diff options
Diffstat (limited to 'flora')
| -rw-r--r-- | flora/configuration.nix | 2 | ||||
| -rw-r--r-- | flora/services/akkoma.nix | 7 | ||||
| -rw-r--r-- | flora/services/blog.nix | 9 | ||||
| -rw-r--r-- | flora/services/cgit.nix | 11 | ||||
| -rw-r--r-- | flora/services/mail.nix | 2 | ||||
| -rw-r--r-- | flora/services/monit.nix | 16 | ||||
| -rw-r--r-- | flora/services/nginx.nix | 12 |
7 files changed, 36 insertions, 23 deletions
diff --git a/flora/configuration.nix b/flora/configuration.nix index 40cd3a5..11d5a31 100644 --- a/flora/configuration.nix +++ b/flora/configuration.nix @@ -11,7 +11,7 @@ ./services/trainspotter.nix ./services/element.nix ./services/ntfy.nix - ./services/murmur.nix + # ./services/murmur.nix ./services/monit.nix ]; diff --git a/flora/services/akkoma.nix b/flora/services/akkoma.nix index db00bbe..6864a29 100644 --- a/flora/services/akkoma.nix +++ b/flora/services/akkoma.nix @@ -45,7 +45,7 @@ in ref = "stable"; }; admin = { - package = pkgs.akkoma-frontends.admin-fe; + package = pkgs.akkoma-admin-fe; name = "admin-fe"; ref = "stable"; }; @@ -59,7 +59,8 @@ in config = { ":pleroma"."Pleroma.Web.Endpoint" = { "url" = { host = "pleroma.stuebinm.eu"; scheme = "https"; port = 443; }; - "http" = { ip = "::"; port = 4000; }; + # below uses IPv4; IPv6 breaks the elixir format generator … + "http" = { ip = "0.0.0.0"; port = 4000; }; secret_key_base._secret = "/sops/keyBase"; signing_salt._secret = "/sops/signingSalt"; }; @@ -221,7 +222,7 @@ in enableACME = true; locations."/" = { - proxyPass = "http://[${config.containers.pleroma.localAddress6}]:4000"; + proxyPass = "http://${config.containers.pleroma.localAddress}:4000"; proxyWebsockets = true; # these headers are in the example config in the NixOS manual. # take some time to figure out what they all do, and if these diff --git a/flora/services/blog.nix b/flora/services/blog.nix index e8335b1..e77cc7c 100644 --- a/flora/services/blog.nix +++ b/flora/services/blog.nix @@ -39,7 +39,14 @@ in services.nginx.virtualHosts."stuebinm.eu" = { enableACME = true; forceSSL = true; - locations."/".root = import inputs.blog { inherit pkgs; }; + locations."/".root = (import inputs.blog { inherit pkgs; }).overrideAttrs (old: { + buildInputs = old.buildInputs ++ [ pkgs.exiftool pkgs.libxml2 ]; + + doCheck = true; + checkPhase = '' + xmllint _site/rss.xml + ''; + }); locations."/bookshelf/".alias = "${gtfsBooks.outPath}/"; }; } diff --git a/flora/services/cgit.nix b/flora/services/cgit.nix index 1dae737..5ee8103 100644 --- a/flora/services/cgit.nix +++ b/flora/services/cgit.nix @@ -2,7 +2,13 @@ let cgitconf = '' - source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py + source-filter=${pkgs.writeScript ''highlighter'' '' + if [[ $1 == *.thy ]]; then + ${pkgs.isabelle-utils}/bin/isabelle2unicode | ${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py "$1" + else + ${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py "$1" + fi + ''} about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh cache-size=1000 logo=/git/cgit.png @@ -105,7 +111,8 @@ in # user for git repo administration users.users.git = { - openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys; + openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys + ++ [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIbHG2wmMiUyvqb9oUa2KunEgv4Iab3FGCER/i2f2gKL terru@work" ]; home = "/var/git"; isNormalUser = true; packages = [ pkgs.gitMinimal ]; diff --git a/flora/services/mail.nix b/flora/services/mail.nix index 523c32d..0ee8418 100644 --- a/flora/services/mail.nix +++ b/flora/services/mail.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, inputs, ... }: { - imports = [ inputs.simple-nixos-mailserver ]; + imports = [ inputs.nixos-mailserver ]; sops.secrets."mail/hashedPassword" = {}; diff --git a/flora/services/monit.nix b/flora/services/monit.nix index 19e7e88..cc5f3c4 100644 --- a/flora/services/monit.nix +++ b/flora/services/monit.nix @@ -30,23 +30,11 @@ if failed port 443 with protocol https then alert - check host hacc-uffd with address login.infra4future.de - if failed port 443 with protocol https - then alert - - check host hacc-onlyoffice with address onlyoffice.infra4future.de - if failed port 443 with protocol https and status 302 - then alert - - check host hacc-mattermost with address mattermost.infra4future.de - if failed port 443 with protocol https - then alert - - check host hacc-nextcloud with address cloud.infra4future.de + check host nobelium with address colorspace.club if failed port 443 with protocol https then alert - check host nobelium with address colorspace.club + check host billy with address preprint.books.exposed if failed port 443 with protocol https then alert ''; diff --git a/flora/services/nginx.nix b/flora/services/nginx.nix index 4a9bf33..c5aa45b 100644 --- a/flora/services/nginx.nix +++ b/flora/services/nginx.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, inputs, ... }: { networking.firewall.allowedTCPPorts = [ 80 443 ]; @@ -14,11 +14,17 @@ enableACME = true; forceSSL = true; locations."/".root = ../../pkgs/nomsing; + extraConfig = '' + include ${inputs."ai.robots.txt"}/nginx-block-ai-bots.conf; + ''; }; virtualHosts."meow.noms.ing" = { enableACME = true; forceSSL = true; locations."/".root = ../../pkgs/nomsing; + extraConfig = '' + include ${inputs."ai.robots.txt"}/nginx-block-ai-bots.conf; + ''; }; virtualHosts."webring.noms.ing" = { enableACME = true; @@ -29,7 +35,11 @@ fastcgi_param SCRIPT_FILENAME ${lib.getExe pkgs.nomsring}; fastcgi_param PATH_INFO $1; ''; + extraConfig = '' + include ${inputs."ai.robots.txt"}/nginx-block-ai-bots.conf; + ''; }; + }; services.fcgiwrap.instances.nomsing = { |