summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/bgt/download.binaergewitter.de.nix
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2023-07-28 22:24:15 +0200
committermakefu <github@syntax-fehler.de>2023-07-28 22:24:15 +0200
commit060a8f28fa1fc648bdf66afb31a5d1efac868837 (patch)
tree2b354eacc7897365ee45244fe7a51720e0d0333f /makefu/2configs/bgt/download.binaergewitter.de.nix
parentcbfcc890e3b76d942b927809bf981a5fa7289e6a (diff)
makefu: move out to own repo, add vacation-note
Diffstat (limited to 'makefu/2configs/bgt/download.binaergewitter.de.nix')
-rw-r--r--makefu/2configs/bgt/download.binaergewitter.de.nix86
1 files changed, 0 insertions, 86 deletions
diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix
deleted file mode 100644
index 31da31a7..00000000
--- a/makefu/2configs/bgt/download.binaergewitter.de.nix
+++ /dev/null
@@ -1,86 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let
- ident = (builtins.readFile ./auphonic.pub);
- bgtaccess = "/var/spool/nginx/logs/binaergewitter.access.log";
- bgterror = "/var/spool/nginx/logs/binaergewitter.error.log";
-
- # TODO: only when the data is stored somewhere else
- wwwdir = "/var/www/binaergewitter";
- storedir = "/media/cloud/www/binaergewitter";
-in {
- fileSystems."${wwwdir}" = {
- device = storedir;
- options = [ "bind" ];
- };
-
- services.openssh = {
- allowSFTP = true;
- sftpFlags = [ "-l VERBOSE" ];
- extraConfig = ''
- HostkeyAlgorithms +ssh-rsa
-
- Match User auphonic
- ForceCommand internal-sftp
- AllowTcpForwarding no
- X11Forwarding no
- PasswordAuthentication no
- PubkeyAcceptedAlgorithms +ssh-rsa
-
- '';
- };
-
- users.users.auphonic = {
- uid = genid "auphonic";
- group = "nginx";
- # for storedir
- extraGroups = [ "download" ];
- useDefaultShell = true;
- isSystemUser = true;
- openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ];
- };
-
- services.logrotate = {
- enable = true;
- settings.bgt = {
- files = [ bgtaccess bgterror ];
- rotate = 5;
- frequency = "weekly";
- create = "600 nginx nginx";
- postrotate = "${pkgs.systemd}/bin/systemctl reload nginx";
- };
- };
-
- # 20.09 unharden nginx to write logs
- systemd.services.nginx.serviceConfig.ReadWritePaths = [
- "/var/spool/nginx/logs/"
- ];
- security.acme.certs."download.binaergewitter.de" = {
- dnsProvider = "cloudflare";
- credentialsFile = toString <secrets/lego-binaergewitter>;
- webroot = lib.mkForce null;
- };
-
- services.nginx = {
- appendHttpConfig = ''
- types {
- audio/ogg oga ogg opus;
- }
- '';
- enable = lib.mkDefault true;
- recommendedGzipSettings = true;
- recommendedOptimisation = true;
- virtualHosts."download.binaergewitter.de" = {
- addSSL = true;
- enableACME = true;
- serverAliases = [ "dl2.binaergewitter.de" ];
- root = "/var/www/binaergewitter";
- extraConfig = ''
- access_log ${bgtaccess} combined;
- error_log ${bgterror} error;
- autoindex on;
- '';
- };
- };
-}