coulomb/inter-hub
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ff11913d5cbf82b47adb41925262a85d35631f6f
inter-hub/Config/nix/hosts/production/configuration.nix
Bernd Worsch ff11913d5c feat(T01): bootstrap IHP v1.5 project scaffold 
Merged ihp-new generated scaffold into repo. Sets appName to inter-hub,
adds Nix flake with IHP inputs, devenv config, and standard IHP project
structure. Nix + ihp-new + direnv installed system-wide.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-27 01:36:18 +00:00

92 lines
3.3 KiB
Nix
Raw Blame History

{ ihp, lib, pkgs, ... }: {
imports = [
./hardware-configuration.nix
# This sets several default options. It's designed for simple, small apps where the database and app server
# are on the same host.
#
# See https://github.com/digitallyinduced/ihp/blob/master/NixSupport/nixosModules/appWithPostgres.nix for details
#
# For more complex production deployments, consider ihp.nixosModules.app (https://github.com/digitallyinduced/ihp/blob/master/NixSupport/nixosModules/app.nix)
ihp.nixosModules.appWithPostgres
];
networking.firewall = {
enable = true;
allowedTCPPorts = [ 22 80 443 ];
};
# Enable the Let's encrypt certificate
security.acme.defaults.email = "CHANGE-ME@example.com";
# Accept the terms of service of the Let's encrypt provider.
security.acme.acceptTerms = true;
services.nginx = {
virtualHosts."CHANGE-ME.com" = {
# Uncomment to have http auth with username `foo` and password `bar`.
# basicAuth = { foo = "bar"; };
};
};
# Logging to AWS CloudWatch
# services.vector = {
# enable = true;
# journaldAccess = true;
# settings = {
# sources.journald = {
# type = "journald";
# # Log only the services we care about
# include_units = ["app.service" "nginx.service" "worker.service"];
# };
# sinks.out = {
# group_name = "CHANGE-ME";
# stream_name = "CHANGE-ME";
# # Change the region to the correct one, e.g. `us-east-1`
# region = "CHANGE-ME";
# auth = {
# access_key_id = "CHANGE-ME";
# secret_access_key = "CHANGE-ME";
# };
# inputs = ["journald"];
# type = "aws_cloudwatch_logs";
# compression = "gzip";
# encoding.codec = "json";
# };
# };
# };
services.ihp = {
domain = "CHANGE-ME.com";
migrations = ./Application/Migration;
schema = ./Application/Schema.sql;
fixtures = ./Application/Fixtures.sql;
sessionSecret = "CHANGE-ME";
# Uncomment to use a custom database URL
# databaseUrl = lib.mkForce "postgresql://postgres:...CHANGE-ME";
additionalEnvVars = {
# Uncomment to use a custom session secret, ensuring sessions aren't invalidated
# on each deploy.
# Learn how to create the secret key in https://ihp.digitallyinduced.com/Guide/deployment.html#ihpsessionsecret
# IHP_SESSION_SECRET = "CHANGE-ME";
SMTP_HOST = "email-smtp.eu-west-1.amazonaws.com";
SMTP_PORT = "587";
SMTP_ENCRYPTION = "STARTTLS";
SMTP_USER = "CHANGE-ME";
SMTP_PASSWORD = "CHANGE-ME";
AWS_ACCESS_KEY_ID = "CHANGE-ME";
AWS_SECRET_ACCESS_KEY = "CHANGE-ME";
};
};
# As we use a pre-built AMI on AWS,
# it is essential to enable automatic updates.
# @see https://nixos.wiki/wiki/Automatic_system_upgrades
system.autoUpgrade.enable = true;
# Keep as is. See https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "25.05";
}
Reference in New Issue View Git Blame Copy Permalink