simplify and deduplicate chaski config

2 files changed, 16 insertions, 5 deletions

diff --git a/hosts/chaski/services/cgit.nix b/hosts/chaski/services/cgit.nix
index abe69e5..7ce041c 100644
--- a/hosts/chaski/services/cgit.nix
+++ b/hosts/chaski/services/cgit.nix
@@ -11,7 +11,7 @@
       hostPath = "/var/git/public";
       isReadOnly = true;
     };
-    
+
     config = {pkgs, config, ...}: {
       services.lighttpd.enable = true;
       services.lighttpd.extraConfig = ''server.use-ipv6 = "enable"'';
@@ -75,5 +75,19 @@
   };
 
   services.nginx.recommendedProxySettings = true;
-  services.nginx.virtualHosts."stuebinm.eu".locations."/git/".proxyPass = "http://[${config.containers.cgit.localAddress6}]";
+  services.nginx.virtualHosts."stuebinm.eu" = {
+    locations."/git/".proxyPass = "http://[${config.containers.cgit.localAddress6}]";
+    enableACME = true;
+    forceSSL = true;
+  };
+
+  # user for git repo administration
+  users.users.git = {
+    openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
+    home = "/var/git";
+    isNormalUser = true;
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
 }
diff --git a/hosts/chaski/services/coturn.nix b/hosts/chaski/services/coturn.nix
index 9a2211f..54ec6d6 100644
--- a/hosts/chaski/services/coturn.nix
+++ b/hosts/chaski/services/coturn.nix
@@ -4,10 +4,7 @@
   services.coturn = {
     enable = true;
     realm = "chaski.stuebinm.eu";
-#    static-auth-secret = "chaski";
-#    use-auth-secret = true;
     no-cli = true;
-#    no-tcp-relay = true;
     lt-cred-mech = true;
     extraConfig = ''
       verbose