summaryrefslogtreecommitdiff
path: root/hosts/flora
diff options
context:
space:
mode:
authorstuebinm2021-04-17 16:09:28 +0200
committerstuebinm2021-04-17 16:09:28 +0200
commit022c17185b8b90515cb2c9b1ae039a9ab190db91 (patch)
treed31d7078f59613615ec2c49b3e243c39d36e4eed /hosts/flora
parente1359d9565f4fed555a9aeffae2a83458564f046 (diff)
cgit: chaski -> flora; general cleanup
Diffstat (limited to 'hosts/flora')
-rw-r--r--hosts/flora/configuration.nix8
-rw-r--r--hosts/flora/services/cgit.nix94
-rw-r--r--hosts/flora/services/surveys.nix23
-rw-r--r--hosts/flora/services/workadventure.nix104
4 files changed, 121 insertions, 108 deletions
diff --git a/hosts/flora/configuration.nix b/hosts/flora/configuration.nix
index adf3ba8..d45175e 100644
--- a/hosts/flora/configuration.nix
+++ b/hosts/flora/configuration.nix
@@ -4,12 +4,12 @@
imports = [
./hardware-configuration.nix
./services/hedgedoc.nix
- ./services/daemoniones.nix
+ #./services/daemoniones.nix
./services/nginx.nix
- ./services/workadventure.nix
- #./../../../nginx/vod.nix
./services/pleroma.nix
- ./services/picarones.nix
+ ./services/cgit.nix
+ ./services/surveys.nix
+ #./services/picarones.nix
];
# Use the GRUB 2 boot loader.
diff --git a/hosts/flora/services/cgit.nix b/hosts/flora/services/cgit.nix
new file mode 100644
index 0000000..094bfd5
--- /dev/null
+++ b/hosts/flora/services/cgit.nix
@@ -0,0 +1,94 @@
+{pkgs, config, ...}:
+
+{
+ containers.cgit = {
+ autoStart = true;
+ privateNetwork = true;
+ hostAddress6 = "fd00::42:12";
+ localAddress6 = "fd00::42:13";
+
+ bindMounts."/git" = {
+ hostPath = "/var/git/public";
+ isReadOnly = true;
+ };
+
+ config = {pkgs, config, ...}: {
+ services.lighttpd.enable = true;
+ services.lighttpd.extraConfig = ''server.use-ipv6 = "enable"'';
+ services.lighttpd.cgit = {
+ enable = true;
+ subdir = "git";
+ configText = ''
+ source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
+ about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
+ cache-size=1000
+ logo=/git/cgit.png
+ favicon=/git/favicon.ico
+
+ # take css from an assumed repo `config`
+ css=/git/config/plain/cgit.css
+
+ # remove .git extensions from repo names
+ remove-suffix=1
+
+ # readme formats which may be parsed
+ readme=:README.md
+ readme=:README
+ readme=:README.txt
+ readme=:README.org
+
+ # allow cloning repos
+ enable-http-clone=1
+
+ enable-follow-links=1
+ enable-html-serving=1
+ enable-index-owner=0
+
+ mimetype.css=text/css
+ mimetype.jpg=image/jpeg
+ mimetype.jpeg=image/jpeg
+ mimetype.pdf=application/pdf
+ mimetype.png=image/png
+ mimetype.svg=image/svg+xml
+
+ # some nice formatting
+ root-title=An Assortment of Stuff
+ root-desc=hand-squished into git repos
+ enable-commit-graph=1
+ enable-log-linecount=1
+ enable-log-filecount=1
+ branch-sort=age
+ # suppress email addresses in html logs
+ noplainemail=1
+
+ # maximum file size for plain blobs in kilobyte
+ max-blob-size=100
+
+ cache-scanrc-ttl=1
+
+ scan-path=/git
+ '';
+ };
+
+ networking.firewall.allowedTCPPorts = [ 80 ];
+ };
+ };
+
+ services.nginx.recommendedProxySettings = true;
+ services.nginx.virtualHosts."stuebinm.eu" = {
+ locations."/git/".proxyPass = "http://[${config.containers.cgit.localAddress6}]";
+ enableACME = true;
+ forceSSL = true;
+ };
+
+ # user for git repo administration
+ users.users.git = {
+ openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
+ home = "/var/git";
+ isNormalUser = true;
+ packages = [ pkgs.git ];
+ };
+
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+}
diff --git a/hosts/flora/services/surveys.nix b/hosts/flora/services/surveys.nix
new file mode 100644
index 0000000..befa673
--- /dev/null
+++ b/hosts/flora/services/surveys.nix
@@ -0,0 +1,23 @@
+{pkgs, config, ...}:
+
+let survey = pkgs.fetchgit {
+ url = "https://stuebinm.eu/git/slightly-better-surveys";
+ rev = "c255269db0c739400b62d4c4041e3238b1045d22";
+ sha256 = "007q6s5xc3kn3dy1zj7hc94wyn495qam2x1020br3crwgpxy3hmp";
+ };
+in
+{
+ services.nginx.virtualHosts."survey.stuebinm.eu" = {
+ locations."/".root = survey.outPath + "/site";
+ locations."/upload".proxyPass = "http://localhost:8080";
+
+ enableACME = true;
+ forceSSL = true;
+ };
+
+ services.nginx.appendHttpConfig = ''
+ types {
+ application/wasm wasm;
+ }
+ '';
+}
diff --git a/hosts/flora/services/workadventure.nix b/hosts/flora/services/workadventure.nix
deleted file mode 100644
index f38f5da..0000000
--- a/hosts/flora/services/workadventure.nix
+++ /dev/null
@@ -1,104 +0,0 @@
-{pkgs, config, ...}:
-
-
-let
- haccpkgssrc = pkgs.fetchgit {
- url = "https://gitlab.infra4future.de/stuebinm/workadventure-nix-hacc";
- rev = "a4ffb828aadf5ffd54a269f8a9ec9553c016069b";
- sha256 = "12qfisfwr170b94j12rhy2q3smrwc7a3nh6xzbxlphnr3vadplvz";
- };
- haccpkgs = import "${haccpkgssrc}";
- fediventure = pkgs.fetchgit {
- url = "https://gitlab.infra4future.de/stuebinm/fediventure-simple";
- rev = "f32d3c5efd39df558f80b862c60b2866c567d999";
- sha256 = "0kdb29hzh6s7rsz8s9z40hsmj09rrww1lcyfdi7wpng9ixi1jfvx";
- };
-in
-
-{
-
- containers.wa-test = {
- autoStart = true;
- privateNetwork = true;
- hostAddress6 = "fd00::42:20";
- localAddress6 = "fd00::42:21";
-
- config = {config, pkgs, ...}: {
- imports = [ "${fediventure}/workadventure.nix" ];
- networking.firewall.allowedTCPPorts = [ 80 443 5000 7890 ];
-
- services.workadventure.instances."space.stuebinm.eu" = {
- nginx.default = true;
- nginx.domain = "space.stuebinm.eu";
- maps.path = haccpkgs.workadventure-hacc-rc3-map.outPath + "/";
- frontend.settings.startRoomUrl = "space.stuebinm.eu/maps/main.json";
- frontend.settings = {
- stunServer = "stun:chaski.stuebinm.eu:3478";
- turnServer = "turn:95.217.159.23";
- turnUser = "chaski";
- turnPassword = "chaski";
- jitsiUrl = "meet.ffmuc.net";
- };
- };
-
- services.prometheus = {
- enable = true;
- port = 9001;
- scrapeConfigs = [ {
- job_name = "workadventure-back";
- static_configs = [ {
- targets = [ "localhost:8080" ];
- } ];
- } ];
- };
-
- services.grafana = {
- enable = true;
- port = 5000;
- addr = "[::]";
- rootUrl = "https://space.stuebinm.eu/metrics/";
- auth.anonymous.enable = true;
- provision = {
- enable = true;
- datasources = [ {
- name = "workadventure";
- type = "prometheus";
- url = "http://localhost:9001";
- } ];
- };
- };
-
- systemd.services.goaccess = {
- enable = true;
- description = "Uses goaccess to publish a neat acces log on /var/www/index.html";
- requires = [ "nginx.service" ];
- wantedBy = [ "multi-user.target" ];
- serviceConfig.Type = "simple";
- path = [ pkgs.goaccess ];
- environment = {"HOME" = "/tmp";}; # necessary as goaccess will crash otherwise — is fixed upstream, but not yet in nixos
- script = ''
- mkdir -p /var/www-goaccess/
- goaccess /var/log/nginx/access.log -o /var/www-goaccess/index.html --log-format=COMBINED --html
- '';
- };
-
- services.nginx.virtualHosts."space.stuebinm.eu" = {
- locations."/stats/".alias = "/var/www-goaccess/";
- };
- };
- };
-
- services.nginx.virtualHosts."space.stuebinm.eu" = {
- extraConfig = ''
- proxy_read_timeout 300s;
- proxy_connect_timeout 75s;
- '';
- locations."/metrics/".proxyPass = "http://[${config.containers.wa-test.localAddress6}]:5000/";
- locations."/metrics/".proxyWebsockets = true;
- locations."/".proxyPass = "http://[${config.containers.wa-test.localAddress6}]:80";
- locations."/".proxyWebsockets = true;
- enableACME = true;
- forceSSL = true;
- };
-}
-