diff options
-rw-r--r-- | krebs/3modules/tv/default.nix | 10 | ||||
-rw-r--r-- | tv/1systems/cd.nix | 58 |
2 files changed, 2 insertions, 66 deletions
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index ca8e577d8..8e266e1b3 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -78,11 +78,7 @@ with import <stockholm/lib>; extraZones = { # TODO generate krebsco.de zone from nets and don't use extraZones at all "krebsco.de" = '' - krebsco.de. 60 IN MX 5 mx23 - mx23 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr} cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr} - cgit 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr} - cgit.cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr} ''; }; nets = { @@ -90,11 +86,7 @@ with import <stockholm/lib>; ip4.addr = "45.62.237.203"; aliases = [ "cd.i" - "cd.internet" "cd.krebsco.de" - "cgit.cd.krebsco.de" - "cd.viljetic.de" - "cgit.cd.viljetic.de" ]; ssh.port = 11423; }; @@ -221,7 +213,9 @@ with import <stockholm/lib>; ni = { extraZones = { "krebsco.de" = '' + krebsco.de. 60 IN MX 5 ni ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} + cgit 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} ''; }; diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index 043e91510..03a5e58d7 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -10,9 +10,7 @@ with import <stockholm/lib>; ../2configs/hw/CAC-Developer-2.nix ../2configs/fs/CAC-CentOS-7-64bit.nix ../2configs/exim-smarthost.nix - ../2configs/git.nix ../2configs/retiolum.nix - ../2configs/urlwatch.nix { tv.charybdis = { enable = true; @@ -33,62 +31,6 @@ with import <stockholm/lib>; "xmpp-server" ]; } - { - krebs.github-hosts-sync.enable = true; - tv.iptables.input-internet-accept-tcp = - singleton config.krebs.github-hosts-sync.port; - } - { - krebs.nginx.servers.cgit.server-names = [ - "cgit.cd.krebsco.de" - "cgit.cd.viljetic.de" - ]; - # TODO make public_html also available to cd, cd.retiolum (AKA default) - krebs.nginx.servers."https://viljetic.de" = { - server-names = singleton "viljetic.de"; - listen = mkForce []; # disable default - ssl = { - enable = true; - certificate = "/var/lib/acme/viljetic.de/fullchain.pem"; - certificate_key = "/var/lib/acme/viljetic.de/key.pem"; - }; - locations = [ - (nameValuePair "/" '' - root ${pkgs.viljetic-pages}; - '') - (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' - alias /home/$1/public_html$2; - '') - ]; - }; - krebs.nginx.servers."http://viljetic.de" = { - server-names = singleton "viljetic.de"; - locations = [ - (nameValuePair "/.well-known/acme-challenge/" '' - root /var/lib/acme/challenges/viljetic.de/; - '') - (nameValuePair "/" '' - return 301 https://viljetic.de$request_uri; - '') - ]; - }; - security.acme = { - certs."viljetic.de" = { - email = "tomislav@viljetic.de"; - webroot = "/var/lib/acme/challenges/viljetic.de"; - plugins = [ - "account_key.json" - "key.pem" - "fullchain.pem" - ]; - user = "nginx"; - }; - }; - tv.iptables.input-internet-accept-tcp = [ - "http" - "https" - ]; - } ]; networking = { |