1 files changed, 20 insertions, 35 deletions

diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 9a9bd4730..1eb81cd0a 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -1,5 +1,7 @@
 { config, lib, pkgs, ... }:
 
+with config.krebs.lib;
+
 let
   ip = config.krebs.build.host.nets.internet.ip4.addr;
 
@@ -19,14 +21,27 @@ in {
     ../2configs/privoxy-retiolum.nix
     ../2configs/radio.nix
     ../2configs/buildbot-standalone.nix
+    ../2configs/repo-sync.nix
+    ../2configs/binary-cache/server.nix
     {
       imports = [
         ../2configs/git.nix
-        ( manageCerts [ "cgit.lassul.us" ])
-      ];
-      krebs.nginx.servers.cgit.server-names = [
-        "cgit.lassul.us"
       ];
+      krebs.nginx.servers.cgit = {
+        server-names = [
+          "cgit.lassul.us"
+        ];
+        locations = [
+          (nameValuePair "/.well-known/acme-challenge" ''
+            root /var/lib/acme/challenges/cgit.lassul.us/;
+          '')
+        ];
+        ssl = {
+          enable = true;
+          certificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
+          certificate_key = "/var/lib/acme/cgit.lassul.us/key.pem";
+        };
+      };
     }
     {
       users.extraGroups = {
@@ -66,8 +81,6 @@ in {
 
     }
     {
-      #boot.loader.gummiboot.enable = true;
-      #boot.loader.efi.canTouchEfiVariables = true;
       boot.loader.grub = {
         devices = [
           "/dev/sda"
@@ -110,10 +123,6 @@ in {
     {
       sound.enable = false;
     }
-    #{
-    #  #workaround for server dying after 6-7h
-    #  boot.kernelPackages = pkgs.linuxPackages_4_2;
-    #}
     {
       nixpkgs.config.allowUnfree = true;
     }
@@ -202,7 +211,7 @@ in {
     }
     {
       imports = [
-        ../2configs/realwallpaper-server.nix
+        ../2configs/realwallpaper.nix
       ];
       krebs.nginx.servers."lassul.us".locations = [
         (lib.nameValuePair "/wallpaper.png" ''
@@ -210,30 +219,6 @@ in {
         '')
       ];
     }
-    {
-      services.nix-serve = {
-        enable = true;
-        secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
-      };
-      systemd.services.nix-serve = {
-        requires = ["secret.service"];
-        after = ["secret.service"];
-      };
-      krebs.secret.files.nix-serve-key = {
-        path = "/run/secret/nix-serve.key";
-        owner.name = "nix-serve";
-        source-path = toString <secrets> + "/nix-serve.key";
-      };
-      krebs.nginx = {
-        enable = true;
-        servers.nix-serve = {
-          server-names = [ "cache.prism.r" ];
-          locations = lib.singleton (lib.nameValuePair "/" ''
-            proxy_pass http://localhost:${toString config.services.nix-serve.port};
-          '');
-        };
-      };
-    }
   ];
 
   krebs.build.host = config.krebs.hosts.prism;