summaryrefslogtreecommitdiff
path: root/hosts/chaski/services
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/chaski/services')
-rw-r--r--hosts/chaski/services/cgit.nix94
-rw-r--r--hosts/chaski/services/coturn.nix54
2 files changed, 0 insertions, 148 deletions
diff --git a/hosts/chaski/services/cgit.nix b/hosts/chaski/services/cgit.nix
deleted file mode 100644
index 094bfd5..0000000
--- a/hosts/chaski/services/cgit.nix
+++ /dev/null
@@ -1,94 +0,0 @@
-{pkgs, config, ...}:
-
-{
- containers.cgit = {
- autoStart = true;
- privateNetwork = true;
- hostAddress6 = "fd00::42:12";
- localAddress6 = "fd00::42:13";
-
- bindMounts."/git" = {
- hostPath = "/var/git/public";
- isReadOnly = true;
- };
-
- config = {pkgs, config, ...}: {
- services.lighttpd.enable = true;
- services.lighttpd.extraConfig = ''server.use-ipv6 = "enable"'';
- services.lighttpd.cgit = {
- enable = true;
- subdir = "git";
- configText = ''
- source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
- about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
- cache-size=1000
- logo=/git/cgit.png
- favicon=/git/favicon.ico
-
- # take css from an assumed repo `config`
- css=/git/config/plain/cgit.css
-
- # remove .git extensions from repo names
- remove-suffix=1
-
- # readme formats which may be parsed
- readme=:README.md
- readme=:README
- readme=:README.txt
- readme=:README.org
-
- # allow cloning repos
- enable-http-clone=1
-
- enable-follow-links=1
- enable-html-serving=1
- enable-index-owner=0
-
- mimetype.css=text/css
- mimetype.jpg=image/jpeg
- mimetype.jpeg=image/jpeg
- mimetype.pdf=application/pdf
- mimetype.png=image/png
- mimetype.svg=image/svg+xml
-
- # some nice formatting
- root-title=An Assortment of Stuff
- root-desc=hand-squished into git repos
- enable-commit-graph=1
- enable-log-linecount=1
- enable-log-filecount=1
- branch-sort=age
- # suppress email addresses in html logs
- noplainemail=1
-
- # maximum file size for plain blobs in kilobyte
- max-blob-size=100
-
- cache-scanrc-ttl=1
-
- scan-path=/git
- '';
- };
-
- networking.firewall.allowedTCPPorts = [ 80 ];
- };
- };
-
- services.nginx.recommendedProxySettings = true;
- services.nginx.virtualHosts."stuebinm.eu" = {
- locations."/git/".proxyPass = "http://[${config.containers.cgit.localAddress6}]";
- enableACME = true;
- forceSSL = true;
- };
-
- # user for git repo administration
- users.users.git = {
- openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
- home = "/var/git";
- isNormalUser = true;
- packages = [ pkgs.git ];
- };
-
- networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-}
diff --git a/hosts/chaski/services/coturn.nix b/hosts/chaski/services/coturn.nix
deleted file mode 100644
index 54ec6d6..0000000
--- a/hosts/chaski/services/coturn.nix
+++ /dev/null
@@ -1,54 +0,0 @@
-{pkgs, config, ...}:
-
-{
- services.coturn = {
- enable = true;
- realm = "chaski.stuebinm.eu";
- no-cli = true;
- lt-cred-mech = true;
- extraConfig = ''
- verbose
- fingerprint
- external-ip=95.217.159.23
- user=chaski:chaski
- server-name=chaski.stuebinm.eu
- #mobility
- #listening-ip=95.217.159.23
- prometheus
- '';
-
- cert = config.security.acme.certs."chaski.stuebinm.eu".directory + "full.pem";
- pkey = config.security.acme.certs."chaski.stuebinm.eu".directory + "key.pem";
- };
-
- security.acme = {
- email = "stuebinm@disroot.org";
- acceptTerms = true;
- };
-
- # just here to serve acme challanges
- services.nginx = {
- enable = true;
- user = "turnserver";
- virtualHosts."chaski.stuebinm.eu" = {
- root = "/var/www";
- enableACME = true;
- };
- };
-
- networking.firewall = with config.services.coturn; {
- allowedTCPPorts = [
- 80 # for acme challanges
- listening-port tls-listening-port
- (listening-port +1) (tls-listening-port +1)
- ];
- allowedUDPPorts = [
- listening-port
- tls-listening-port
- (listening-port +1) (tls-listening-port +1)
- ];
- allowedUDPPortRanges = [
- { from = min-port; to = max-port; }
- ];
- };
-}