about summary refs log tree commit diff
path: root/nix/hosts/corrino/www/magic-hash.emile.space.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nix/hosts/corrino/www/magic-hash.emile.space.nix')
-rw-r--r--nix/hosts/corrino/www/magic-hash.emile.space.nix33
1 files changed, 33 insertions, 0 deletions
diff --git a/nix/hosts/corrino/www/magic-hash.emile.space.nix b/nix/hosts/corrino/www/magic-hash.emile.space.nix
new file mode 100644
index 0000000..05446ea
--- /dev/null
+++ b/nix/hosts/corrino/www/magic-hash.emile.space.nix
@@ -0,0 +1,33 @@
+{ config, ... }:
+
+{
+  services.nginx.virtualHosts."magic-hash.emile.space" = {
+    forceSSL = true;
+    enableACME = true;
+
+    locations = {
+      "/" = {
+        proxyPass = "http://127.0.0.1:8339";
+      };
+    };
+  };
+
+  virtualisation.oci-containers = {
+    backend = "docker";
+    containers = {
+      "ctfd" = {
+        image = "magic-hash";
+        ports = [
+          "8338:80"
+        ];
+        environment = {
+
+          # this is not encouraged, but should work for the weekend (this is a
+          # flag, not a password, so even if it get's leaked, the worst that
+          # can happen is that people could enter it somewhere)
+          "FLAG" = builtins.readFile config.age.secrets.magic-hash-flag.path;
+        };
+      };
+    };
+  };
+}