "185.199.108.153"
- "185.199.110.153"
- "185.199.109.153"
- "185.199.111.153"
- ];
mkARecord = name: content: ttl: {
inherit name content ttl;
@@ -58,15 +52,6 @@ let
zone_id = zoneId;
};
- mkMultipleARecords =
- baseName: ips:
- lib.listToAttrs (
- lib.imap0 (i: ip: {
- name = "${baseName}_${toString i}";
- value = mkARecord domain ip 1;
- }) ips
- );
-
dkimRecords = lib.listToAttrs (
lib.imap1
(i: _: {
@@ -81,6 +66,7 @@ let
);
subdomainARecords = {
+ cname_root = mkARecord domain primaryIPv4 1;
cname_code = mkARecord "code.${domain}" primaryIPv4 1;
cname_go = mkARecord "go.${domain}" primaryIPv4 1;
cname_id = mkARecord "id.${domain}" primaryIPv4 1;
@@ -108,10 +94,5 @@ let
in
{
resource.cloudflare_dns_record =
- (mkMultipleARecords "cname_root" githubPagesIPs)
- // subdomainARecords
- // dkimRecords
- // mxRecords
- // srvRecords
- // txtRecords;
+ subdomainARecords // dkimRecords // mxRecords // srvRecords // txtRecords;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 08:40:12 +0000