From 2ebd0a1fdd2c8e82f3a960ba7fb09bb66ace89ca Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 28 Oct 2016 15:02:46 +0200 Subject: l 2 websites domsen: disable backups until fixed --- lass/2configs/websites/domsen.nix | 21 --------------------- 1 file changed, 21 deletions(-) (limited to 'lass/2configs/websites') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index fa56d0e1..2a6df06f 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -103,27 +103,6 @@ in { "o_ubikmedia_de" ]; - krebs.backup.plans = { - prism-sql-domsen = { - method = "push"; - src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-sql"; }; - startAt = "00:01"; - }; - prism-http-domsen = { - method = "push"; - src = { host = config.krebs.hosts.prism; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-http"; }; - startAt = "00:10"; - }; - prism-o-ubikmedia-domsen = { - method = "push"; - src = { host = config.krebs.hosts.prism; path = "/srv/o.ubikmedia.de-data"; }; - dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-owncloud"; }; - startAt = "00:30"; - }; - }; - services.phpfpm.phpOptions = '' sendmail_path = ${sendmail} -t upload_max_filesize = 100M -- cgit v1.2.3 From d02cebe5cef7ac6c12d8971f2a49a43a9a51e6bb Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 10 Nov 2016 22:34:15 +0100 Subject: l 2 websites lass: add some experimental stuff --- lass/2configs/websites/lassulus.nix | 47 +++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) (limited to 'lass/2configs/websites') diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index b8342e14..29374e97 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -37,6 +37,31 @@ in { }; }; + krebs.tinc_graphs.enable = true; + + users.users.lass-stuff = { + uid = genid "lass-stuff"; + description = "lassul.us blog cgi stuff"; + home = "/var/empty"; + }; + + services.phpfpm.poolConfigs."lass-stuff" = '' + listen = /var/run/lass-stuff.socket + user = lass-stuff + group = nginx + pm = dynamic + pm.max_children = 5 + pm.start_servers = 1 + pm.min_spare_servers = 1 + pm.max_spare_servers = 1 + listen.owner = lass-stuff + listen.group = nginx + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + catch_workers_output = yes + security.limit_extensions = + ''; + users.groups.lasscert.members = [ "dovecot2" "ejabberd" @@ -53,6 +78,28 @@ in { (nameValuePair "/.well-known/acme-challenge" '' root /var/lib/acme/challenges/lassul.us/; '') + (nameValuePair "= /retiolum-hosts.tar.bz2" '' + alias ${config.krebs.tinc.retiolum.hostsArchive}; + '') + (nameValuePair "/tinc" '' + alias ${config.krebs.tinc_graphs.workingDir}/external; + '') + (let + script = pkgs.writeBash "test" '' + echo "hello world" + ''; + #script = pkgs.execve "ddate-wrapper" { + # filename = "${pkgs.ddate}/bin/ddate"; + # argv = []; + #}; + in nameValuePair "= /ddate" '' + gzip off; + fastcgi_pass unix:/var/run/lass-stuff.socket; + include ${pkgs.nginx}/conf/fastcgi_params; + fastcgi_param DOCUMENT_ROOT /var/empty; + fastcgi_param SCRIPT_FILENAME ${script}; + fastcgi_param SCRIPT_NAME ${script}; + '') ]; ssl = { enable = true; -- cgit v1.2.3 From dd67d49ea87d4248e7ad12844564302025d603c4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 10 Nov 2016 22:34:34 +0100 Subject: l 2 websites util: add ownloud headers --- lass/2configs/websites/util.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lass/2configs/websites') diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 23f41719..55be8a8d 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -79,6 +79,8 @@ rec { add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; # Path to the root of your installation root /srv/http/${domain}/; -- cgit v1.2.3