New way to deploy apps in my server

Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
2026-05-20 05:12:34 +02:00 · 2026-04-11 02:26:00 +02:00
parent 29bdd6468a
commit 28b7923e47
22 changed files with 759 additions and 407 deletions
@@ -1,45 +1,57 @@
 {
  config,
  inputs,
-  pkgs,
+  lib,
  ...
-}: {
-  services = {
-    nginx.virtualHosts = {
-      "blog.local" = {
-        root = "${inputs.blog.packages.${pkgs.system}.default}/share/blog";
-        listen = [
-          {
-            addr = "127.0.0.1";
-            port = 8758;
-          }
-        ];
-        locations."/" = {
-          tryFiles = "$uri $uri/ /index.html";
+}: let
+  inherit (import ./mk-container.nix {inherit lib config;}) mkContainer;
+  domain = config.var.domain;
+in {
+  imports = [
+    (mkContainer {
+      name = "blog";
+      hostIp = "10.233.3.1";
+      containerIp = "10.233.3.2";
+      nixosConfig = {pkgs, ...}: {
+        services.nginx = {
+          enable = true;
+          virtualHosts = {
+            "blog" = {
+              root = "${inputs.blog.packages.${pkgs.system}.default}/share/blog";
+              listen = [
+                {
+                  addr = "0.0.0.0";
+                  port = 8080;
+                }
+              ];
+              locations."/" = {
+                tryFiles = "$uri $uri/ /index.html";
+              };
+              extraConfig = ''
+                port_in_redirect off;
+                absolute_redirect off;
+                add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' data: https://umami.${domain}; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://git.${domain}; connect-src 'self' https://umami.${domain};" always;
+              '';
+            };
+            "www-redirect" = {
+              listen = [
+                {
+                  addr = "0.0.0.0";
+                  port = 8081;
+                }
+              ];
+              extraConfig = "return 301 https://${domain}$request_uri;";
+            };
+          };
        };
-        extraConfig = ''
-          port_in_redirect off;
-          absolute_redirect off;
-          add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' data: https://umami.${config.var.domain}; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://git.${config.var.domain}; connect-src 'self' https://umami.${config.var.domain};" always;
-        '';
+        networking.firewall.allowedTCPPorts = [8080 8081];
+        system.stateVersion = "24.05";
      };
+    })
+  ];

-      "www.blog.local" = {
-        listen = [
-          {
-            addr = "127.0.0.1";
-            port = 8189;
-          }
-        ];
-        extraConfig = ''
-          return 301 https://${config.var.domain}$request_uri;
-        '';
-      };
-    };
-
-    cloudflared.tunnels."${config.var.tunnelId}".ingress = {
-      "${config.var.domain}" = "http://127.0.0.1:8758";
-      "www.${config.var.domain}" = "http://127.0.0.1:8189";
-    };
+  services.cloudflared.tunnels."${config.var.tunnelId}".ingress = {
+    "${config.var.domain}" = "http://10.233.3.2:8080";
+    "www.${config.var.domain}" = "http://10.233.3.2:8081";
  };
 }