diff options
Diffstat (limited to 'lass')
| -rw-r--r-- | lass/1systems/daedalus/config.nix | 2 | ||||
| -rw-r--r-- | lass/1systems/prism/config.nix | 31 | ||||
| -rw-r--r-- | lass/1systems/yellow/config.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/radio.nix | 4 | ||||
| -rw-r--r-- | lass/2configs/websites/lassulus.nix | 54 | ||||
| -rw-r--r-- | lass/2configs/websites/util.nix | 98 | ||||
| -rw-r--r-- | lass/3modules/autowifi.nix | 2 |
7 files changed, 94 insertions, 99 deletions
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index df8868034..2c1be473a 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -58,7 +58,7 @@ with import <stockholm/lib>; krebs.per-user.bitcoin.packages = [ pkgs.electrum pkgs.electron-cash - pkgs.altcoins.litecoin + pkgs.litecoin ]; users.extraUsers = { bitcoin = { diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 845cf943c..13e865c6e 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -65,6 +65,13 @@ with import <stockholm/lib>; config.krebs.users.makefu.pubkey ]; }; + users.users.nin = { + uid = genid "nin"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + ]; + }; users.extraUsers.dritter = { uid = genid_uint31 "dritter"; isNormalUser = true; @@ -117,6 +124,26 @@ with import <stockholm/lib>; localAddress = "10.233.2.2"; }; } + { + #onondaga + systemd.services."container@onondaga".reloadIfChanged = mkForce false; + containers.onondaga = { + config = { ... }: { + imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ]; + environment.systemPackages = [ pkgs.git ]; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + config.krebs.users.nin.pubkey + ]; + }; + autoStart = true; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.5"; + localAddress = "10.233.2.6"; + }; + } <stockholm/lass/2configs/exim-smarthost.nix> <stockholm/lass/2configs/ts3.nix> <stockholm/lass/2configs/privoxy-retiolum.nix> @@ -157,7 +184,7 @@ with import <stockholm/lib>; imports = [ <stockholm/lass/2configs/realwallpaper.nix> ]; - services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' + services.nginx.virtualHosts."lassul.us".locations."= /wallpaper.png".extraConfig = '' alias /var/realwallpaper/realwallpaper.png; ''; } @@ -352,7 +379,7 @@ with import <stockholm/lib>; services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = '' if ($scheme != "https") { - rewrite ^ https://$host$uri permanent; + rewrite ^ https://$host$request_uri permanent; } auth_basic "Restricted Content"; auth_basic_user_file ${pkgs.writeText "transmission-user-pass" '' diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index cda0d0a33..d049bdee6 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -47,7 +47,7 @@ with import <stockholm/lib>; }; virtualHosts.default = { default = true; - locations."/Nginx-Fancyindex-Theme-dark" = { + locations."=/Nginx-Fancyindex-Theme-dark" = { extraConfig = '' alias ${pkgs.fetchFromGitHub { owner = "Naereen"; diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index b4efd42fc..7e1433fde 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -230,11 +230,11 @@ in { proxy_set_header X-Real-IP $remote_addr; proxy_pass http://localhost:8000; ''; - locations."/recent".extraConfig = '' + locations."= /recent".extraConfig = '' alias /tmp/played; ''; }; - virtualHosts."lassul.us".locations."/the_playlist".extraConfig = let + virtualHosts."lassul.us".locations."= /the_playlist".extraConfig = let html = pkgs.writeText "index.html" '' <!DOCTYPE html> <html lang="en"> diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 526909e8a..f04f312d0 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -21,29 +21,6 @@ in { krebs.tinc_graphs.enable = true; - users.users.lass-stuff = { - uid = genid_uint31 "lass-stuff"; - description = "lassul.us blog cgi stuff"; - home = "/var/empty"; - }; - - services.phpfpm.poolConfigs."lass-stuff" = '' - listen = /var/run/lass-stuff.socket - user = lass-stuff - group = nginx - pm = dynamic - pm.max_children = 5 - pm.start_servers = 1 - pm.min_spare_servers = 1 - pm.max_spare_servers = 1 - listen.owner = lass-stuff - listen.group = nginx - php_admin_value[error_log] = 'stderr' - php_admin_flag[log_errors] = on - catch_workers_output = yes - security.limit_extensions = - ''; - users.groups.lasscert.members = [ "dovecot2" "ejabberd" @@ -60,48 +37,33 @@ in { locations."= /retiolum-hosts.tar.bz2".extraConfig = '' alias ${config.krebs.tinc.retiolum.hostsArchive}; ''; + locations."= /hosts".extraConfig = '' + alias ${pkgs.krebs-hosts_combined}; + ''; locations."= /retiolum.hosts".extraConfig = '' alias ${pkgs.krebs-hosts-retiolum}; ''; locations."= /wireguard-key".extraConfig = '' alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey}; ''; - locations."/tinc".extraConfig = '' + locations."/tinc/".extraConfig = '' alias ${config.krebs.tinc_graphs.workingDir}/external; ''; - locations."/krebspage".extraConfig = '' + locations."= /krebspage".extraConfig = '' default_type "text/html"; alias ${pkgs.krebspage}/index.html; ''; - # TODO make this work! - locations."= /ddate".extraConfig = let - script = pkgs.writeBash "test" '' - echo "hello world" - ''; - #script = pkgs.exec "ddate-wrapper" { - # filename = "${pkgs.ddate}/bin/ddate"; - # argv = []; - #}; - in '' - gzip off; - fastcgi_pass unix:/var/run/lass-stuff.socket; - include ${pkgs.nginx}/conf/fastcgi_params; - fastcgi_param DOCUMENT_ROOT /var/empty; - fastcgi_param SCRIPT_FILENAME ${script}; - fastcgi_param SCRIPT_NAME ${script}; - ''; - - locations."/init".extraConfig = let + locations."= /init".extraConfig = let initscript = pkgs.init.override { pubkey = config.krebs.users.lass.pubkey; }; in '' alias ${initscript}; ''; - locations."/pub".extraConfig = '' + locations."= /pub".extraConfig = '' alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey}; ''; - locations."/pub1".extraConfig = '' + locations."= /pub1".extraConfig = '' alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey}; ''; }; diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index a807f7160..bffa1036b 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -60,21 +60,23 @@ rec { expires max; ''; }; - services.phpfpm.poolConfigs."${domain}" = '' - listen = /srv/http/${domain}/phpfpm.pool - user = nginx - group = nginx - pm = dynamic - pm.max_children = 25 - pm.start_servers = 5 - pm.min_spare_servers = 3 - pm.max_spare_servers = 20 - listen.owner = nginx - listen.group = nginx - php_admin_value[error_log] = 'stderr' - php_admin_flag[log_errors] = on - catch_workers_output = yes - ''; + services.phpfpm.pools."${domain}" = { + user = "nginx"; + group = "nginx"; + extraConfig = '' + listen = /srv/http/${domain}/phpfpm.pool + pm = dynamic + pm.max_children = 25 + pm.start_servers = 5 + pm.min_spare_servers = 3 + pm.max_spare_servers = 20 + listen.owner = nginx + listen.group = nginx + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + catch_workers_output = yes + ''; + }; }; serveOwncloud = domains: @@ -169,22 +171,24 @@ rec { access_log off; ''; }; - services.phpfpm.poolConfigs."${domain}" = '' - listen = /srv/http/${domain}/phpfpm.pool - user = nginx - group = nginx - pm = dynamic - pm.max_children = 32 - pm.max_requests = 500 - pm.start_servers = 2 - pm.min_spare_servers = 2 - pm.max_spare_servers = 5 - listen.owner = nginx - listen.group = nginx - php_admin_value[error_log] = 'stderr' - php_admin_flag[log_errors] = on - catch_workers_output = yes - ''; + services.phpfpm.pools."${domain}" = { + user = "nginx"; + group = "nginx"; + extraConfig = '' + listen = /srv/http/${domain}/phpfpm.pool + pm = dynamic + pm.max_children = 32 + pm.max_requests = 500 + pm.start_servers = 2 + pm.min_spare_servers = 2 + pm.max_spare_servers = 5 + listen.owner = nginx + listen.group = nginx + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + catch_workers_output = yes + ''; + }; }; serveWordpress = domains: @@ -220,21 +224,23 @@ rec { expires max; ''; }; - services.phpfpm.poolConfigs."${domain}" = '' - listen = /srv/http/${domain}/phpfpm.pool - user = nginx - group = nginx - pm = dynamic - pm.max_children = 25 - pm.start_servers = 5 - pm.min_spare_servers = 3 - pm.max_spare_servers = 20 - listen.owner = nginx - listen.group = nginx - php_admin_value[error_log] = 'stderr' - php_admin_flag[log_errors] = on - catch_workers_output = yes - ''; + services.phpfpm.pools."${domain}" = { + user = "nginx"; + group = "nginx"; + extraConfig = '' + listen = /srv/http/${domain}/phpfpm.pool + pm = dynamic + pm.max_children = 25 + pm.start_servers = 5 + pm.min_spare_servers = 3 + pm.max_spare_servers = 20 + listen.owner = nginx + listen.group = nginx + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + catch_workers_output = yes + ''; + }; }; } diff --git a/lass/3modules/autowifi.nix b/lass/3modules/autowifi.nix index 930d99727..b84569df8 100644 --- a/lass/3modules/autowifi.nix +++ b/lass/3modules/autowifi.nix @@ -13,7 +13,7 @@ in { }; }; - config = { + config = lib.mkIf cfg.enable { systemd.services.autowifi = { description = "Automatic wifi connector"; wantedBy = [ "multi-user.target" ]; |