From bd07ecffb938183c48612a9828cf331d841518fb Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Sat, 6 Sep 2025 16:02:02 -0700 Subject: run my personal website on the droplet --- flake.lock | 183 ++++++++++++++++++++- flake.nix | 1 + .../x86_64-linux/do-rproxy/profiles/nginx.nix | 29 +++- terraform/admin/dns.nix | 23 +-- 4 files changed, 210 insertions(+), 26 deletions(-) diff --git a/flake.lock b/flake.lock index 402377f..65ed0e7 100644 --- a/flake.lock +++ b/flake.lock @@ -164,6 +164,22 @@ } }, "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_4": { "flake": false, "locked": { "lastModified": 1747046372, @@ -274,6 +290,24 @@ "type": "github" } }, + "flake-utils_3": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ @@ -297,6 +331,28 @@ } }, "gitignore_2": { + "inputs": { + "nixpkgs": [ + "my-site", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_3": { "inputs": { "nixpkgs": [ "pre-commit-hooks", @@ -380,6 +436,27 @@ "url": "https://code.fcuny.net/fcuny/x" } }, + "my-site": { + "inputs": { + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_2", + "pre-commit-hooks": "pre-commit-hooks_2", + "treefmt-nix": "treefmt-nix_2" + }, + "locked": { + "lastModified": 1757197563, + "narHash": "sha256-VgDo0yV38ocazmnviCbPN5VBUuLRpSaVV+PN0v4RdUw=", + "ref": "refs/heads/main", + "rev": "25fa2237ba8a96a86bf5db30baa597a5b25168d7", + "revCount": 342, + "type": "git", + "url": "https://code.fcuny.net/fcuny/fcuny.net" + }, + "original": { + "type": "git", + "url": "https://code.fcuny.net/fcuny/fcuny.net" + } + }, "nix-github-actions": { "inputs": { "nixpkgs": [ @@ -450,6 +527,50 @@ } }, "nixpkgs_2": { + "locked": { + "narHash": "sha256-m3AMudxoQ3CF/D74tuvrNKJwGUV7Gj5RnsEk5cJfY8U=", + "rev": "dab7a3a658ca886fdd5389cc4b2bdb17d1ae0139", + "type": "tarball", + "url": "https://releases.nixos.org/nixos/25.05-small/nixos-25.05.809501.dab7a3a658ca/nixexprs.tar.xz" + }, + "original": { + "type": "tarball", + "url": "https://channels.nixos.org/nixos-25.05-small/nixexprs.tar.xz" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1730768919, + "narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1745377448, + "narHash": "sha256-jhZDfXVKdD7TSEGgzFJQvEEZ2K65UMiqW5YJ2aIqxMA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "507b63021ada5fee621b6ca371c4fca9ca46f52c", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { "locked": { "lastModified": 1754689972, "narHash": "sha256-eogqv6FqZXHgqrbZzHnq43GalnRbLTkbBbFtEfm1RSc=", @@ -513,6 +634,26 @@ "inputs": { "flake-compat": "flake-compat_3", "gitignore": "gitignore_2", + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_3": { + "inputs": { + "flake-compat": "flake-compat_4", + "gitignore": "gitignore_3", "nixpkgs": [ "nixpkgs" ] @@ -541,12 +682,13 @@ "flake-parts": "flake-parts", "home-manager": "home-manager_2", "my-go-tools": "my-go-tools", - "nixpkgs": "nixpkgs_2", + "my-site": "my-site", + "nixpkgs": "nixpkgs_5", "nixpkgsUnstable": "nixpkgsUnstable", "nur": "nur", - "pre-commit-hooks": "pre-commit-hooks_2", + "pre-commit-hooks": "pre-commit-hooks_3", "terranix": "terranix", - "treefmt-nix": "treefmt-nix_2" + "treefmt-nix": "treefmt-nix_3" } }, "stable": { @@ -610,13 +752,28 @@ "type": "github" } }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "terranix": { "inputs": { "flake-parts": "flake-parts_3", "nixpkgs": [ "nixpkgs" ], - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1755942832, @@ -654,6 +811,24 @@ } }, "treefmt-nix_2": { + "inputs": { + "nixpkgs": "nixpkgs_4" + }, + "locked": { + "lastModified": 1746216483, + "narHash": "sha256-4h3s1L/kKqt3gMDcVfN8/4v2jqHrgLIe4qok4ApH5x4=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "29ec5026372e0dec56f890e50dbe4f45930320fd", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_3": { "inputs": { "nixpkgs": [ "nixpkgs" diff --git a/flake.nix b/flake.nix index 1247dac..64f3d80 100644 --- a/flake.nix +++ b/flake.nix @@ -62,6 +62,7 @@ }; my-go-tools.url = "git+https://code.fcuny.net/fcuny/x"; + my-site.url = "git+https://code.fcuny.net/fcuny/fcuny.net"; }; outputs = diff --git a/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix b/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix index fc273b7..5a16c95 100644 --- a/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix +++ b/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix @@ -1,4 +1,8 @@ -{ config, ... }: +{ + inputs, + config, + ... +}: { networking.firewall.allowedTCPPorts = [ 80 @@ -27,6 +31,12 @@ reloadServices = [ "nginx.service" ]; credentialFiles.CF_DNS_API_TOKEN_FILE = config.age.secrets."cloudflare-nginx".path; }; + "fcuny.net" = { + dnsProvider = "cloudflare"; + dnsResolver = "1.1.1.1"; + reloadServices = [ "nginx.service" ]; + credentialFiles.CF_DNS_API_TOKEN_FILE = config.age.secrets."cloudflare-nginx".path; + }; }; }; @@ -68,6 +78,23 @@ proxyPass = "http://10.100.0.40:8080"; }; }; + "fcuny.net" = { + enableACME = true; + acmeRoot = null; + forceSSL = true; + + root = "${inputs.my-site.packages.x86_64-linux.default}/"; + + locations = { + "/".tryFiles = "$uri $uri/ $uri/index.html =404"; + "/resume".return = "301 https://fcuny.net/resume.pdf"; + "/resume/".return = "301 https://fcuny.net/resume.pdf"; + }; + + extraConfig = '' + error_page 404 /404; + ''; + }; }; }; } diff --git a/terraform/admin/dns.nix b/terraform/admin/dns.nix index eeddfd5..ff23e25 100644 --- a/terraform/admin/dns.nix +++ b/terraform/admin/dns.nix @@ -5,12 +5,6 @@ let domain = "fcuny.net"; # GitHub Pages IP addresses for root domain - githubPagesIPs = [ - "185.199.108.153" - "185.199.110.153" - "185.199.109.153" - "185.199.111.153" - ]; mkARecord = name: content: ttl: { inherit name content ttl; @@ -58,15 +52,6 @@ let zone_id = zoneId; }; - mkMultipleARecords = - baseName: ips: - lib.listToAttrs ( - lib.imap0 (i: ip: { - name = "${baseName}_${toString i}"; - value = mkARecord domain ip 1; - }) ips - ); - dkimRecords = lib.listToAttrs ( lib.imap1 (i: _: { @@ -81,6 +66,7 @@ let ); subdomainARecords = { + cname_root = mkARecord domain primaryIPv4 1; cname_code = mkARecord "code.${domain}" primaryIPv4 1; cname_go = mkARecord "go.${domain}" primaryIPv4 1; cname_id = mkARecord "id.${domain}" primaryIPv4 1; @@ -108,10 +94,5 @@ let in { resource.cloudflare_dns_record = - (mkMultipleARecords "cname_root" githubPagesIPs) - // subdomainARecords - // dkimRecords - // mxRecords - // srvRecords - // txtRecords; + subdomainARecords // dkimRecords // mxRecords // srvRecords // txtRecords; } -- cgit v1.2.3