diff options
author | stuebinm | 2021-04-17 16:09:28 +0200 |
---|---|---|
committer | stuebinm | 2021-04-17 16:09:28 +0200 |
commit | 022c17185b8b90515cb2c9b1ae039a9ab190db91 (patch) | |
tree | d31d7078f59613615ec2c49b3e243c39d36e4eed /hosts/flora | |
parent | e1359d9565f4fed555a9aeffae2a83458564f046 (diff) |
cgit: chaski -> flora; general cleanup
Diffstat (limited to 'hosts/flora')
-rw-r--r-- | hosts/flora/configuration.nix | 8 | ||||
-rw-r--r-- | hosts/flora/services/cgit.nix | 94 | ||||
-rw-r--r-- | hosts/flora/services/surveys.nix | 23 | ||||
-rw-r--r-- | hosts/flora/services/workadventure.nix | 104 |
4 files changed, 121 insertions, 108 deletions
diff --git a/hosts/flora/configuration.nix b/hosts/flora/configuration.nix index adf3ba8..d45175e 100644 --- a/hosts/flora/configuration.nix +++ b/hosts/flora/configuration.nix @@ -4,12 +4,12 @@ imports = [ ./hardware-configuration.nix ./services/hedgedoc.nix - ./services/daemoniones.nix + #./services/daemoniones.nix ./services/nginx.nix - ./services/workadventure.nix - #./../../../nginx/vod.nix ./services/pleroma.nix - ./services/picarones.nix + ./services/cgit.nix + ./services/surveys.nix + #./services/picarones.nix ]; # Use the GRUB 2 boot loader. diff --git a/hosts/flora/services/cgit.nix b/hosts/flora/services/cgit.nix new file mode 100644 index 0000000..094bfd5 --- /dev/null +++ b/hosts/flora/services/cgit.nix @@ -0,0 +1,94 @@ +{pkgs, config, ...}: + +{ + containers.cgit = { + autoStart = true; + privateNetwork = true; + hostAddress6 = "fd00::42:12"; + localAddress6 = "fd00::42:13"; + + bindMounts."/git" = { + hostPath = "/var/git/public"; + isReadOnly = true; + }; + + config = {pkgs, config, ...}: { + services.lighttpd.enable = true; + services.lighttpd.extraConfig = ''server.use-ipv6 = "enable"''; + services.lighttpd.cgit = { + enable = true; + subdir = "git"; + configText = '' + source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py + about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh + cache-size=1000 + logo=/git/cgit.png + favicon=/git/favicon.ico + + # take css from an assumed repo `config` + css=/git/config/plain/cgit.css + + # remove .git extensions from repo names + remove-suffix=1 + + # readme formats which may be parsed + readme=:README.md + readme=:README + readme=:README.txt + readme=:README.org + + # allow cloning repos + enable-http-clone=1 + + enable-follow-links=1 + enable-html-serving=1 + enable-index-owner=0 + + mimetype.css=text/css + mimetype.jpg=image/jpeg + mimetype.jpeg=image/jpeg + mimetype.pdf=application/pdf + mimetype.png=image/png + mimetype.svg=image/svg+xml + + # some nice formatting + root-title=An Assortment of Stuff + root-desc=hand-squished into git repos + enable-commit-graph=1 + enable-log-linecount=1 + enable-log-filecount=1 + branch-sort=age + # suppress email addresses in html logs + noplainemail=1 + + # maximum file size for plain blobs in kilobyte + max-blob-size=100 + + cache-scanrc-ttl=1 + + scan-path=/git + ''; + }; + + networking.firewall.allowedTCPPorts = [ 80 ]; + }; + }; + + services.nginx.recommendedProxySettings = true; + services.nginx.virtualHosts."stuebinm.eu" = { + locations."/git/".proxyPass = "http://[${config.containers.cgit.localAddress6}]"; + enableACME = true; + forceSSL = true; + }; + + # user for git repo administration + users.users.git = { + openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys; + home = "/var/git"; + isNormalUser = true; + packages = [ pkgs.git ]; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + +} diff --git a/hosts/flora/services/surveys.nix b/hosts/flora/services/surveys.nix new file mode 100644 index 0000000..befa673 --- /dev/null +++ b/hosts/flora/services/surveys.nix @@ -0,0 +1,23 @@ +{pkgs, config, ...}: + +let survey = pkgs.fetchgit { + url = "https://stuebinm.eu/git/slightly-better-surveys"; + rev = "c255269db0c739400b62d4c4041e3238b1045d22"; + sha256 = "007q6s5xc3kn3dy1zj7hc94wyn495qam2x1020br3crwgpxy3hmp"; + }; +in +{ + services.nginx.virtualHosts."survey.stuebinm.eu" = { + locations."/".root = survey.outPath + "/site"; + locations."/upload".proxyPass = "http://localhost:8080"; + + enableACME = true; + forceSSL = true; + }; + + services.nginx.appendHttpConfig = '' + types { + application/wasm wasm; + } + ''; +} diff --git a/hosts/flora/services/workadventure.nix b/hosts/flora/services/workadventure.nix deleted file mode 100644 index f38f5da..0000000 --- a/hosts/flora/services/workadventure.nix +++ /dev/null @@ -1,104 +0,0 @@ -{pkgs, config, ...}: - - -let - haccpkgssrc = pkgs.fetchgit { - url = "https://gitlab.infra4future.de/stuebinm/workadventure-nix-hacc"; - rev = "a4ffb828aadf5ffd54a269f8a9ec9553c016069b"; - sha256 = "12qfisfwr170b94j12rhy2q3smrwc7a3nh6xzbxlphnr3vadplvz"; - }; - haccpkgs = import "${haccpkgssrc}"; - fediventure = pkgs.fetchgit { - url = "https://gitlab.infra4future.de/stuebinm/fediventure-simple"; - rev = "f32d3c5efd39df558f80b862c60b2866c567d999"; - sha256 = "0kdb29hzh6s7rsz8s9z40hsmj09rrww1lcyfdi7wpng9ixi1jfvx"; - }; -in - -{ - - containers.wa-test = { - autoStart = true; - privateNetwork = true; - hostAddress6 = "fd00::42:20"; - localAddress6 = "fd00::42:21"; - - config = {config, pkgs, ...}: { - imports = [ "${fediventure}/workadventure.nix" ]; - networking.firewall.allowedTCPPorts = [ 80 443 5000 7890 ]; - - services.workadventure.instances."space.stuebinm.eu" = { - nginx.default = true; - nginx.domain = "space.stuebinm.eu"; - maps.path = haccpkgs.workadventure-hacc-rc3-map.outPath + "/"; - frontend.settings.startRoomUrl = "space.stuebinm.eu/maps/main.json"; - frontend.settings = { - stunServer = "stun:chaski.stuebinm.eu:3478"; - turnServer = "turn:95.217.159.23"; - turnUser = "chaski"; - turnPassword = "chaski"; - jitsiUrl = "meet.ffmuc.net"; - }; - }; - - services.prometheus = { - enable = true; - port = 9001; - scrapeConfigs = [ { - job_name = "workadventure-back"; - static_configs = [ { - targets = [ "localhost:8080" ]; - } ]; - } ]; - }; - - services.grafana = { - enable = true; - port = 5000; - addr = "[::]"; - rootUrl = "https://space.stuebinm.eu/metrics/"; - auth.anonymous.enable = true; - provision = { - enable = true; - datasources = [ { - name = "workadventure"; - type = "prometheus"; - url = "http://localhost:9001"; - } ]; - }; - }; - - systemd.services.goaccess = { - enable = true; - description = "Uses goaccess to publish a neat acces log on /var/www/index.html"; - requires = [ "nginx.service" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig.Type = "simple"; - path = [ pkgs.goaccess ]; - environment = {"HOME" = "/tmp";}; # necessary as goaccess will crash otherwise — is fixed upstream, but not yet in nixos - script = '' - mkdir -p /var/www-goaccess/ - goaccess /var/log/nginx/access.log -o /var/www-goaccess/index.html --log-format=COMBINED --html - ''; - }; - - services.nginx.virtualHosts."space.stuebinm.eu" = { - locations."/stats/".alias = "/var/www-goaccess/"; - }; - }; - }; - - services.nginx.virtualHosts."space.stuebinm.eu" = { - extraConfig = '' - proxy_read_timeout 300s; - proxy_connect_timeout 75s; - ''; - locations."/metrics/".proxyPass = "http://[${config.containers.wa-test.localAddress6}]:5000/"; - locations."/metrics/".proxyWebsockets = true; - locations."/".proxyPass = "http://[${config.containers.wa-test.localAddress6}]:80"; - locations."/".proxyWebsockets = true; - enableACME = true; - forceSSL = true; - }; -} - |