cgit: chaski -> flora; general cleanup

author: stuebinm 2021-04-17 16:09:28 +0200
committer: stuebinm 2021-04-17 16:09:28 +0200
commit: 022c17185b8b90515cb2c9b1ae039a9ab190db91 (patch)
tree: d31d7078f59613615ec2c49b3e243c39d36e4eed /hosts
parent: e1359d9565f4fed555a9aeffae2a83458564f046 (diff)
6 files changed, 27 insertions, 164 deletions
diff --git a/hosts/chaski/configuration.nix b/hosts/chaski/configuration.nix
index 671bc13..cb6fc13 100644
--- a/hosts/chaski/configuration.nix
+++ b/hosts/chaski/configuration.nix
@@ -8,8 +8,6 @@
   imports =
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
-      ./services/coturn.nix
-      ./services/cgit.nix
       ./services/grafana.nix
     ];
 
diff --git a/hosts/chaski/services/coturn.nix b/hosts/chaski/services/coturn.nix
deleted file mode 100644
index 54ec6d6..0000000
--- a/hosts/chaski/services/coturn.nix
+++ /dev/null
@@ -1,54 +0,0 @@
-{pkgs, config, ...}:
-
-{
-  services.coturn = {
-    enable = true;
-    realm = "chaski.stuebinm.eu";
-    no-cli = true;
-    lt-cred-mech = true;
-    extraConfig = ''
-      verbose
-      fingerprint
-      external-ip=95.217.159.23
-      user=chaski:chaski
-      server-name=chaski.stuebinm.eu
-      #mobility
-      #listening-ip=95.217.159.23
-      prometheus
-    '';
-
-    cert = config.security.acme.certs."chaski.stuebinm.eu".directory + "full.pem";
-    pkey = config.security.acme.certs."chaski.stuebinm.eu".directory + "key.pem";
-  };
-
-  security.acme = {
-    email = "stuebinm@disroot.org";
-    acceptTerms = true;
-  };
-
-  # just here to serve acme challanges
-  services.nginx = {
-    enable = true;
-    user = "turnserver";
-    virtualHosts."chaski.stuebinm.eu" = {
-      root = "/var/www";
-      enableACME = true;
-    };
-  };
-
-  networking.firewall = with config.services.coturn; {
-    allowedTCPPorts = [
-        80 # for acme challanges
-        listening-port tls-listening-port
-        (listening-port +1) (tls-listening-port +1)
-    ];
-    allowedUDPPorts = [
-      listening-port
-      tls-listening-port
-      (listening-port +1) (tls-listening-port +1)
-    ];
-    allowedUDPPortRanges = [
-      { from = min-port; to = max-port; }
-    ];
-  };
-}
diff --git a/hosts/flora/configuration.nix b/hosts/flora/configuration.nix
index adf3ba8..d45175e 100644
--- a/hosts/flora/configuration.nix
+++ b/hosts/flora/configuration.nix
@@ -4,12 +4,12 @@
   imports = [
     ./hardware-configuration.nix
     ./services/hedgedoc.nix
-    ./services/daemoniones.nix
+    #./services/daemoniones.nix
     ./services/nginx.nix
-    ./services/workadventure.nix
-    #./../../../nginx/vod.nix
     ./services/pleroma.nix
-    ./services/picarones.nix
+    ./services/cgit.nix
+    ./services/surveys.nix
+    #./services/picarones.nix
   ];
   
   # Use the GRUB 2 boot loader.
diff --git a/hosts/chaski/services/cgit.nix b/hosts/flora/services/cgit.nix
index 094bfd5..094bfd5 100644
--- a/hosts/chaski/services/cgit.nix
+++ b/hosts/flora/services/cgit.nix
diff --git a/hosts/flora/services/surveys.nix b/hosts/flora/services/surveys.nix
new file mode 100644
index 0000000..befa673
--- /dev/null
+++ b/hosts/flora/services/surveys.nix
@@ -0,0 +1,23 @@
+{pkgs, config, ...}:
+
+let survey = pkgs.fetchgit {
+      url = "https://stuebinm.eu/git/slightly-better-surveys";
+      rev = "c255269db0c739400b62d4c4041e3238b1045d22";
+      sha256 = "007q6s5xc3kn3dy1zj7hc94wyn495qam2x1020br3crwgpxy3hmp";
+    };
+in
+{
+  services.nginx.virtualHosts."survey.stuebinm.eu" = {
+    locations."/".root = survey.outPath + "/site";
+    locations."/upload".proxyPass = "http://localhost:8080";
+
+    enableACME = true;
+    forceSSL = true;
+  };
+
+  services.nginx.appendHttpConfig = ''
+    types {
+        application/wasm wasm;
+    }
+  '';
+}
diff --git a/hosts/flora/services/workadventure.nix b/hosts/flora/services/workadventure.nix
deleted file mode 100644
index f38f5da..0000000
--- a/hosts/flora/services/workadventure.nix
+++ /dev/null
@@ -1,104 +0,0 @@
-{pkgs, config, ...}:
-
-
-let
-  haccpkgssrc = pkgs.fetchgit {
-    url = "https://gitlab.infra4future.de/stuebinm/workadventure-nix-hacc";
-    rev = "a4ffb828aadf5ffd54a269f8a9ec9553c016069b";
-    sha256 = "12qfisfwr170b94j12rhy2q3smrwc7a3nh6xzbxlphnr3vadplvz";
-  };
-  haccpkgs = import "${haccpkgssrc}";
-  fediventure = pkgs.fetchgit {
-    url = "https://gitlab.infra4future.de/stuebinm/fediventure-simple";
-    rev = "f32d3c5efd39df558f80b862c60b2866c567d999";
-    sha256 = "0kdb29hzh6s7rsz8s9z40hsmj09rrww1lcyfdi7wpng9ixi1jfvx";
-  };
-in
-
-{
-
-  containers.wa-test = {
-    autoStart = true;
-    privateNetwork = true;
-    hostAddress6 = "fd00::42:20";
-    localAddress6 = "fd00::42:21";
-    
-    config = {config, pkgs, ...}: {
-      imports = [ "${fediventure}/workadventure.nix"  ];
-      networking.firewall.allowedTCPPorts = [ 80 443 5000 7890 ];
-
-      services.workadventure.instances."space.stuebinm.eu" = {
-        nginx.default = true;
-        nginx.domain = "space.stuebinm.eu";
-        maps.path = haccpkgs.workadventure-hacc-rc3-map.outPath + "/";
-        frontend.settings.startRoomUrl = "space.stuebinm.eu/maps/main.json";
-        frontend.settings = {
-          stunServer = "stun:chaski.stuebinm.eu:3478";
-          turnServer = "turn:95.217.159.23";
-          turnUser = "chaski";
-          turnPassword = "chaski";
-          jitsiUrl = "meet.ffmuc.net";
-        };
-      };
-      
-      services.prometheus = {
-        enable = true;
-        port = 9001;
-        scrapeConfigs = [ {
-          job_name = "workadventure-back";
-          static_configs = [ {
-            targets = [ "localhost:8080" ];
-          } ];
-        } ];
-      };
-      
-      services.grafana = {
-        enable = true;
-        port = 5000;
-        addr = "[::]";
-        rootUrl = "https://space.stuebinm.eu/metrics/";
-        auth.anonymous.enable = true;
-        provision = {
-          enable = true;
-          datasources = [ {
-            name = "workadventure";
-            type = "prometheus";
-            url = "http://localhost:9001";
-          } ];
-        };
-      };
-
-      systemd.services.goaccess = {
-        enable = true;
-        description = "Uses goaccess to publish a neat acces log on /var/www/index.html";
-        requires = [ "nginx.service" ];
-        wantedBy = [ "multi-user.target" ];
-        serviceConfig.Type = "simple";
-        path = [ pkgs.goaccess ];
-        environment = {"HOME" = "/tmp";}; # necessary as goaccess will crash otherwise — is fixed upstream, but not yet in nixos
-        script = ''
-            mkdir -p /var/www-goaccess/
-            goaccess /var/log/nginx/access.log -o /var/www-goaccess/index.html --log-format=COMBINED --html
-        '';
-      };
-
-      services.nginx.virtualHosts."space.stuebinm.eu" = {
-        locations."/stats/".alias = "/var/www-goaccess/";
-      };
-    };
-  };
-  
-  services.nginx.virtualHosts."space.stuebinm.eu" = {
-     extraConfig = ''
-       proxy_read_timeout 300s;
-       proxy_connect_timeout 75s;
-     '';
-     locations."/metrics/".proxyPass = "http://[${config.containers.wa-test.localAddress6}]:5000/";
-     locations."/metrics/".proxyWebsockets = true;
-     locations."/".proxyPass = "http://[${config.containers.wa-test.localAddress6}]:80";
-     locations."/".proxyWebsockets = true;
-     enableACME = true;
-     forceSSL = true;
-  };
-}
-
author	stuebinm	2021-04-17 16:09:28 +0200
committer	stuebinm	2021-04-17 16:09:28 +0200
commit	022c17185b8b90515cb2c9b1ae039a9ab190db91 (patch)
tree	d31d7078f59613615ec2c49b3e243c39d36e4eed /hosts
parent	e1359d9565f4fed555a9aeffae2a83458564f046 (diff)