hakyll-skeleton: initial deployment

hosts/toscano.nix

@@ -6,10 +6,10 @@
 
 {
 
-  imports =
-    [
+  imports = [
     ../networks/linode.nix
     ../profiles/gitea.nix
+    ../profiles/hakyll-skeleton.nix
     ../profiles/jfdic-web.nix
     ../secrets/gitea.nix
   ];

nix/sources.json

@@ -1,4 +1,10 @@
 {
+    "hakyll-skeleton": {
+        "sha256": "1j8cv3fn6mhkqwqz9rg8cg5lf76z381rx5s4gb7rjyly53jbjbjv",
+        "type": "tarball",
+        "url": "https://source.jfdic.org/jfdic/hakyll-skeleton/archive/edd1e1bd083f3ad59572b35fd783865ec91e92f4.tar.gz",
+        "url_template": "https://source.jfdic.org/jfdic/hakyll-skeleton/archive/edd1e1bd083f3ad59572b35fd783865ec91e92f4.tar.gz"
+    },
     "jfdic-web": {
         "sha256": "0qq4ww89isivyllqs15cg21f4g9fhy3zpiywxash2hk5dg6klx50",
         "type": "tarball",

profiles/hakyll-skeleton.nix

@@ -0,0 +1,42 @@
+# NixOps configuration for deploying the JFDIC website
+
+{ config, pkgs, ... }:
+
+let
+  sources = import ../nix/sources.nix;
+  hakyll-skeleton = import sources.hakyll-skeleton { };
+  webdomain = "skeleton.jfdic.org";
+
+in {
+
+  environment.sessionVariables = {
+    LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
+  };
+
+  services.nginx = {
+    enable = true; # Enable Nginx
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    virtualHosts = {
+      "${webdomain}" = { # website hostname
+        enableACME = true; # Use ACME certs
+        forceSSL = true; # Force SSL
+        root = "${hakyll-skeleton}"; # Wesbite root
+      };
+      "www.${webdomain}" = { # Respect our elders :-)
+        locations."/".extraConfig =
+          "return 301 $scheme://${webdomain}$request_uri;";
+      };
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    certs = { "${webdomain}" = { email = "admin@${webdomain}"; }; };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+}