summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/bgt/download.binaergewitter.de.nix
diff options
context:
space:
mode:
Diffstat (limited to 'makefu/2configs/bgt/download.binaergewitter.de.nix')
-rw-r--r--makefu/2configs/bgt/download.binaergewitter.de.nix82
1 files changed, 0 insertions, 82 deletions
diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix
deleted file mode 100644
index 1cf21f21..00000000
--- a/makefu/2configs/bgt/download.binaergewitter.de.nix
+++ /dev/null
@@ -1,82 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let
- ident = (builtins.readFile ./auphonic.pub);
- bgtaccess = "/var/spool/nginx/logs/binaergewitter.access.log";
- bgterror = "/var/spool/nginx/logs/binaergewitter.error.log";
-
- # TODO: only when the data is stored somewhere else
- wwwdir = "/var/www/binaergewitter";
- storedir = "/media/cloud/www/binaergewitter";
-in {
- fileSystems."${wwwdir}" = {
- device = storedir;
- options = [ "bind" ];
- };
-
- services.openssh = {
- allowSFTP = true;
- sftpFlags = [ "-l VERBOSE" ];
- extraConfig = ''
- HostkeyAlgorithms +ssh-rsa
-
- Match User auphonic
- ForceCommand internal-sftp
- AllowTcpForwarding no
- X11Forwarding no
- PasswordAuthentication no
- PubkeyAcceptedAlgorithms +ssh-rsa
-
- '';
- };
-
- users.users.auphonic = {
- uid = genid "auphonic";
- group = "nginx";
- # for storedir
- extraGroups = [ "download" ];
- useDefaultShell = true;
- isSystemUser = true;
- openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ];
- };
-
- services.logrotate = {
- enable = true;
- config = ''
- ${bgtaccess} ${bgterror} {
- rotate 5
- weekly
- create 600 nginx nginx
- postrotate
- ${pkgs.systemd}/bin/systemctl reload nginx
- endscript
- }
- '';
- };
-
- # 20.09 unharden nginx to write logs
- systemd.services.nginx.serviceConfig.ReadWritePaths = [
- "/var/spool/nginx/logs/"
- ];
-
- services.nginx = {
- appendHttpConfig = ''
- types {
- audio/ogg oga ogg opus;
- }
- '';
- enable = lib.mkDefault true;
- recommendedGzipSettings = true;
- recommendedOptimisation = true;
- virtualHosts."download.binaergewitter.de" = {
- serverAliases = [ "dl2.binaergewitter.de" ];
- root = "/var/www/binaergewitter";
- extraConfig = ''
- access_log ${bgtaccess} combined;
- error_log ${bgterror} error;
- autoindex on;
- '';
- };
- };
-}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-26 13:02:00 +0000