summaryrefslogtreecommitdiffstats
path: root/lass/2configs/websites
diff options
context:
space:
mode:
Diffstat (limited to 'lass/2configs/websites')
-rw-r--r--lass/2configs/websites/domsen.nix49
-rw-r--r--lass/2configs/websites/lassulus.nix54
-rw-r--r--lass/2configs/websites/util.nix98
3 files changed, 85 insertions, 116 deletions
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 9980e050..b9673de7 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -26,7 +26,6 @@ in {
./default.nix
./sqlBackup.nix
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
- (servePage [ "jarugadesign.de" "www.jarugadesign.de" ])
(servePage [
"freemonkey.art"
"www.freemonkey.art"
@@ -41,6 +40,7 @@ in {
"youthtube.xyz"
"joemisch.com"
"weirdwednesday.de"
+ "jarugadesign.de"
"www.apanowicz.de"
"www.nirwanabluete.de"
@@ -50,6 +50,7 @@ in {
"www.ubikmedia.de"
"www.joemisch.com"
"www.weirdwednesday.de"
+ "www.jarugadesign.de"
"aldona2.ubikmedia.de"
"apanowicz.ubikmedia.de"
@@ -64,6 +65,7 @@ in {
"freemonkey.ubikmedia.de"
"jarugadesign.ubikmedia.de"
"crypto4art.ubikmedia.de"
+ "jarugadesign.ubikmedia.de"
])
];
@@ -250,14 +252,13 @@ in {
lines = 1000;
};
};
+
services.restic.backups.domsen = {
initialize = true;
- extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr2.duckdns.org -S none -v -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ];
- repository = "sftp:efOVcMWSZ@wilhelmstr2.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES";
+ repository = "/backups/domsen";
passwordFile = toString <secrets> + "/domsen_backup_pw";
timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; };
paths = [
- "/srv/http"
"/home/domsen/Mail"
"/home/ms/Mail"
"/home/klabusterbeere/Mail"
@@ -270,32 +271,32 @@ in {
};
boot.kernel.sysctl."fs.inotify.max_user_watches" = "1048576";
+ krebs.syncthing.folders = {
+ domsen-backups = {
+ path = "/backups/domsen";
+ peers = [ "domsen-backup" ];
+ };
+ domsen-backup-srv-http = {
+ path = "/srv/http";
+ peers = [ "domsen-backup" ];
+ };
+ };
+
+ system.activationScripts.domsen-backups = ''
+ ${pkgs.coreutils}/bin/chmod 750 /backups
+ '';
+
krebs.permown = {
- "/srv/http/ubikmedia.de" = {
- owner = "domsen";
- group = "nginx";
+ "/backups/domsen" = {
+ owner = "backup";
+ group = "syncthing";
umask = "0007";
};
- "/srv/http/o.ubikmedia.de" = {
- owner = "domsen";
+ "/srv/http" = {
+ owner = "syncthing";
group = "nginx";
umask = "0007";
};
- "/srv/http/freemonkey.art" = {
- owner = "domsen";
- group = "nginx";
- umask = "0002";
- };
- "/srv/http/jarugadesign.de" = {
- owner = "domsen";
- group = "nginx";
- umask = "0002";
- };
- "/srv/http/reich-gebaeudereinigung.de" = {
- owner = "domsen";
- group = "nginx";
- umask = "0002";
- };
};
}
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 526909e8..f04f312d 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -21,29 +21,6 @@ in {
krebs.tinc_graphs.enable = true;
- users.users.lass-stuff = {
- uid = genid_uint31 "lass-stuff";
- description = "lassul.us blog cgi stuff";
- home = "/var/empty";
- };
-
- services.phpfpm.poolConfigs."lass-stuff" = ''
- listen = /var/run/lass-stuff.socket
- user = lass-stuff
- group = nginx
- pm = dynamic
- pm.max_children = 5
- pm.start_servers = 1
- pm.min_spare_servers = 1
- pm.max_spare_servers = 1
- listen.owner = lass-stuff
- listen.group = nginx
- php_admin_value[error_log] = 'stderr'
- php_admin_flag[log_errors] = on
- catch_workers_output = yes
- security.limit_extensions =
- '';
-
users.groups.lasscert.members = [
"dovecot2"
"ejabberd"
@@ -60,48 +37,33 @@ in {
locations."= /retiolum-hosts.tar.bz2".extraConfig = ''
alias ${config.krebs.tinc.retiolum.hostsArchive};
'';
+ locations."= /hosts".extraConfig = ''
+ alias ${pkgs.krebs-hosts_combined};
+ '';
locations."= /retiolum.hosts".extraConfig = ''
alias ${pkgs.krebs-hosts-retiolum};
'';
locations."= /wireguard-key".extraConfig = ''
alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey};
'';
- locations."/tinc".extraConfig = ''
+ locations."/tinc/".extraConfig = ''
alias ${config.krebs.tinc_graphs.workingDir}/external;
'';
- locations."/krebspage".extraConfig = ''
+ locations."= /krebspage".extraConfig = ''
default_type "text/html";
alias ${pkgs.krebspage}/index.html;
'';
- # TODO make this work!
- locations."= /ddate".extraConfig = let
- script = pkgs.writeBash "test" ''
- echo "hello world"
- '';
- #script = pkgs.exec "ddate-wrapper" {
- # filename = "${pkgs.ddate}/bin/ddate";
- # argv = [];
- #};
- in ''
- gzip off;
- fastcgi_pass unix:/var/run/lass-stuff.socket;
- include ${pkgs.nginx}/conf/fastcgi_params;
- fastcgi_param DOCUMENT_ROOT /var/empty;
- fastcgi_param SCRIPT_FILENAME ${script};
- fastcgi_param SCRIPT_NAME ${script};
- '';
-
- locations."/init".extraConfig = let
+ locations."= /init".extraConfig = let
initscript = pkgs.init.override {
pubkey = config.krebs.users.lass.pubkey;
};
in ''
alias ${initscript};
'';
- locations."/pub".extraConfig = ''
+ locations."= /pub".extraConfig = ''
alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey};
'';
- locations."/pub1".extraConfig = ''
+ locations."= /pub1".extraConfig = ''
alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey};
'';
};
diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
index a807f716..bffa1036 100644
--- a/lass/2configs/websites/util.nix
+++ b/lass/2configs/websites/util.nix
@@ -60,21 +60,23 @@ rec {
expires max;
'';
};
- services.phpfpm.poolConfigs."${domain}" = ''
- listen = /srv/http/${domain}/phpfpm.pool
- user = nginx
- group = nginx
- pm = dynamic
- pm.max_children = 25
- pm.start_servers = 5
- pm.min_spare_servers = 3
- pm.max_spare_servers = 20
- listen.owner = nginx
- listen.group = nginx
- php_admin_value[error_log] = 'stderr'
- php_admin_flag[log_errors] = on
- catch_workers_output = yes
- '';
+ services.phpfpm.pools."${domain}" = {
+ user = "nginx";
+ group = "nginx";
+ extraConfig = ''
+ listen = /srv/http/${domain}/phpfpm.pool
+ pm = dynamic
+ pm.max_children = 25
+ pm.start_servers = 5
+ pm.min_spare_servers = 3
+ pm.max_spare_servers = 20
+ listen.owner = nginx
+ listen.group = nginx
+ php_admin_value[error_log] = 'stderr'
+ php_admin_flag[log_errors] = on
+ catch_workers_output = yes
+ '';
+ };
};
serveOwncloud = domains:
@@ -169,22 +171,24 @@ rec {
access_log off;
'';
};
- services.phpfpm.poolConfigs."${domain}" = ''
- listen = /srv/http/${domain}/phpfpm.pool
- user = nginx
- group = nginx
- pm = dynamic
- pm.max_children = 32
- pm.max_requests = 500
- pm.start_servers = 2
- pm.min_spare_servers = 2
- pm.max_spare_servers = 5
- listen.owner = nginx
- listen.group = nginx
- php_admin_value[error_log] = 'stderr'
- php_admin_flag[log_errors] = on
- catch_workers_output = yes
- '';
+ services.phpfpm.pools."${domain}" = {
+ user = "nginx";
+ group = "nginx";
+ extraConfig = ''
+ listen = /srv/http/${domain}/phpfpm.pool
+ pm = dynamic
+ pm.max_children = 32
+ pm.max_requests = 500
+ pm.start_servers = 2
+ pm.min_spare_servers = 2
+ pm.max_spare_servers = 5
+ listen.owner = nginx
+ listen.group = nginx
+ php_admin_value[error_log] = 'stderr'
+ php_admin_flag[log_errors] = on
+ catch_workers_output = yes
+ '';
+ };
};
serveWordpress = domains:
@@ -220,21 +224,23 @@ rec {
expires max;
'';
};
- services.phpfpm.poolConfigs."${domain}" = ''
- listen = /srv/http/${domain}/phpfpm.pool
- user = nginx
- group = nginx
- pm = dynamic
- pm.max_children = 25
- pm.start_servers = 5
- pm.min_spare_servers = 3
- pm.max_spare_servers = 20
- listen.owner = nginx
- listen.group = nginx
- php_admin_value[error_log] = 'stderr'
- php_admin_flag[log_errors] = on
- catch_workers_output = yes
- '';
+ services.phpfpm.pools."${domain}" = {
+ user = "nginx";
+ group = "nginx";
+ extraConfig = ''
+ listen = /srv/http/${domain}/phpfpm.pool
+ pm = dynamic
+ pm.max_children = 25
+ pm.start_servers = 5
+ pm.min_spare_servers = 3
+ pm.max_spare_servers = 20
+ listen.owner = nginx
+ listen.group = nginx
+ php_admin_value[error_log] = 'stderr'
+ php_admin_flag[log_errors] = on
+ catch_workers_output = yes
+ '';
+ };
};
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-16 06:09:16 +0000