summaryrefslogtreecommitdiffstats
path: root/lass/2configs/websites/domsen.nix
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2022-06-07 00:17:23 +0200
committermakefu <github@syntax-fehler.de>2022-06-07 00:17:23 +0200
commit9c1799914a2e6f2dc736fe2eaad7134602a3d837 (patch)
tree08347f7f29bc00c3b40be2a49e069268c0163716 /lass/2configs/websites/domsen.nix
parent1e405be047a79e1abd0c28e52b5009b9675909b8 (diff)
parentbdc80e55411e197f89990e988f8b7e67c084d3d3 (diff)
Merge remote-tracking branch 'lass/master' into 22.05
Diffstat (limited to 'lass/2configs/websites/domsen.nix')
-rw-r--r--lass/2configs/websites/domsen.nix56
1 files changed, 41 insertions, 15 deletions
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 3f055e370..fe4d78a3b 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -29,6 +29,8 @@ in {
(servePage [ "apanowicz.de" "www.apanowicz.de" ])
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
(servePage [ "illustra.de" "www.illustra.de" ])
+ (servePage [ "nirwanabluete.de" "www.nirwanabluete.de" ])
+ (servePage [ "familienrat-hamburg.de" "www.familienrat-hamburg.de" ])
(servePage [
"freemonkey.art"
"www.freemonkey.art"
@@ -36,20 +38,20 @@ in {
(serveOwncloud [ "o.ubikmedia.de" ])
(serveWordpress [
"ubikmedia.de"
- "nirwanabluete.de"
"ubikmedia.eu"
"youthtube.xyz"
"joemisch.com"
"weirdwednesday.de"
"jarugadesign.de"
+ "beesmooth.ch"
- "www.nirwanabluete.de"
"www.ubikmedia.eu"
"www.youthtube.xyz"
"www.ubikmedia.de"
"www.joemisch.com"
"www.weirdwednesday.de"
"www.jarugadesign.de"
+ "www.beesmooth.ch"
"aldona2.ubikmedia.de"
"cinevita.ubikmedia.de"
@@ -64,9 +66,13 @@ in {
"jarugadesign.ubikmedia.de"
"crypto4art.ubikmedia.de"
"jarugadesign.ubikmedia.de"
+ "beesmooth.ubikmedia.de"
])
];
+ # https://github.com/nextcloud/server/issues/25436
+ services.mysql.settings.mysqld.innodb_read_only_compressed = 0;
+
services.mysql.ensureDatabases = [ "ubikmedia_de" "o_ubikmedia_de" ];
services.mysql.ensureUsers = [
{ ensurePermissions = { "ubikmedia_de.*" = "ALL"; }; name = "nginx"; }
@@ -98,7 +104,7 @@ in {
services.nextcloud = {
enable = true;
hostName = "o.xanf.org";
- package = pkgs.nextcloud21;
+ package = pkgs.nextcloud23;
config = {
adminpassFile = "/run/nextcloud.pw";
overwriteProtocol = "https";
@@ -159,6 +165,7 @@ in {
{ from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; }
{ from = "kontakt@alewis.de"; to ="klabusterbeere"; }
{ from = "hallo@jarugadesign.de"; to ="kasia"; }
+ { from = "noreply@beeshmooth.ch"; to ="besmooth@gmx.ch"; }
{ from = "testuser@lassul.us"; to = "testuser"; }
{ from = "testuser@ubikmedia.eu"; to = "testuser"; }
@@ -170,10 +177,12 @@ in {
"apanowicz.de"
"alewis.de"
"jarugadesign.de"
+ "beesmooth.ch"
];
dkim = [
{ domain = "ubikmedia.eu"; }
{ domain = "apanowicz.de"; }
+ { domain = "beesmooth.ch"; }
];
ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
ssl_key = "/var/lib/acme/lassul.us/key.pem";
@@ -332,6 +341,27 @@ in {
isNormalUser = true;
};
+ users.users.avada = {
+ uid = genid_uint31 "avada";
+ home = "/home/avada";
+ useDefaultShell = true;
+ createHome = true;
+ isNormalUser = true;
+ };
+
+ users.users.familienrat = {
+ uid = genid_uint31 "familienrat";
+ home = "/home/familienrat";
+ useDefaultShell = true;
+ createHome = true;
+ isNormalUser = true;
+ };
+ krebs.acl."/srv/http/familienrat-hamburg.de"."u:familienrat:rwX" = {};
+ krebs.acl."/srv/http"."u:familienrat:X" = {
+ default = false;
+ recursive = false;
+ };
+
users.groups.xanf = {};
krebs.on-failure.plans.restic-backups-domsen = {
@@ -372,18 +402,14 @@ in {
${pkgs.coreutils}/bin/chmod 750 /backups
'';
- krebs.permown = {
- "/srv/http" = {
- group = "syncthing";
- owner = "nginx";
- umask = "0007";
- };
- "/home/xanf/XANF_TEAM" = {
- owner = "XANF_TEAM";
- group = "xanf";
- umask = "0007";
- };
+ # takes too long!!
+ # krebs.acl."/srv/http"."u:syncthing:rwX" = {};
+ # krebs.acl."/srv/http"."u:nginx:rwX" = {};
+ # krebs.acl."/srv/http/ubikmedia.de"."u:avada:rwX" = {};
+ krebs.acl."/home/xanf/XANF_TEAM"."g:xanf:rwX" = {};
+ krebs.acl."/home/xanf"."g:xanf:X" = {
+ default = false;
+ recursive = false;
};
-
}