diff options
| author | jeschli <jeschli@gmail.com> | 2018-09-25 19:56:06 +0200 |
|---|---|---|
| committer | jeschli <jeschli@gmail.com> | 2018-09-25 19:56:06 +0200 |
| commit | 8834d1a9ff6eddfc36e3ad07b7f93805b3212b3f (patch) | |
| tree | 9ce300976ec88d90e5c5c9030111d890dcf5683e /makefu/2configs | |
| parent | f922d5947acc3151619ec06962197a800d3138eb (diff) | |
| parent | a374a452112ba962ab90e45b6b0f27b3a1330e4f (diff) | |
Merge remote-tracking branch 'origin/master'
Diffstat (limited to 'makefu/2configs')
35 files changed, 654 insertions, 85 deletions
diff --git a/makefu/2configs/dcpp/client.nix b/makefu/2configs/dcpp/client.nix new file mode 100644 index 000000000..3b27778e5 --- /dev/null +++ b/makefu/2configs/dcpp/client.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: +{ # ncdc + environment.systemPackages = [ pkgs.ncdc ]; + networking.firewall = { + allowedUDPPorts = [ 51411 ]; + allowedTCPPorts = [ 51411 ]; + }; +} + diff --git a/makefu/2configs/hub.nix b/makefu/2configs/dcpp/hub.nix index a121157d4..92977b4c8 100644 --- a/makefu/2configs/hub.nix +++ b/makefu/2configs/dcpp/hub.nix @@ -30,6 +30,7 @@ let '') dict)} ''; + uhubDir = "/var/lib/uhub"; in { users.extraUsers = singleton { @@ -65,22 +66,31 @@ in { PrivateTmp = true; PermissionsStartOnly = true; ExecStartPre = pkgs.writeDash "uhub-pre" '' - cp ${toString <secrets/wildcard.krebsco.de.crt>} /tmp/uhub.crt - cp ${toString <secrets/wildcard.krebsco.de.key>} /tmp/uhub.key - cp ${toString <secrets/uhub.sql>} /tmp/uhub.sql - chown uhub /tmp/* + cp -f ${toString <secrets/wildcard.krebsco.de.crt>} ${uhubDir}/uhub.crt + cp -f ${toString <secrets/wildcard.krebsco.de.key>} ${uhubDir}/uhub.key + if test -d ${uhubDir};then + echo "Directory ${uhubDir} already exists, skipping db init" + else + echo "Copying sql user db" + cp ${toString <secrets/uhub.sql>} ${uhubDir}/uhub.sql + fi + chown -R uhub ${uhubDir} ''; }; + users.users.uhub = { + home = uhubDir; + createHome = true; + }; services.uhub = { enable = true; port = 1511; enableTLS = true; hubConfig = '' hub_name = "krebshub" - tls_certificate = /tmp/uhub.crt - tls_private_key = /tmp/uhub.key - registered_users_only = true + tls_certificate = ${uhubDir}/uhub.crt + tls_private_key = ${uhubDir}/uhub.key + registered_users_only = true ''; plugins = { welcome = { @@ -93,7 +103,7 @@ in { }; authSqlite = { enable = true; - file = "/tmp/uhub.sql"; + file = "${uhubDir}/uhub.sql"; }; }; diff --git a/makefu/2configs/deployment/bureautomation/hass.nix b/makefu/2configs/deployment/bureautomation/hass.nix index d5793f886..4605e8933 100644 --- a/makefu/2configs/deployment/bureautomation/hass.nix +++ b/makefu/2configs/deployment/bureautomation/hass.nix @@ -1,48 +1,43 @@ { pkgs, lib, ... }: let - tasmota_plug = name: topic: { - platform = "mqtt"; - inherit name; - state_topic = "/bam/${topic}/stat/POWER"; - command_topic = "/bam/${topic}/cmnd/POWER"; - availability_topic = "/bam/${topic}/tele/LWT"; - qos = 1; - payload_on= "ON"; - payload_off= "OFF"; - payload_available= "Online"; - payload_not_available= "Offline"; - retain= false; - }; + tasmota_plug = name: topic: + { platform = "mqtt"; + inherit name; + state_topic = "/bam/${topic}/stat/POWER1"; + command_topic = "/bam/${topic}/cmnd/POWER1"; + availability_topic = "/bam/${topic}/tele/LWT"; + payload_on= "ON"; + payload_off= "OFF"; + payload_available= "Online"; + payload_not_available= "Offline"; + }; espeasy_dht22 = name: [ - { - platform = "mqtt"; - device_class = "temperature"; - state_topic = "/bam/${name}/dht22/Temperature"; - availability_topic = "/bam/${name}/status/LWT"; - payload_available = "Connected"; - payload_not_available = "Connection Lost"; - } - { - platform = "mqtt"; - device_class = "humidity"; - state_topic = "/bam/${name}/dht22/Temperature"; - unit_of_measurement = "C"; - availability_topic = "/bam/${name}/status/LWT"; - payload_available = "Connected"; - payload_not_available = "Connection Lost"; - }]; - espeasy_ds18 = name: [ - { - platform = "mqtt"; - device_class = "temperature"; - state_topic = "/bam/${name}/ds18/Temperature"; - availability_topic = "/bam/${name}/status/LWT"; - payload_available = "Connected"; - payload_not_available = "Connection Lost"; - } - ]; + { platform = "mqtt"; + name = "${name} DHT22 Temperature"; + device_class = "temperature"; + state_topic = "/bam/${name}/dht22/Temperature"; + availability_topic = "/bam/${name}/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + } + { platform = "mqtt"; + device_class = "humidity"; + name = "${name} DHT22 Humidity"; + state_topic = "/bam/${name}/dht22/Humidity"; + availability_topic = "/bam/${name}/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + }]; + espeasy_ds18 = name: + { platform = "mqtt"; + name = "${name} DS18 Temperature"; + state_topic = "/bam/${name}/ds18/Temperature"; + availability_topic = "/bam/${name}/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + }; in { - + networking.firewall.allowedTCPPorts = [ 8123 ]; nixpkgs.config.permittedInsecurePackages = [ "homeassistant-0.65.5" ]; @@ -81,18 +76,19 @@ in { (tasmota_plug "Pluggy" "plug4") ]; binary_sensor = [ - { # esp_easy - platform = "mqtt"; + { platform = "mqtt"; device_class = "motion"; + name = "Motion"; state_topic = "/bam/easy2/movement/Switch"; payload_on = "1"; payload_off = "0"; - availability_topic = "/bam/easy2/status/LWT"; - payload_available = "Connected"; - payload_not_available = "Connection Lost"; + availability_topic = "/bam/easy2/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; } ]; sensor = + (espeasy_dht22 "easy1") ++ (espeasy_dht22 "easy2") ++ [ (espeasy_ds18 "easy3" ) { platform = "luftdaten"; diff --git a/makefu/2configs/deployment/google-muell.nix b/makefu/2configs/deployment/google-muell.nix index f23789ee5..235cc1546 100644 --- a/makefu/2configs/deployment/google-muell.nix +++ b/makefu/2configs/deployment/google-muell.nix @@ -5,7 +5,10 @@ let home = "/var/lib/ampel"; sec = "${toString <secrets>}/google-muell.json"; ampelsec = "${home}/google-muell.json"; - esp = "192.168.1.23"; + cred = "${toString <secrets>}/google-muell-creds.json"; + # TODO: generate this credential file locally + ampelcred = "${home}/google-muell-creds.json"; + esp = "192.168.8.204"; sleepval = "1800"; in { users.users.ampel = { @@ -21,10 +24,10 @@ in { serviceConfig = { User = "ampel"; ExecStartPre = pkgs.writeDash "copy-ampel-secrets" '' - cp ${sec} ${ampelsec} - chown ampel ${ampelsec} + install -m600 -o ampel ${sec} ${ampelsec} + install -m600 -o ampel ${cred} ${ampelcred} ''; - ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${home}/google-muell-creds.json --sleepval=${sleepval}"; + ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${ampelcred} --sleepval=${sleepval}"; PermissionsStartOnly = true; Restart = "always"; RestartSec = 10; diff --git a/makefu/2configs/deployment/homeautomation/default.nix b/makefu/2configs/deployment/homeautomation/default.nix new file mode 100644 index 000000000..f2a3b36e2 --- /dev/null +++ b/makefu/2configs/deployment/homeautomation/default.nix @@ -0,0 +1,141 @@ +{ pkgs, config, ... }: + +# Ideas: +## wake-on-lan server +## +let + firetv = "192.168.1.238"; + tasmota_plug = name: topic: + { platform = "mqtt"; + inherit name; + state_topic = "/ham/${topic}/stat/POWER1"; + command_topic = "/ham/${topic}/cmnd/POWER1"; + availability_topic = "/ham/${topic}/tele/LWT"; + payload_on= "ON"; + payload_off= "OFF"; + payload_available= "Online"; + payload_not_available= "Offline"; + }; + tasmota_bme = name: topic: + [ { platform = "mqtt"; + name = "${name} Temperatur"; + state_topic = "/ham/${topic}/tele/SENSOR"; + value_template = "{{ value_json.BME280.Temperature }}"; + unit_of_measurement = "°C"; + } + { platform = "mqtt"; + name = "${name} Luftfeuchtigkeit"; + state_topic = "/ham/${topic}/tele/SENSOR"; + value_template = "{{ value_json.BME280.Humidity }}"; + unit_of_measurement = "%"; + } + { platform = "mqtt"; + name = "${name} Luftdruck"; + state_topic = "/ham/${topic}/tele/SENSOR"; + value_template = "{{ value_json.BME280.Pressure }}"; + unit_of_measurement = "hPa"; + } + ]; +in { + imports = [ + ./mqtt.nix + ]; + systemd.services.firetv = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; + }; + }; + nixpkgs.config.permittedInsecurePackages = [ + "homeassistant-0.65.5" + ]; + services.home-assistant = { + config = { + homeassistant = { + name = "Home"; time_zone = "Europe/Berlin"; + latitude = "48.7687"; + longitude = "9.2478"; + elevation = 247; + }; + discovery = {}; + conversation = {}; + history = {}; + logbook = {}; + tts = [ + { platform = "google";} + ]; + sun.elevation = 247; + recorder = {}; + media_player = [ + { platform = "kodi"; + host = firetv; + } + { platform = "firetv"; + # assumes python-firetv running + } + ]; + mqtt = { + broker = "localhost"; + port = 1883; + client_id = "home-assistant"; + username = "hass"; + password = builtins.readFile <secrets/mqtt/hass>; + keepalive = 60; + protocol = 3.1; + birth_message = { + topic = "/ham/hass/tele/LWT"; + payload = "Online"; + qos = 1; + retain = true; + }; + will_message = { + topic = "/ham/hass/tele/LWT"; + payload = "Offline"; + qos = 1; + retain = true; + }; + }; + sensor = [ + { platform = "speedtest"; + monitored_conditions = [ "ping" "download" "upload" ]; + } + { platform = "luftdaten"; + name = "Ditzingen"; + sensorid = "663"; + monitored_conditions = [ "P1" "P2" ]; + } + # https://www.home-assistant.io/cookbook/automation_for_rainy_days/ + { platform = "darksky"; + api_key = "c73619e6ea79e553a585be06aacf3679"; + language = "de"; + monitored_conditions = [ "summary" "icon" + "nearest_storm_distance" "precip_probability" + "precip_intensity" + "temperature" # "temperature_high" "temperature_low" + "hourly_summary" + "uv_index" ]; + units = "si" ; + update_interval = { + days = 0; + hours = 0; + minutes = 10; + seconds = 0; + }; + } + ] ++ (tasmota_bme "Schlafzimmer" "schlafzimmer"); + frontend = { }; + #group = [ + # { default_view = { view = "yes"; entities = [ + # "sensor.luftdaten" + # ]} + #]; + http = { }; + switch = [ + (tasmota_plug "Lichterkette Schlafzimmer" "schlafzimmer") + ]; + }; + enable = true; + #configDir = "/var/lib/hass"; + }; +} diff --git a/makefu/2configs/deployment/homeautomation/mqtt.nix b/makefu/2configs/deployment/homeautomation/mqtt.nix new file mode 100644 index 000000000..cd1c328d7 --- /dev/null +++ b/makefu/2configs/deployment/homeautomation/mqtt.nix @@ -0,0 +1,24 @@ +{ pkgs, config, ... }: +{ + services.mosquitto = { + enable = true; + host = "0.0.0.0"; + allowAnonymous = false; + checkPasswords = true; + # see <host>/mosquitto + users.sensor = { + hashedPassword = "$6$2DXU7W1bvqXPqxkF$vtdz5KTd/T09hmoc9LjgEGFjvpwQbQth6vlVcr5hJNLgcBHv4U03YCKC8TKXbmQAa8xiJ76xJIg25kcL+KI3tg=="; + acl = [ "topic readwrite #" ]; + }; + users.hass = { + hashedPassword = "$6$SHuYGrE5kPSUc/hu$EomZ0KBy+vkxLt/6eJkrSBjYblCCeMjhDfUd2mwqXYJ4XsP8hGmZ59mMlmBCd3AvlFYQxb4DT/j3TYlrqo7cDA=="; + acl = [ "topic readwrite #" ]; + }; + users.stats = { + hashedPassword = "$6$j4H7KXD/YZgvgNmL$8e9sUKRXowDqJLOVgzCdDrvDE3+4dGgU6AngfAeN/rleGOgaMhee2Mbg2KS5TC1TOW3tYbk9NhjLYtjBgfRkoA=="; + acl = [ "topic read #" ]; + }; + }; + environment.systemPackages = [ pkgs.mosquitto ]; + # port open via trusted interface +} diff --git a/makefu/2configs/fs/single-partition-ext4.nix b/makefu/2configs/fs/single-partition-ext4.nix index 1970c949f..1655556a5 100644 --- a/makefu/2configs/fs/single-partition-ext4.nix +++ b/makefu/2configs/fs/single-partition-ext4.nix @@ -1,5 +1,7 @@ {config, ...}: { + # fdisk /dev/sda + # mkfs.ext4 -L nixos /dev/sda1 boot.loader.grub.enable = assert config.boot.loader.grub.device != ""; true; boot.loader.grub.version = 2; diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 61182f6c3..1a7f3d987 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -31,6 +31,7 @@ let ampel = { }; europastats = { }; arafetch = { }; + disko = { }; init-stockholm = { cgit.desc = "Init stuff for stockholm"; }; diff --git a/makefu/2configs/home-manager/cli.nix b/makefu/2configs/home-manager/cli.nix new file mode 100644 index 000000000..1efc4d2bf --- /dev/null +++ b/makefu/2configs/home-manager/cli.nix @@ -0,0 +1,12 @@ +{ + home-manager.users.makefu = { + services.gpg-agent = { + defaultCacheTtl = 900; + maxCacheTtl = 7200; + defaultCacheTtlSsh = 3600; + maxCacheTtlSsh = 86400; + enableSshSupport = true; + }; + programs.fzf.enable = true; # alt-c + }; +} diff --git a/makefu/2configs/home-manager/default.nix b/makefu/2configs/home-manager/default.nix new file mode 100644 index 000000000..e75ee6262 --- /dev/null +++ b/makefu/2configs/home-manager/default.nix @@ -0,0 +1,7 @@ +{ + imports = [ + <home-manager/nixos> + ]; + home-manager.users.makefu = { + }; +} diff --git a/makefu/2configs/home-manager/desktop.nix b/makefu/2configs/home-manager/desktop.nix new file mode 100644 index 000000000..c2f854d47 --- /dev/null +++ b/makefu/2configs/home-manager/desktop.nix @@ -0,0 +1,31 @@ +{pkgs, ... }: { + home-manager.users.makefu = { + programs.browserpass = { browsers = [ "firefox" ] ; enable = true; }; + services.network-manager-applet.enable = true; + services.blueman-applet.enable = true; + services.pasystray.enable = true; + + systemd.user.services.network-manager-applet.Service.Environment = '' + XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache + ''; + systemd.user.services.clipit = { + Unit = { + Description = "clipboard manager"; + After = [ "graphical-session-pre.target" ]; + PartOf = [ "graphical-session.target" ]; + }; + + Install = { + WantedBy = [ "graphical-session.target" ]; + }; + + Service = { + Environment = '' + XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache + ''; + ExecStart = "${pkgs.clipit}/bin/clipit"; + Restart = "on-abort"; + }; + }; + }; +} diff --git a/makefu/2configs/home-manager/mail.nix b/makefu/2configs/home-manager/mail.nix new file mode 100644 index 000000000..ce7ae4f4d --- /dev/null +++ b/makefu/2configs/home-manager/mail.nix @@ -0,0 +1,46 @@ +{ + home-manager.users.makefu = { + accounts.email.accounts.syntaxfehler = { + address = "felix.richter@syntax-fehler.de"; + userName = "Felix.Richter@syntax-fehler.de"; + imap = { + host = "syntax-fehler.de"; + tls = { + enable = true; + }; + }; + smtp = { + host = "syntax-fehler.de"; + tls = { + enable = true; + }; + }; + msmtp.enable = true; + notmuch.enable = true; + offlineimap = { + enable = true; + postSyncHookCommand = "notmuch new"; + extraConfig.remote = { + holdconnectionopen = true; + idlefolders = "['INBOX']"; + }; + }; + primary = true; + realName = "Felix Richter"; + passwordCommand = "gpg --use-agent --quiet --batch -d /home/makefu/.mail/syntax-fehler.gpg"; + }; + programs.offlineimap.enable = true; + programs.offlineimap.extraConfig = { + mbnames = { + filename = "~/.mutt/muttrc.mailboxes"; + header = "'mailboxes '"; + peritem = "'+%(accountname)s/%(foldername)s'"; + sep = "' '"; + footer = "'\\n'"; + }; + general = { + ui = "TTY.TTYUI"; + }; + }; + }; +} diff --git a/makefu/2configs/hw/bluetooth.nix b/makefu/2configs/hw/bluetooth.nix index 85c3190ff..313ca0147 100644 --- a/makefu/2configs/hw/bluetooth.nix +++ b/makefu/2configs/hw/bluetooth.nix @@ -29,11 +29,14 @@ # presumably a2dp Sink # Enable profile: ## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink - hardware.bluetooth.extraConfig = ''; - [general] - Enable=Source,Sink,Media,Socket - ''; # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio - hardware.bluetooth.enable = true; + hardware.bluetooth = { + enable = true; + powerOnBoot = false; + extraConfig = '' + [general] + Enable=Source,Sink,Media,Socket + ''; + }; } diff --git a/makefu/2configs/mail/mail.euer.nix b/makefu/2configs/mail/mail.euer.nix new file mode 100644 index 000000000..f079d7f41 --- /dev/null +++ b/makefu/2configs/mail/mail.euer.nix @@ -0,0 +1,47 @@ +{ config, pkgs, ... }: +{ + imports = [ + (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.1.4/nixos-mailserver-v2.1.4.tar.gz") + ]; + + mailserver = { + enable = true; + fqdn = "euer.eloop.org"; + domains = [ "euer.eloop.org" ]; + loginAccounts = { + "makefu@euer.eloop.org" = { + hashedPassword = "$6$5gFFAPnI/c/EHIx$3aHj64p5SX./C.MPb.eBmyLDRdWS1yaoV0s9r3Yexw4UO9URdUkBDgqT7F0Mjgt6.gyYaJ5E50h0Yg7iHtLWI/"; + aliases = [ "root@euer.eloop.org" ]; + catchAll = [ "euer.eloop.org" ]; + + }; + }; + certificateScheme = 3; + + # Enable IMAP and POP3 + enableImap = true; + enablePop3 = false; + enableImapSsl = true; + enablePop3Ssl = false; + + # Enable the ManageSieve protocol + enableManageSieve = true; + + virusScanning = false; + + }; + + services.dovecot2.extraConfig = '' + ssl_dh = </var/lib/dhparams/dovecot.pem + ''; + # workaround for DH creation + # security.dhparams = { + # enable = true; + # params = { + # dovecot = 2048; + # }; + # }; + # systemd.services.dovecot2.requires = [ "dhparams-gen-dovecot.service" ]; + # systemd.services.dovecot2.after = [ "dhparams-gen-dovecot.service" ]; +} + diff --git a/makefu/2configs/mqtt.nix b/makefu/2configs/mqtt.nix index 39c9fdfdd..c56521812 100644 --- a/makefu/2configs/mqtt.nix +++ b/makefu/2configs/mqtt.nix @@ -4,6 +4,7 @@ enable = true; host = "0.0.0.0"; users = {}; + # TODO: secure that shit allowAnonymous = true; }; } diff --git a/makefu/2configs/nginx/euer.mon.nix b/makefu/2configs/nginx/euer.mon.nix index c5a7e68af..765fef535 100644 --- a/makefu/2configs/nginx/euer.mon.nix +++ b/makefu/2configs/nginx/euer.mon.nix @@ -10,7 +10,12 @@ let in { services.nginx = { enable = mkDefault true; - virtualHosts."mon.euer.krebsco.de" = { + virtualHosts."mon.euer.krebsco.de" = let + # flesh_wrap + authFile = pkgs.writeText "influx.conf" '' + user:$apr1$ZG9oQCum$FhtIe/cl3jf8Sa4zq/BWd1 + ''; + in { forceSSL = true; enableACME = true; locations."/" = { @@ -21,6 +26,17 @@ in { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ''; }; + locations."/influxdb/" = { + proxyPass = "http://wbob.r:8086/"; + extraConfig = '' + auth_basic "Needs Autherization to visit"; + auth_basic_user_file ${authFile}; + proxy_http_version 1.1; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_redirect off; + ''; + }; }; }; } diff --git a/makefu/2configs/nginx/iso.euer.nix b/makefu/2configs/nginx/iso.euer.nix new file mode 100644 index 000000000..701609d4b --- /dev/null +++ b/makefu/2configs/nginx/iso.euer.nix @@ -0,0 +1,43 @@ +{ config, pkgs, ... }: +let + system = builtins.currentSystem; #we can also build for other platforms + iso = (import <nixpkgs/nixos/lib/eval-config.nix> + { inherit system; + modules = [ ../../1systems/iso/config.nix ]; } + + ); + image = iso.config.system.build.isoImage; + name = iso.config.isoImage.isoName; + + drivedroid-cfg = builtins.toJSON [{ + id = "stockholm"; + imageUrl = http://krebsco.de/krebs-v2.png; + name = "stockholm"; + tags = [ "hybrid" ]; + url = http://krebsco.de; + releases = [ + { version = iso.config.system.nixos.label; + url = "/stockholm.iso"; + arch = system; } + ]; + # size = TODO; + }]; + web = pkgs.linkFarm "web" [{ + name = "drivedroid.json"; + path = pkgs.writeText "drivedroid.json" drivedroid-cfg; } + { name = "stockholm.iso"; + path = "${image}/iso/${name}"; } + ]; +in +{ + services.nginx = { + virtualHosts = { + "iso.euer.krebsco.de" = { + enableACME = true; + forceSSL = true; + root = web; + locations."/".index = "drivedroid.json"; + }; + }; + }; +} diff --git a/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix b/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix index d0881a934..752612342 100644 --- a/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix +++ b/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix @@ -3,7 +3,7 @@ services.nginx = { enable = lib.mkDefault true; virtualHosts."misa-felix-hochzeit.ml" = { - serverAliases = [ "www.misa-felix-hochzeit.ml" "misa-felix.ml" "www.misa-felix.ml" ]; + serverAliases = [ "misa-felix.ml" "www.misa-felix.ml" ]; forceSSL = true; enableACME = true; locations = { diff --git a/makefu/2configs/remote-build/slave.nix b/makefu/2configs/remote-build/slave.nix index b6e000a34..89121ffd6 100644 --- a/makefu/2configs/remote-build/slave.nix +++ b/makefu/2configs/remote-build/slave.nix @@ -1,11 +1,10 @@ -{ +{config,...}:{ nix.trustedUsers = [ "nixBuild" ]; users.users.nixBuild = { name = "nixBuild"; useDefaultShell = true; - # TODO: put this somewhere else openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild" + config.krebs.users.buildbotSlave.pubkey ]; |