diff options
Diffstat (limited to 'hosts/chaski/services')
-rw-r--r-- | hosts/chaski/services/cgit.nix | 94 | ||||
-rw-r--r-- | hosts/chaski/services/coturn.nix | 54 |
2 files changed, 0 insertions, 148 deletions
diff --git a/hosts/chaski/services/cgit.nix b/hosts/chaski/services/cgit.nix deleted file mode 100644 index 094bfd5..0000000 --- a/hosts/chaski/services/cgit.nix +++ /dev/null @@ -1,94 +0,0 @@ -{pkgs, config, ...}: - -{ - containers.cgit = { - autoStart = true; - privateNetwork = true; - hostAddress6 = "fd00::42:12"; - localAddress6 = "fd00::42:13"; - - bindMounts."/git" = { - hostPath = "/var/git/public"; - isReadOnly = true; - }; - - config = {pkgs, config, ...}: { - services.lighttpd.enable = true; - services.lighttpd.extraConfig = ''server.use-ipv6 = "enable"''; - services.lighttpd.cgit = { - enable = true; - subdir = "git"; - configText = '' - source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py - about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh - cache-size=1000 - logo=/git/cgit.png - favicon=/git/favicon.ico - - # take css from an assumed repo `config` - css=/git/config/plain/cgit.css - - # remove .git extensions from repo names - remove-suffix=1 - - # readme formats which may be parsed - readme=:README.md - readme=:README - readme=:README.txt - readme=:README.org - - # allow cloning repos - enable-http-clone=1 - - enable-follow-links=1 - enable-html-serving=1 - enable-index-owner=0 - - mimetype.css=text/css - mimetype.jpg=image/jpeg - mimetype.jpeg=image/jpeg - mimetype.pdf=application/pdf - mimetype.png=image/png - mimetype.svg=image/svg+xml - - # some nice formatting - root-title=An Assortment of Stuff - root-desc=hand-squished into git repos - enable-commit-graph=1 - enable-log-linecount=1 - enable-log-filecount=1 - branch-sort=age - # suppress email addresses in html logs - noplainemail=1 - - # maximum file size for plain blobs in kilobyte - max-blob-size=100 - - cache-scanrc-ttl=1 - - scan-path=/git - ''; - }; - - networking.firewall.allowedTCPPorts = [ 80 ]; - }; - }; - - services.nginx.recommendedProxySettings = true; - services.nginx.virtualHosts."stuebinm.eu" = { - locations."/git/".proxyPass = "http://[${config.containers.cgit.localAddress6}]"; - enableACME = true; - forceSSL = true; - }; - - # user for git repo administration - users.users.git = { - openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys; - home = "/var/git"; - isNormalUser = true; - packages = [ pkgs.git ]; - }; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - -} diff --git a/hosts/chaski/services/coturn.nix b/hosts/chaski/services/coturn.nix deleted file mode 100644 index 54ec6d6..0000000 --- a/hosts/chaski/services/coturn.nix +++ /dev/null @@ -1,54 +0,0 @@ -{pkgs, config, ...}: - -{ - services.coturn = { - enable = true; - realm = "chaski.stuebinm.eu"; - no-cli = true; - lt-cred-mech = true; - extraConfig = '' - verbose - fingerprint - external-ip=95.217.159.23 - user=chaski:chaski - server-name=chaski.stuebinm.eu - #mobility - #listening-ip=95.217.159.23 - prometheus - ''; - - cert = config.security.acme.certs."chaski.stuebinm.eu".directory + "full.pem"; - pkey = config.security.acme.certs."chaski.stuebinm.eu".directory + "key.pem"; - }; - - security.acme = { - email = "stuebinm@disroot.org"; - acceptTerms = true; - }; - - # just here to serve acme challanges - services.nginx = { - enable = true; - user = "turnserver"; - virtualHosts."chaski.stuebinm.eu" = { - root = "/var/www"; - enableACME = true; - }; - }; - - networking.firewall = with config.services.coturn; { - allowedTCPPorts = [ - 80 # for acme challanges - listening-port tls-listening-port - (listening-port +1) (tls-listening-port +1) - ]; - allowedUDPPorts = [ - listening-port - tls-listening-port - (listening-port +1) (tls-listening-port +1) - ]; - allowedUDPPortRanges = [ - { from = min-port; to = max-port; } - ]; - }; -} |