diff options
author | stuebinm | 2022-01-18 09:43:24 +0100 |
---|---|---|
committer | stuebinm | 2022-01-20 13:19:44 +0100 |
commit | 0bcabe1c4b1dd74af233674dfa6c6ec3011ce2c0 (patch) | |
tree | 5c58943f99245ff7f745f50b46c34ae288c3e503 /hosts | |
parent | db83a406bc6e63289e47ff5d2228c08430832655 (diff) |
restructuring directories
Diffstat (limited to 'hosts')
32 files changed, 0 insertions, 1622 deletions
diff --git a/hosts/abbenay/configuration.nix b/hosts/abbenay/configuration.nix deleted file mode 100644 index 2aabaa7..0000000 --- a/hosts/abbenay/configuration.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - ./hardware-configuration.nix - ]; - - services.flatpak.enable = true; - services.avahi.enable = true; - services.avahi.nssmdns = true; - - services.xserver = { - displayManager.gdm.enable = true; - desktopManager.gnome.enable = true; - }; - services.gnome.gnome-keyring.enable = pkgs.lib.mkForce false; - - environment.systemPackages = with pkgs; [ - gnome3.gnome-tweaks - flatpak flatpak-builder - # for mounting samba - cifs-utils - ]; - - networking = { - hostName = "matthias-nix"; - - useDHCP = false; - interfaces.enp3s0.useDHCP = true; - # networkmanager shouldn't handle nixos container - networkmanager.unmanaged = [ "interface-name:ve-*" ]; - }; - # nixos containers should have internet access - networking.nat = { - enable = true; - internalInterfaces = ["ve-+"]; - externalInterface = "eth0"; - }; - - boot = { - extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; - kernelModules = [ "v4l2loopback" ]; - }; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "20.03"; # Did you read the comment? - -} diff --git a/hosts/abbenay/hardware-configuration.nix b/hosts/abbenay/hardware-configuration.nix deleted file mode 100644 index 876431d..0000000 --- a/hosts/abbenay/hardware-configuration.nix +++ /dev/null @@ -1,35 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/ba8853b3-6e52-49d6-a250-6d99b8dfe6d6"; - fsType = "ext4"; - }; - fileSystems."/home" = - { device = "/dev/disk/by-label/nix-space"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/0F28-FE85"; - fsType = "vfat"; - }; - - swapDevices = [ - { device = "/dev/disk/by-uuid/6e9fddfc-99d2-46d2-bcb4-d8c5e1c19d38"; } - ]; - - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -} diff --git a/hosts/chaski/configuration.nix b/hosts/chaski/configuration.nix deleted file mode 100644 index ae422cf..0000000 --- a/hosts/chaski/configuration.nix +++ /dev/null @@ -1,50 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - # ./services/workadventure.nix - #./services/exneuland.nix - # ./services/jitsi.nix - ./services/uplcg.nix - ./services/woitb.nix - ./services/geolocation.nix - ./services/gtfs.nix - ]; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - services.nginx.appendHttpConfig = '' - access_log off; - add_header Permissions-Policy "interest-cohort=()"; - ''; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - - networking.hostName = "chaski"; # Define your hostname. - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - networking.useDHCP = false; - networking.interfaces.ens10.useDHCP = true; - networking.interfaces.ens3.useDHCP = true; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "20.09"; # Did you read the comment? - - boot.loader.grub.devices = [ "/dev/sda" ]; - -} diff --git a/hosts/chaski/hardware-configuration.nix b/hosts/chaski/hardware-configuration.nix deleted file mode 100644 index 54fbcba..0000000 --- a/hosts/chaski/hardware-configuration.nix +++ /dev/null @@ -1,23 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/5beea4aa-5ea3-4518-9b7d-97f289be92ea"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - -} diff --git a/hosts/chaski/services/VaaS/.gitignore b/hosts/chaski/services/VaaS/.gitignore deleted file mode 100644 index b5e3679..0000000 --- a/hosts/chaski/services/VaaS/.gitignore +++ /dev/null @@ -1 +0,0 @@ -dist-newstyle/* diff --git a/hosts/chaski/services/VaaS/CHANGELOG.md b/hosts/chaski/services/VaaS/CHANGELOG.md deleted file mode 100644 index 500a0d0..0000000 --- a/hosts/chaski/services/VaaS/CHANGELOG.md +++ /dev/null @@ -1,5 +0,0 @@ -# Revision history for haskell - -## 0.1.0.0 -- YYYY-mm-dd - -* First version. Released on an unsuspecting world. diff --git a/hosts/chaski/services/VaaS/app/Main.hs b/hosts/chaski/services/VaaS/app/Main.hs deleted file mode 100644 index b5697d7..0000000 --- a/hosts/chaski/services/VaaS/app/Main.hs +++ /dev/null @@ -1,58 +0,0 @@ -{-# LANGUAGE LambdaCase #-} -{-# LANGUAGE OverloadedStrings #-} - -module Main where - -import Control.Exception (try) -import Control.Exception.Base (handle) -import qualified Data.ByteString as BS -import Data.ByteString.Base32 -import qualified Data.ByteString.Char8 as C8 -import qualified Data.ByteString.Lazy as LB -import Data.Maybe (mapMaybe) -import Network.HTTP.Client (httpLbs, newManager, parseRequest, - responseBody) -import Network.HTTP.Client.TLS -import Network.HTTP.Types -import Network.Wai -import Network.Wai.Handler.Warp (run) -import qualified System.Environment as SE -import System.Process - -simpleResponse = responseLBS status200 [("Content-Type", "text/plain")] - -simpleError = responseLBS status400 [("Content-Type", "text/plain")] - -serveFile filename = do - content <- LB.readFile filename - pure $ responseLBS status200 [("Content-Type", "text/html")] content - -app :: FilePath -> FilePath -> Application -app validator index req respond = - case requestMethod req of - "GET" -> case pathInfo req of - [] -> serveFile index >>= respond - ["validate"] -> do - let gtfsuri = head $ mapMaybe (\case { ("gtfs",a) -> Just a; _ -> Nothing }) $ queryString req - putStrLn $ "uri is " <> show gtfsuri - case gtfsuri of - Just uri -> do - man <- newManager tlsManagerSettings - request <- parseRequest $ C8.unpack uri - gtfs <- httpLbs request man - let filename = "/tmp/" <> C8.unpack (encodeBase32' uri) <> ".zip" - LB.writeFile filename (responseBody gtfs) - readProcessWithExitCode "python" [validator,"-n", filename, "--output", "/tmp/gtfs-validated.html"] "" - - serveFile "/tmp/gtfs-validated.html" >>= respond - - Nothing -> respond $ simpleError "missing gtfs parameter" - _ -> respond $ simpleError "unknown path" - _ -> respond $ simpleError "invalid reqeust method" - -main :: IO () -main = do - args <- SE.getArgs - let validator = head args - putStrLn "http://localhost:7000/" - run 7000 $ app validator (args!!1) diff --git a/hosts/chaski/services/VaaS/default.nix b/hosts/chaski/services/VaaS/default.nix deleted file mode 100644 index 427270c..0000000 --- a/hosts/chaski/services/VaaS/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ pkgs, compiler ? "default", doBenchmark ? false }: - -let - - inherit pkgs; - - f = { mkDerivation, base, base32, bytestring, http-client - , http-client-tls, http-types, lib, process, wai, warp - }: - mkDerivation { - pname = "VaaS"; - version = "0.1.0.0"; - src = ./.; - isLibrary = false; - isExecutable = true; - executableHaskellDepends = [ - base base32 bytestring http-client http-client-tls http-types - process wai warp - ]; - license = "unknown"; - hydraPlatforms = lib.platforms.none; - }; - - haskellPackages = if compiler == "default" - then pkgs.haskellPackages - else pkgs.haskell.packages.${compiler}; - - variant = if doBenchmark then pkgs.haskell.lib.doBenchmark else pkgs.lib.id; -in - variant (haskellPackages.callPackage f {}) diff --git a/hosts/chaski/services/VaaS/haskell.cabal b/hosts/chaski/services/VaaS/haskell.cabal deleted file mode 100644 index 262b65f..0000000 --- a/hosts/chaski/services/VaaS/haskell.cabal +++ /dev/null @@ -1,35 +0,0 @@ -cabal-version: 2.4 -name: VaaS -version: 0.1.0.0 - --- A short (one-line) description of the package. --- synopsis: - --- A longer description of the package. --- description: - --- A URL where users can report bugs. --- bug-reports: - --- The license under which the package is released. --- license: -author: stuebinm -maintainer: stuebinm@disroot.org - --- A copyright notice. --- copyright: --- category: -extra-source-files: CHANGELOG.md - -executable VaaS - main-is: Main.hs - - -- Modules included in this executable, other than Main. - -- other-modules: - - -- LANGUAGE extensions used by modules in this package. - -- other-extensions: - build-depends: base ^>=4.14.1.0, wai, warp, http-types, bytestring, process, - http-client, http-client-tls, base32 - hs-source-dirs: app - default-language: Haskell2010 diff --git a/hosts/chaski/services/VaaS/index.html b/hosts/chaski/services/VaaS/index.html deleted file mode 100644 index a7f59e0..0000000 --- a/hosts/chaski/services/VaaS/index.html +++ /dev/null @@ -1,46 +0,0 @@ -<!doctype html> -<html class="no-js" lang=""> - <head> - <meta charset="utf-8"> - <meta http-equiv="x-ua-compatible" content="ie=edge"> - <title>GTFS Validator</title> - <meta name="description" content=""> - <meta name="viewport" content="width=device-width, initial-scale=1"> - - <link rel="apple-touch-icon" href="/apple-touch-icon.png"> - <!-- Place favicon.ico in the root directory --> - - </head> - <body> - <!--[if lt IE 8]> - <p class="browserupgrade"> - You are using an <strong>outdated</strong> browser. Please - <a href="http://browsehappy.com/">upgrade your browser</a> to improve - your experience. - </p> - <![endif]--> - - <h1>GTFS Validator</h1> - <p> - This runs the validator contained in the - <a href="https://github.com/google/transitfeed">transitfeed - git repository - </a>. - </p> - - <p>Paste the url to your GTFS zip below</p> - - <input id="url"> - <button id="submit">Validate</button> - - <script> - let submit = document.getElementById("submit"); - let url = document.getElementById("url"); - - submit.onclick = () => { - window.location = - "/validate?gtfs=" + url.value - } - </script> - </body> -</html> diff --git a/hosts/chaski/services/exneuland.nix b/hosts/chaski/services/exneuland.nix deleted file mode 100644 index 3ec3451..0000000 --- a/hosts/chaski/services/exneuland.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - workadventure-nix = builtins.fetchGit { - url = "https://stuebinm.eu/git/workadventure-nix"; - ref = "master"; - }; - wapkgs = import "${workadventure-nix.outPath}/wapkgs.nix" { - inherit pkgs; - lib = pkgs.lib; - }; - frontdrv = wapkgs.workadventure-tcm.front.override { - environment = { - PUSHER_URL = "https://exneuland.stuebinm.eu/pusher"; - START_ROOM_URL = "/_/global/world.di.c3voc.de/maps/main.json"; - }; - }; - exneuland = import ../../../pkgs/exneuland.nix; -in -{ - services.nginx = { - enable = true; - recommendedProxySettings = false; - virtualHosts."exneuland.stuebinm.eu" = { - root = "${frontdrv}/dist"; - locations."/_/".tryFiles = "/index.html =404"; - - locations."/pusher" = { - proxyPass = "http://localhost:4000"; - proxyWebsockets = true; - extraConfig = '' - add_header Access-Control-Allow-Origin https://exneuland.stuebinm.eu; - proxy_pass_request_headers on; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $http_host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - ''; - }; - - enableACME = true; - forceSSL = true; - }; - }; - - systemd.services.exneuland = { - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - description = "exneuland backend for workadventure"; - serviceConfig = { - ExecStart = "${exneuland}/bin/exneuland start"; - Restart = "always"; - }; - }; -} diff --git a/hosts/chaski/services/geolocation.nix b/hosts/chaski/services/geolocation.nix deleted file mode 100644 index 4b095bd..0000000 --- a/hosts/chaski/services/geolocation.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - services.nginx.virtualHosts."ilztal.live".locations."/geolocation".root = - ../../../assets/ilztal.live; -} diff --git a/hosts/chaski/services/gtfs.nix b/hosts/chaski/services/gtfs.nix deleted file mode 100644 index 61837a1..0000000 --- a/hosts/chaski/services/gtfs.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - vaas = import ./VaaS/default.nix {inherit pkgs; }; - - transitfeed = pkgs.fetchFromGitHub { - owner = "google"; - repo = "transitfeed"; - rev = "d727e97cb66ac2ca2d699a382ea1d449ee26c2a1"; - sha256 = "0kmcmdja6h7gzvi40c9qfzxh6qwv5184g2rgpqx5rhj4ql9ini3h"; - }; - - index = pkgs.copyPathToStore ./VaaS/index.html; -in -{ - systemd.services.vaas = { - enable = true; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - description = "GTFS feed validator as a service"; - path = [ pkgs.python2 pkgs.python2Packages.pytz pkgs.python2Packages.enum34 ]; - serviceConfig = { - ExecStart = "${vaas}/bin/VaaS ${transitfeed}/feedvalidator.py ${index}"; - Restart = "always"; - PrivateTmp = "true"; - PrivateDevices = "true"; - ProtectSystem = "strict"; - ReadWritePaths = [ "/tmp" ]; - }; - - }; - - services.nginx.virtualHosts."gtfs.stuebinm.eu" = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://localhost:7000"; - }; -} diff --git a/hosts/chaski/services/jitsi.nix b/hosts/chaski/services/jitsi.nix deleted file mode 100644 index d6f398b..0000000 --- a/hosts/chaski/services/jitsi.nix +++ /dev/null @@ -1,59 +0,0 @@ -{config, pkgs, ...}: - -with pkgs.luaPackages; -with pkgs; -let extraLua = import ../../../../playground/jitsi/test.nix; -in - -{ - services.jitsi-meet = { - enable = true; - hostName = "jitsi.stuebinm.eu"; - config = { - enableWelcomePage = true; - prejoinPageEnabled = true; - }; - interfaceConfig = { - SHOW_JITSI_WATERMARK = false; - SHOW_WATERMARK_FOR_GUESTS = false; - }; - }; - services.jitsi-videobridge.openFirewall = true; - - services.nginx.virtualHosts."api.jitsi.stuebinm.eu" = { - locations."/room-size" = { - proxyPass = pkgs.lib.mkForce - "http://jitsi.stuebinm.eu:5280/room-size?$args&domain=jitsi.stuebinm.eu"; - - extraConfig = '' - add_header Access-Control-Allow-Origin *; - ''; - }; - locations."/room-list" = { - proxyPass = "http://jitsi.stuebinm.eu:5280/room-list?domain=jitsi.stuebinm.eu"; - extraConfig = '' - add_header Access-Control-Allow-Origin *; - ''; - }; - locations."/dashboard/".root = - pkgs.copyPathToStore ../../../../playground/jitsi/html; - - enableACME = true; - forceSSL = true; - }; - - services.nginx.recommendedProxySettings = false; - - services.prosody = { - #extraModules = [ "muc_size2" ]; - extraModules = [ "jitsi_bundled" ]; - extraPluginPaths = [ - (pkgs.copyPathToStore ../../../../playground/jitsi/plugins) - ]; - package = pkgs.prosody.override { - withExtraLibs = with extraLua; [ basexx luajwtjitsi net-url ]; - }; - }; - - -} diff --git a/hosts/chaski/services/uplcg.nix b/hosts/chaski/services/uplcg.nix deleted file mode 100644 index 5605046..0000000 --- a/hosts/chaski/services/uplcg.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, pkgs, inputs, ... }: - -{ - imports = [ - "${inputs.uplcg.outPath}/module.nix" - ]; - - services.uplcg = { - enable = true; - port = 9080; - domain = "0.0.0.0"; - }; - - services.nginx.enable = true; - services.nginx.virtualHosts."cards.stuebinm.eu" = { - locations."/" = { - proxyPass = "http://localhost:9080"; - proxyWebsockets = true; - }; - enableACME = true; - forceSSL = true; - }; -} diff --git a/hosts/chaski/services/woitb.nix b/hosts/chaski/services/woitb.nix deleted file mode 100644 index 0c50617..0000000 --- a/hosts/chaski/services/woitb.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ config, lib, pkgs, inputs, ... }: - -let - #sources = ../../nix/sources.nix; - sources = /home/stuebinm/Dokumente/utils/playground/ilztal/server; -in -{ - # systemd.services.woitb = { - # enable = true; - # description = "wo ist die ilztalbahn?"; - # wantedBy = [ "multi-user.target" ]; - # serviceConfig.type = "simple"; - # script = "${import sources}/bin/woitb"; - # }; - - services.nginx.enable = true; - services.nginx.virtualHosts."ilztal.live" = { - enableACME = true; - forceSSL = true; - locations."/".root = pkgs.copyPathToStore ./woitb; - - # locations."/upnext".proxyPass = "http://localhost:8000"; - # locations."/geoloc".proxyPass = "http://localhost:8000"; - }; - - services.nginx.virtualHosts."track.ilztal.live" = { - enableACME = true; - forceSSL = true; - locations."/".root = inputs.tracktrain; - }; - -} diff --git a/hosts/chaski/services/woitb/index.html b/hosts/chaski/services/woitb/index.html deleted file mode 100644 index 8d08826..0000000 --- a/hosts/chaski/services/woitb/index.html +++ /dev/null @@ -1,124 +0,0 @@ -<!DOCTYPE html> -<html lang="de"><head> -<meta http-equiv="content-type" content="text/html; charset=UTF-8"> - <meta charset="utf-8"> - <meta http-equiv="x-ua-compatible" content="ie=edge"> - <title>Wo ist die Ilztalbahn?</title> - <meta name="description" content=""> - <meta name="viewport" content="width=device-width, initial-scale=1"> - - <link rel="apple-touch-icon" href="https://ilztal.live/apple-touch-icon.png"> - <!-- Place favicon.ico in the root directory --> - <style> - - body { - background-color: olivedrab; - color: white; - font-family: "Sans Serif"; - max-width: 60em; - margin-left: auto; - margin-right: auto; - margin-top: 4em; - } - - body > p, #sonst p { - text-align: center; - margin-bottom: 4rem; - } - - section > p { - text-align: center; - } - - a { - text-decoration: none; - } - - h1, h2, h3 { - font-weight: lighter - } - - h1 { - font-size: 40pt; - text-align: center; - } - - @media only screen and (max-width: 1000px) { - h1 { - font-size: 30pt; - } - body { - margin: 1em; - } - } - - h2 { - font-size: 23pt; - } - - tr { - background-color: white; - color: black; - } - - td { - margin-left: 0; - padding: 0.5em; - } - - #wo { - color: black; - background-color: white; - padding: 1em; - max-width: 40em; - margin: auto; - font-weight: bold; - } - - #wo div h2 { - margin-left: 2rem; - } - - #wo div p { - margin-left: 3rem; - } - - #fahrplan { - margin: auto; - max-width: 40em; - } - - #fahrplan table tr td:last-child { - min-width: 70%; - } - - #fahrplan table { - width: 100%; - } - - </style> - </head> - <body> - <!--[if lt IE 8]> - <p class="browserupgrade"> - You are using an <strong>outdated</strong> browser. Please - <a href="http://browsehappy.com/">upgrade your browser</a> to improve - your experience. - </p> - <![endif]--> - - <h1>Wo ist die <a href="https://ilztalbahn.eu/">Ilztalbahn</a> gerade?</h1> - - <p>(es gibt eh nur eine)</p> - - <div id="root"><main id=""><h2 id="">Gerade nicht unterwegs</h2><div id="wo"><h2 id="">Nächste Fahrt 2022</h2><p id="">Fahrplan ist noch nicht bekannt.</p></div></main></div> - - <section> - <p>Andere Abfahrten ab Passau <a href="https://marudor.de/NPA">via marudor.de</a> | <a href="https://iris.noncd.db.de/wbt/js/index.html?bhf=NPA&Zeilen=20">via Iris der DB</a></p> - - <p style="margin-top:3em">(Diese Seite also known as "oh, die Ilztalbahn <a href="https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip">hat ja Open Data</a> 😍" – <a href="https://ilztal.live/info.html">Weitere Infos</a>)</p> - </section> - - - -</body></html> diff --git a/hosts/chaski/services/woitb/info.html b/hosts/chaski/services/woitb/info.html deleted file mode 100644 index e68d728..0000000 --- a/hosts/chaski/services/woitb/info.html +++ /dev/null @@ -1,180 +0,0 @@ -<!doctype html> -<html lang="de"> - <head> - <meta charset="utf-8"> - <meta http-equiv="x-ua-compatible" content="ie=edge"> - <title>Wo ist die Ilztalbahn?</title> - <meta name="description" content=""> - <meta name="viewport" content="width=device-width, initial-scale=1"> - - <link rel="apple-touch-icon" href="/apple-touch-icon.png"> - <!-- Place favicon.ico in the root directory --> - <style> - - body { - background-color: olivedrab; - color: white; - font-family: "Sans Serif"; - max-width: 60em; - margin-left: auto; - margin-right: auto; - margin-top: 4em; - } - - body > p, #sonst p { - text-align: center; - margin-bottom: 4rem; - } - - section > p { - text-align: center; - } - - a { - text-decoration: none; - } - - h1, h2, h3 { - font-weight: lighter - } - - h1 { - font-size: 40pt; - text-align: center; - } - - @media only screen and (max-width: 1000px) { - h1 { - font-size: 30pt; - } - body { - margin: 1em; - } - } - - h2 { - font-size: 23pt; - } - - tr { - background-color: white; - color: black; - } - - td { - margin-left: 0; - padding: 0.5em; - } - - #wo { - color: black; - background-color: white; - padding: 1em; - max-width: 40em; - margin: auto; - font-weight: bold; - } - - #wo div h2 { - margin-left: 2rem; - } - - #wo div p { - margin-left: 3rem; - } - - #fahrplan { - margin: auto; - max-width: 40em; - } - - #fahrplan table tr td:last-child { - min-width: 70%; - } - - #fahrplan table { - width: 100%; - } - - </style> - </head> - <body> - <!--[if lt IE 8]> - <p class="browserupgrade"> - You are using an <strong>outdated</strong> browser. Please - <a href="http://browsehappy.com/">upgrade your browser</a> to improve - your experience. - </p> - <![endif]--> - - <h1><a href="index.html">Wo ist die Ilztalbahn</a> – Über</h1> - - <main> - <h2>Was ist das hier?</h2> - <p> - Diese Webseite zeigt den Fahrplan der <a href="https://ilztalbahn.eu">Ilztalbahn</a> an, - und macht sonst nicht viel. Bitte beachtet, dass diese Seite nicht von der Ilztalbahn GmbH, - dem Förderverein o.ä. betrieben wird, sondern nur ein privates Projekt einer einzelnen Person - ohne jede Verfügbarkeitsgarantie ist. - </p> - - <h2>Wie funktioniert das?</h2> - <p> - Die Ilztalbahn bietet ihren Fahrplan im offenen Standard <a href="https://gtfs.org/">GTFS</a> - an. Weil GTFS an einigen Stellen ein manchmal schwer zu benutzender Standard ist (und nicht - jeder Besuch dieser Webseite einen Aufruf des GTFS der Ilztalbahn triggern muss), hängt noch - ein kleiner Server dazwischen der die relevanten Teile in JSON übersetzt. - </p> - <p> - Der Fahrplan ist jeweils für einen ganzen Sommer gültig, und wird auch währenddessen - (soweit ich sehen kann) nicht verändert oder aktualisiert — es gibt also keinerlei Garantie, - dass die Daten hier korrekt sind! - </p> - - <h2>Gibt es das auch als App?</h2> - <p> - Aktuell nicht. Wenn ihr die Webseite im Browser offen lasst, sollte sie sich aber auch offline - noch automatisch aktualisieren. - </p> - - <h2>Werden Verspätungen/etc. angezeigt?</h2> - <p> - Leider nein. Es gibt für einige Fahrten der Ilztalbahn zwar Echtzeitdaten von der DB, diese - sind aber nicht im Datensatz der Ilztalbahn enthalten. Vielleicht kommen die hier noch - irgendwann mit rein, solange könnt ihr sie (falls es sie gibt) bei - <a href="https://marudor.de/Passau%20Hbf">marudor.de</a> anschauen. - </p> - - <h2>Gibts hier Quellcode zu?</h2> - <p> - Ja klar, hier: <a href="https://stuebinm.eu/git/woitb">git-Repository</a> - </p> - - <h2>Datenschutz?</h2> - <p> - Diese Seite läuft aktuell auf einer kleinen vps bei <a href="https://hetzner.de">Hetzner</a>, - geloggt werden aktuell nur Zugriffe, aber keine IP-Adressen. - </p> - - <h2>Wer macht das hier?</h2> - <p> - Auch nur so ein Mensch im Internet. Falls ihr wollt könnt ihr - <a href="https://pleroma.stuebinm.eu/stuebinm">auf meinem Pleroma</a> vorbeischauen. - </p> - - <h2>Ich hab ne Idee für ein Feature!</h2> - <p> - Schreibt mich über Pleroma an, vielleicht habe ich Zeit und Lust es einzubauen. - </p> - - <h2>Ich hab ein Feature dazuimplementiert!</h2> - <p> - Cool! Schick mir gerne nen Patch! (Mail ist im Repository) - </p> - </main> - <section> - <p style="margin-top:3em;">(Diese Seite also known as "oh, die Ilztalbahn <a href="https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip">hat ja Open Data</a> 😍" – <a href="info.html">Weitere Infos</a>)</p> - </section> - - </body> -</html> diff --git a/hosts/chaski/services/workadventure.nix b/hosts/chaski/services/workadventure.nix deleted file mode 100644 index c2b704f..0000000 --- a/hosts/chaski/services/workadventure.nix +++ /dev/null @@ -1,93 +0,0 @@ -{pkgs, lib, config, ...}: - -let - sources = import ../../../nix/sources.nix {}; - # why the double outPath? Dunno, just niv things … - workadventure-nix = sources.workadventure.outPath.outPath; - packageset = ( - import "${workadventure-nix}/wapkgs.nix" { - inherit pkgs lib; - } - ).workadventure-xce; -in -{ - # not the most intuitive of container names, but "workadventure" is too long - containers.wa-space = { - - # we'll need the outer config to get the turn secret inside the container, - # and I'm feeling haskelly so config' it is! - config = let config' = config; in {config, pkgs, ...}: { - imports = [ workadventure-nix ]; - networking.firewall.allowedTCPPorts = [ 80 ]; - - services.workadventure."space.stuebinm.eu" = { - inherit packageset; - - nginx = { - default = true; - domain = "space.stuebinm.eu"; - maps.serve = true; - maps.path = "/workadventuremaps/"; - }; - - frontend.startRoomUrl = "/_/global/space.stuebinm.eu/maps/Floor0/floor0.json"; - - commonConfig = { - webrtc.stun.url = "stun:space.stuebinm.eu:3478"; - webrtc.turn = { - url = "turn:95.217.159.23"; - user = "turn"; - password = config'.services.coturn.static-auth-secret; - }; - jitsi.url = "meet.ffmuc.net"; - }; - }; - }; - - privateNetwork = true; - hostAddress6 = "fd00::42:14"; - localAddress6 = "fd00::42:16"; - - autoStart = true; - - }; - - services.coturn = { - enable = true; - realm = "turn.hacc.space"; - # this is a static "secret" that is also compiled into workadventure, - # so it seems ok to put it into the nix store - static-auth-secret = "1c496cea367f9608c77a754c1ef78079a512e013"; - use-auth-secret = true; - no-cli = true; - no-tcp-relay = true; - - cert = config.security.acme.certs."space.stuebinm.eu".directory + "full.pem"; - pkey = config.security.acme.certs."space.stuebinm.eu".directory + "key.pem"; - }; - - - services.nginx = { - virtualHosts."space.stuebinm.eu" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://[${config.containers.wa-space.localAddress6}]"; - proxyWebsockets = true; - }; - }; - }; - - - networking.firewall = with config.services.coturn; - let - ports = [ listening-port tls-listening-port ]; - in { - allowedTCPPorts = [ 80 ] ++ ports; - allowedUDPPorts = ports; - allowedUDPPortRanges = [ - { from = min-port; to = max-port; } - ]; - }; - -} diff --git a/hosts/cyberbox/configuration.nix b/hosts/cyberbox/configuration.nix deleted file mode 100644 index 47ffaad..0000000 --- a/hosts/cyberbox/configuration.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - ./hardware-configuration.nix - ]; - - # laptop power things - services.tlp.enable = true; - - programs.light.enable = true; - programs.slock.enable = true; - - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only - - networking = { - hostName = "cyberbox"; # Define your hostname. - networkmanager.enable = true; - useDHCP = false; - interfaces.enp0s25.useDHCP = true; - interfaces.wlp3s0.useDHCP = true; - }; - - - # Enable the X11 windowing system. - services.xserver.enable = true; - - # entrypoint for emacs configured with home-manager - # (must be available on the user's $PATH) - services.xserver.windowManager.session = pkgs.lib.singleton { - name = "exwm"; - start = "emacs -l ${pkgs.writeText "emacs-exwm-load" '' - (require 'exwm-config) - (exwm-config-default) - (defvar inexwm t) - ''}"; - }; - - # Enable sound. - sound.enable = true; - hardware.pulseaudio.enable = true; - - # Enable touchpad support (enabled default in most desktopManager). - services.xserver.libinput.enable = true; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "20.09"; # Did you read the comment? - -} - diff --git a/hosts/cyberbox/hardware-configuration.nix b/hosts/cyberbox/hardware-configuration.nix deleted file mode 100644 index a724f02..0000000 --- a/hosts/cyberbox/hardware-configuration.nix +++ /dev/null @@ -1,31 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/70a8042c-c5b5-4faa-8019-0eb042fbdf00"; - fsType = "ext4"; - }; - - boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/e53c9b77-5e00-40a0-bbda-62978b7b3000"; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/60cda588-b262-4394-8d38-284109a08a59"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -} diff --git a/hosts/flora/configuration.nix b/hosts/flora/configuration.nix deleted file mode 100644 index b2699b7..0000000 --- a/hosts/flora/configuration.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - ./hardware-configuration.nix - # ./services/hedgedoc.nix - #./services/daemoniones.nix - ./services/nginx.nix - ./services/pleroma.nix - ./services/cgit.nix - # ./services/surveys.nix - #./services/picarones.nix - ./services/dockerhub.nix - ./services/blog.nix - ]; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.devices = [ "/dev/sda" ]; - - networking = { - hostName = "flora"; - - enableIPv6 = true; - defaultGateway6 = { - address = "fe80::1"; - interface = "ens3"; - }; - - interfaces.ens3.ipv6.addresses = [ { - address = "2a01:4f9:c010:df15::1"; - prefixLength = 64; - } ]; - - useDHCP = false; - interfaces.ens3.useDHCP = true; - - firewall.logRefusedConnections = false; - - - }; - - services.fail2ban = { - enable = true; - bantime-increment.enable = true; - bantime-increment.overalljails = true; - bantime-increment.maxtime = "1312m"; - ignoreIP = [ "88.133.194.232" ]; - }; - - services.logrotate = { - enable = true; - paths.nginx = { - path = "/var/log/nginx"; - frequency = "weekly"; - }; - }; - - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system = { - stateVersion = "20.09"; # Did you read the comment? - }; - -} - diff --git a/hosts/flora/hardware-configuration.nix b/hosts/flora/hardware-configuration.nix deleted file mode 100644 index 2ce21f4..0000000 --- a/hosts/flora/hardware-configuration.nix +++ /dev/null @@ -1,25 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ modulesPath, config, lib, pkgs, inputs, ... }: - -{ - imports = - [ "${modulesPath}/profiles/qemu-guest.nix" - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/5d31cad5-9076-4d2f-93f6-6af817bc368b"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 1; -} - diff --git a/hosts/flora/services/blog.nix b/hosts/flora/services/blog.nix deleted file mode 100644 index 056a63b..0000000 --- a/hosts/flora/services/blog.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, lib, pkgs, inputs, ... }: - -{ - services.nginx.virtualHosts."stuebinm.eu" = { - enableACME = true; - forceSSL = true; - locations."/".root = (import inputs.blog); - }; -} diff --git a/hosts/flora/services/cgit.nix b/hosts/flora/services/cgit.nix deleted file mode 100644 index 094bfd5..0000000 --- a/hosts/flora/services/cgit.nix +++ /dev/null @@ -1,94 +0,0 @@ -{pkgs, config, ...}: - -{ - containers.cgit = { - autoStart = true; - privateNetwork = true; - hostAddress6 = "fd00::42:12"; - localAddress6 = "fd00::42:13"; - - bindMounts."/git" = { - hostPath = "/var/git/public"; - isReadOnly = true; - }; - - config = {pkgs, config, ...}: { - services.lighttpd.enable = true; - services.lighttpd.extraConfig = ''server.use-ipv6 = "enable"''; - services.lighttpd.cgit = { - enable = true; - subdir = "git"; - configText = '' - source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py - about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh - cache-size=1000 - logo=/git/cgit.png - favicon=/git/favicon.ico - - # take css from an assumed repo `config` - css=/git/config/plain/cgit.css - - # remove .git extensions from repo names - remove-suffix=1 - - # readme formats which may be parsed - readme=:README.md - readme=:README - readme=:README.txt - readme=:README.org - - # allow cloning repos - enable-http-clone=1 - - enable-follow-links=1 - enable-html-serving=1 - enable-index-owner=0 - - mimetype.css=text/css - mimetype.jpg=image/jpeg - mimetype.jpeg=image/jpeg - mimetype.pdf=application/pdf - mimetype.png=image/png - mimetype.svg=image/svg+xml - - # some nice formatting - root-title=An Assortment of Stuff - root-desc=hand-squished into git repos - enable-commit-graph=1 - enable-log-linecount=1 - enable-log-filecount=1 - branch-sort=age - # suppress email addresses in html logs - noplainemail=1 - - # maximum file size for plain blobs in kilobyte - max-blob-size=100 - - cache-scanrc-ttl=1 - - scan-path=/git - ''; - }; - - networking.firewall.allowedTCPPorts = [ 80 ]; - }; - }; - - services.nginx.recommendedProxySettings = true; - services.nginx.virtualHosts."stuebinm.eu" = { - locations."/git/".proxyPass = "http://[${config.containers.cgit.localAddress6}]"; - enableACME = true; - forceSSL = true; - }; - - # user for git repo administration - users.users.git = { - openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys; - home = "/var/git"; - isNormalUser = true; - packages = [ pkgs.git ]; - }; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - -} diff --git a/hosts/flora/services/daemoniones.nix b/hosts/flora/services/daemoniones.nix deleted file mode 100644 index ae9d3cb..0000000 --- a/hosts/flora/services/daemoniones.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ config, pkgs, ...}: - -{ - systemd.services = - let simpledaemon = name: command: { - enable = true; - description = name; - wantedBy = [ "multi-user.target" ]; - serviceConfig.Type = "simple"; - script = command; - }; - in { - choclo = simpledaemon "choclo signalling server" "/root/simple-signalling/target/release/chaski -b 127.0.0.1:5000"; - wasi = simpledaemon "wasi backend" "/root/wasi-minimal/target/release/wasi"; -# picarones = simpledaemon "picarones backend" "/root/picarones-server/target/release/picarones -b 127.0.0.1:6000"; - }; - - services.nginx = { - virtualHosts = - let websocketproxy = addr: { - locations."/".proxyPass = addr; - forceSSL = true; - enableACME = true; - locations."/".proxyWebsockets = true; - }; - in { - "wasi.stuebinm.eu" = websocketproxy "http://127.0.0.1:9000"; - "choclo.stuebinm.eu" = websocketproxy "http://127.0.0.1:5000"; -# "picarones.stuebinm.eu" = websocketproxy "http://127.0.0.1:6000"; - }; - }; - - -} diff --git a/hosts/flora/services/dockerhub.nix b/hosts/flora/services/dockerhub.nix deleted file mode 100644 index c9b84b3..0000000 --- a/hosts/flora/services/dockerhub.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - services.dockerRegistry = { - enable = true; - port = 6000; - enableRedisCache = false; - extraConfig = { - storage.maintenance.readonly.enabled = true; - }; - }; - - services.nginx.virtualHosts."registry.stuebinm.eu" = { - locations."/" = { - proxyPass = "http://localhost:6000"; - proxyWebsockets = true; - }; - enableACME = true; - forceSSL = true; - }; - - services.nginx.clientMaxBodySize = "0"; -} diff --git a/hosts/flora/services/hedgedoc.nix b/hosts/flora/services/hedgedoc.nix deleted file mode 100644 index 038f99f..0000000 --- a/hosts/flora/services/hedgedoc.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ config, lib, pkgs, ... }: -let - hedgedoc-patched = pkgs.hedgedoc.overrideAttrs (old: { - src = pkgs.fetchgit { - url = "https://stuebinm.eu/git/hedgedoc"; - rev = "b0f98a43381486995b99ed79e0eabb3af149dbf3"; - sha256 = "1199k5q8wampkw2ri4wgwzqgh1ff0l4kdxx9h8ywqy2f7faf922c"; - }; - }); -in -{ - # Container containing CodiMD and its database - # has its own internal network; needs a reverse-proxy to be reachable from the outside - # TODO: persistent memory for pads - containers.codimd = { - autoStart = true; - privateNetwork = true; - hostAddress6 = "fd00::42:10"; - localAddress6 = "fd00::42:11"; - - config = {config, pkgs, ... }: { - # open CodiMD port - networking.firewall.allowedTCPPorts = [ config.services.hedgedoc.configuration.port ]; - - # database (postgres 11), with default database reachable for CodiMD; no imperative config needed! - services.postgresql = { - enable = true; - package = pkgs.postgresql_11; - ensureDatabases = [ "codimd" ]; - ensureUsers = [ { - name = "hedgedoc"; - ensurePermissions = { "DATABASE codimd" = "ALL PRIVILEGES";}; - } ]; - # ugly workaround to allow CodiMD to login without password — this service has lots of options, - # but apparently not for authentification, which even needs to be forced … - authentication = pkgs.lib.mkForce '' - # Generated file; do not edit! - local all all trust - host codimd hedgedoc ::1/18 trust - host codimd codimd ::1/128 trust - ''; - }; - # CodiMD itself - services.hedgedoc = { - enable = true; - workDir = "/var/codimd/"; - configuration = { - dbURL = "postgres:///codimd"; - port = 3000; - domain = "nix.stuebinm.eu"; - urlAddPort = false; - protocolUseSSL = true; - allowPDFExport = true; - host = "::"; - allowEmailRegister = false; - allowFreeURL = true; - uploadsPath = "/var/codimd/uploads"; - #email = false; - }; - }; - - systemd.services.hedgedoc.serviceConfig.ExecStart = pkgs.lib.mkForce "${hedgedoc-patched}/bin/hedgedoc"; - }; - }; - - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - services.nginx.virtualHosts."nix.stuebinm.eu" = { - locations."/" = { - proxyPass = "http://[" + config.containers.codimd.localAddress6 + "]:3000"; - proxyWebsockets = true; - }; - forceSSL = true; - enableACME = true; - }; -} diff --git a/hosts/flora/services/nginx.nix b/hosts/flora/services/nginx.nix deleted file mode 100644 index bbcacb7..0000000 --- a/hosts/flora/services/nginx.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - services.nginx = { - enable = true; - - recommendedOptimisation = true; - recommendedTlsSettings = true; - recommendedProxySettings = true; - - appendHttpConfig = '' - add_header Permissions-Policy "interest-cohort=()"; - ''; - }; -} diff --git a/hosts/flora/services/picarones.nix b/hosts/flora/services/picarones.nix deleted file mode 100644 index c2e3c7b..0000000 --- a/hosts/flora/services/picarones.nix +++ /dev/null @@ -1,26 +0,0 @@ -{config, pkgs, ...}: -let - source = builtins.fetchGit { - url = "https://stuebinm.eu/git/picarones/"; - rev = "0596b9f6c561daa67945adb81570efd30650dffd"; - }; -in -{ - - imports = [ source.outPath ]; - - services.picarones = { - enable = true; - frontend = { - enable = true; - domain = "picarones.stuebinm.eu"; - proxyBackend = true; - config = { - enableACME = true; - forceSSL = true; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; -} diff --git a/hosts/flora/services/pleroma.nix b/hosts/flora/services/pleroma.nix deleted file mode 100644 index e0f60ed..0000000 --- a/hosts/flora/services/pleroma.nix +++ /dev/null @@ -1,178 +0,0 @@ -{config, pkgs, inputs, ...}: - - -let - domain = "pleroma.stuebinm.eu"; -in -{ - - containers.pleroma = { - autoStart = true; - privateNetwork = true; - - hostAddress = "192.168.42.30"; - localAddress = "192.168.42.31"; - hostAddress6 = "fd00::42:30"; - localAddress6 = "fd00::42:31"; - - - config = {pkgs, config, ...}: { - - # generating the manual will fail when mixing nixos channels, - # so disable it here or this won't build at all. - documentation.enable = false; - - # pleroma has a cli tool for configuration - environment.systemPackages = [ pkgs.dnsutils ]; - - services.pleroma = { - enable = true; - - - # package = (import inputs.nixpkgs-unstable {}).pleroma; - - # this is barely necessary at this point — all that's - # set in here is the default_signer for joken, and the - # secret_key_base and signing_salt for phoenix. - secretConfigFile = "/var/lib/pleroma/secrets.exs"; - - # for a list of available config options, see - # https://docs-develop.pleroma.social/backend/configuration/cheatsheet/ - # - # Additionally, some parts of pleroma's config (e.g. Pleroma.Repo) - # are better documented in their respective libraries (in this - # case, see the documentation for Ecto on Adapters). - configs = [ '' - import Config - - config :pleroma, Pleroma.Web.Endpoint, - url: [host: "${domain}", scheme: "https", port: 443], - http: [ip: {0, 0, 0, 0, 0, 0, 0, 0}, port: 4000] - - config :pleroma, :instance, - name: "Pleroma", - limit: 5000, - registrations_open: false, - federating: true, - healthcheck: true, - allow_relay: true - - config :pleroma, :media_proxy, - enabled: false, - redirect_on_failure: true - - config :pleroma, Pleroma.Upload, - filters: [ - Pleroma.Upload.Filter.Exiftool, - Pleroma.Upload.Filter.AnonymizeFilename, - Pleroma.Upload.Filter.Dedupe - ] - - config :pleroma, Pleroma.Uploaders.Local, - uploads: "/var/lib/pleroma/uploads" - - config :pleroma, Pleroma.Repo, - adapter: Ecto.Adapters.Postgres, - username: "pleroma", - database: "pleroma", - socket_dir: "/run/postgresql", - pool_size: 10, - prepare: :named, - parameters: [ - plan_cache_mode: "force_custom_plan" - ] - - - - config :pleroma, :database, rum_enabled: false - config :pleroma, configurable_from_database: false - - config :pleroma, :instance, static_dir: "/var/lib/pleroma/static" - - '' ]; - }; - - # otherwise, the exiftool will fail to run - systemd.services.pleroma.path = [ pkgs.exiftool ]; - - services.postgresql = { - enable = true; - package = pkgs.postgresql_12; - - ensureDatabases = [ "pleroma" ]; - ensureUsers = [ { - name = "pleroma"; - ensurePermissions."DATABASE pleroma" = "ALL PRIVILEGES"; - } ]; - - # give pleroma access. must be done with lib.mkForce, for some reason - authentication = pkgs.lib.mkForce '' - # Generated file; do not edit! - local all all trust - host pleroma pleroma ::1/128 trust - ''; - - # pleroma wants to do some initial config on startup, which it - # can't do by itself since those needs superuser access - # - # unfortunatly, this is executed /before/ the database is created, - # i.e. we have to create user and database by hand, even though - # they would otherwise created by ensureUsers / ensureDatabse. - # Using those does still prevent us from accidentally deleting - # them, though (but not from deleting the database's content!) - initialScript = pkgs.writeScript "postgres-pleroma-initial" '' - CREATE USER pleroma; - CREATE DATABASE pleroma OWNER pleroma; - \c pleroma; - --Extensions made by ecto.migrate that need superuser access - CREATE EXTENSION IF NOT EXISTS citext; - CREATE EXTENSION IF NOT EXISTS pg_trgm; - CREATE EXTENSION IF NOT EXISTS "uuid-ossp"; - ''; - }; - - networking.firewall.allowedTCPPorts = [ 4000 10022 ]; - }; - }; - - # give the container access to the external internet (necessary for - # fetching content from other instances). Doesn't appear to work with - # IPv6, though ... - networking.nat = { - enable = true; - internalInterfaces = [ "ve-pleroma" ]; - externalInterface = "ens3"; - - }; - networking.firewall.allowedTCPPorts = [ 10022 ]; - - services.nginx.virtualHosts."${domain}" = { - forceSSL = true; - enableACME = true; - - locations."/" = { - proxyPass = "http://[${config.containers.pleroma.localAddress6}]:4000"; - proxyWebsockets = true; - # these headers are in the example config in the NixOS manual. - # take some time to figure out what they all do, and if these - # are necessary - extraConfig = '' - add_header 'Access-Control-Allow-Origin' '*' always; - add_header 'Access-Control-Allow-Methods' 'POST, PUT, DELETE, GET, PATCH, OPTIONS' always; - add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Idempotency-Key' always; - add_header 'Access-Control-Expose-Headers' 'Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id' always; - if ($request_method = OPTIONS) { - return 204; - } - add_header X-XSS-Protection "1; mode=block"; - add_header X-Permitted-Cross-Domain-Policies none; - add_header X-Frame-Options DENY; - add_header X-Content-Type-Options nosniff; - add_header Referrer-Policy same-origin; - add_header X-Download-Options noopen; - client_max_body_size 16m; - ''; - }; - }; -} - diff --git a/hosts/flora/services/surveys.nix b/hosts/flora/services/surveys.nix deleted file mode 100644 index befa673..0000000 --- a/hosts/flora/services/surveys.nix +++ /dev/null @@ -1,23 +0,0 @@ -{pkgs, config, ...}: - -let survey = pkgs.fetchgit { - url = "https://stuebinm.eu/git/slightly-better-surveys"; - rev = "c255269db0c739400b62d4c4041e3238b1045d22"; - sha256 = "007q6s5xc3kn3dy1zj7hc94wyn495qam2x1020br3crwgpxy3hmp"; - }; -in -{ - services.nginx.virtualHosts."survey.stuebinm.eu" = { - locations."/".root = survey.outPath + "/site"; - locations."/upload".proxyPass = "http://localhost:8080"; - - enableACME = true; - forceSSL = true; - }; - - services.nginx.appendHttpConfig = '' - types { - application/wasm wasm; - } - ''; -} |