From 060a8f28fa1fc648bdf66afb31a5d1efac868837 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 28 Jul 2023 22:24:15 +0200
Subject: makefu: move out to own repo, add vacation-note

---
 makefu/2configs/bgt/download.binaergewitter.de.nix | 86 ----------------------
 1 file changed, 86 deletions(-)
 delete mode 100644 makefu/2configs/bgt/download.binaergewitter.de.nix

(limited to 'makefu/2configs/bgt/download.binaergewitter.de.nix')

diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix
deleted file mode 100644
index 31da31a7..00000000
--- a/makefu/2configs/bgt/download.binaergewitter.de.nix
+++ /dev/null
@@ -1,86 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let
-  ident = (builtins.readFile ./auphonic.pub);
-  bgtaccess = "/var/spool/nginx/logs/binaergewitter.access.log";
-  bgterror = "/var/spool/nginx/logs/binaergewitter.error.log";
-
-  # TODO: only when the data is stored somewhere else
-  wwwdir = "/var/www/binaergewitter";
-  storedir = "/media/cloud/www/binaergewitter";
-in {
-  fileSystems."${wwwdir}" = {
-    device = storedir;
-    options = [ "bind" ];
-  };
-
-  services.openssh = {
-    allowSFTP = true;
-    sftpFlags = [ "-l VERBOSE" ];
-    extraConfig = ''
-      HostkeyAlgorithms +ssh-rsa
-
-      Match User auphonic
-        ForceCommand internal-sftp
-        AllowTcpForwarding no
-        X11Forwarding no
-        PasswordAuthentication no
-        PubkeyAcceptedAlgorithms +ssh-rsa
-
-    '';
-  };
-
-  users.users.auphonic = {
-    uid = genid "auphonic";
-    group = "nginx";
-    # for storedir
-    extraGroups = [ "download" ];
-    useDefaultShell = true;
-    isSystemUser = true;
-    openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ];
-  };
-
-  services.logrotate = {
-    enable = true;
-    settings.bgt = {
-      files = [ bgtaccess bgterror ];
-      rotate = 5;
-      frequency = "weekly";
-      create = "600 nginx nginx";
-      postrotate = "${pkgs.systemd}/bin/systemctl reload nginx";
-    };
-  };
-
-  # 20.09 unharden nginx to write logs
-  systemd.services.nginx.serviceConfig.ReadWritePaths = [
-    "/var/spool/nginx/logs/"
-  ];
-  security.acme.certs."download.binaergewitter.de" = {
-    dnsProvider = "cloudflare";
-    credentialsFile = toString <secrets/lego-binaergewitter>;
-    webroot = lib.mkForce null;
-  };
-
-  services.nginx = {
-    appendHttpConfig = ''
-      types {
-         audio/ogg oga ogg opus;
-      }
-    '';
-    enable = lib.mkDefault true;
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    virtualHosts."download.binaergewitter.de" = {
-      addSSL = true;
-      enableACME = true;
-        serverAliases = [ "dl2.binaergewitter.de" ];
-        root = "/var/www/binaergewitter";
-        extraConfig = ''
-          access_log ${bgtaccess} combined;
-          error_log ${bgterror} error;
-          autoindex on;
-        '';
-    };
-  };
-}
-- 
cgit v1.2.3