From 022c17185b8b90515cb2c9b1ae039a9ab190db91 Mon Sep 17 00:00:00 2001 From: stuebinm Date: Sat, 17 Apr 2021 16:09:28 +0200 Subject: cgit: chaski -> flora; general cleanup --- hosts/chaski/configuration.nix | 2 - hosts/chaski/services/cgit.nix | 94 ----------------------------- hosts/chaski/services/coturn.nix | 54 ----------------- hosts/flora/configuration.nix | 8 +-- hosts/flora/services/cgit.nix | 94 +++++++++++++++++++++++++++++ hosts/flora/services/surveys.nix | 23 ++++++++ hosts/flora/services/workadventure.nix | 104 --------------------------------- 7 files changed, 121 insertions(+), 258 deletions(-) delete mode 100644 hosts/chaski/services/cgit.nix delete mode 100644 hosts/chaski/services/coturn.nix create mode 100644 hosts/flora/services/cgit.nix create mode 100644 hosts/flora/services/surveys.nix delete mode 100644 hosts/flora/services/workadventure.nix (limited to 'hosts') diff --git a/hosts/chaski/configuration.nix b/hosts/chaski/configuration.nix index 671bc13..cb6fc13 100644 --- a/hosts/chaski/configuration.nix +++ b/hosts/chaski/configuration.nix @@ -8,8 +8,6 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix - ./services/coturn.nix - ./services/cgit.nix ./services/grafana.nix ]; diff --git a/hosts/chaski/services/cgit.nix b/hosts/chaski/services/cgit.nix deleted file mode 100644 index 094bfd5..0000000 --- a/hosts/chaski/services/cgit.nix +++ /dev/null @@ -1,94 +0,0 @@ -{pkgs, config, ...}: - -{ - containers.cgit = { - autoStart = true; - privateNetwork = true; - hostAddress6 = "fd00::42:12"; - localAddress6 = "fd00::42:13"; - - bindMounts."/git" = { - hostPath = "/var/git/public"; - isReadOnly = true; - }; - - config = {pkgs, config, ...}: { - services.lighttpd.enable = true; - services.lighttpd.extraConfig = ''server.use-ipv6 = "enable"''; - services.lighttpd.cgit = { - enable = true; - subdir = "git"; - configText = '' - source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py - about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh - cache-size=1000 - logo=/git/cgit.png - favicon=/git/favicon.ico - - # take css from an assumed repo `config` - css=/git/config/plain/cgit.css - - # remove .git extensions from repo names - remove-suffix=1 - - # readme formats which may be parsed - readme=:README.md - readme=:README - readme=:README.txt - readme=:README.org - - # allow cloning repos - enable-http-clone=1 - - enable-follow-links=1 - enable-html-serving=1 - enable-index-owner=0 - - mimetype.css=text/css - mimetype.jpg=image/jpeg - mimetype.jpeg=image/jpeg - mimetype.pdf=application/pdf - mimetype.png=image/png - mimetype.svg=image/svg+xml - - # some nice formatting - root-title=An Assortment of Stuff - root-desc=hand-squished into git repos - enable-commit-graph=1 - enable-log-linecount=1 - enable-log-filecount=1 - branch-sort=age - # suppress email addresses in html logs - noplainemail=1 - - # maximum file size for plain blobs in kilobyte - max-blob-size=100 - - cache-scanrc-ttl=1 - - scan-path=/git - ''; - }; - - networking.firewall.allowedTCPPorts = [ 80 ]; - }; - }; - - services.nginx.recommendedProxySettings = true; - services.nginx.virtualHosts."stuebinm.eu" = { - locations."/git/".proxyPass = "http://[${config.containers.cgit.localAddress6}]"; - enableACME = true; - forceSSL = true; - }; - - # user for git repo administration - users.users.git = { - openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys; - home = "/var/git"; - isNormalUser = true; - packages = [ pkgs.git ]; - }; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - -} diff --git a/hosts/chaski/services/coturn.nix b/hosts/chaski/services/coturn.nix deleted file mode 100644 index 54ec6d6..0000000 --- a/hosts/chaski/services/coturn.nix +++ /dev/null @@ -1,54 +0,0 @@ -{pkgs, config, ...}: - -{ - services.coturn = { - enable = true; - realm = "chaski.stuebinm.eu"; - no-cli = true; - lt-cred-mech = true; - extraConfig = '' - verbose - fingerprint - external-ip=95.217.159.23 - user=chaski:chaski - server-name=chaski.stuebinm.eu - #mobility - #listening-ip=95.217.159.23 - prometheus - ''; - - cert = config.security.acme.certs."chaski.stuebinm.eu".directory + "full.pem"; - pkey = config.security.acme.certs."chaski.stuebinm.eu".directory + "key.pem"; - }; - - security.acme = { - email = "stuebinm@disroot.org"; - acceptTerms = true; - }; - - # just here to serve acme challanges - services.nginx = { - enable = true; - user = "turnserver"; - virtualHosts."chaski.stuebinm.eu" = { - root = "/var/www"; - enableACME = true; - }; - }; - - networking.firewall = with config.services.coturn; { - allowedTCPPorts = [ - 80 # for acme challanges - listening-port tls-listening-port - (listening-port +1) (tls-listening-port +1) - ]; - allowedUDPPorts = [ - listening-port - tls-listening-port - (listening-port +1) (tls-listening-port +1) - ]; - allowedUDPPortRanges = [ - { from = min-port; to = max-port; } - ]; - }; -} diff --git a/hosts/flora/configuration.nix b/hosts/flora/configuration.nix index adf3ba8..d45175e 100644 --- a/hosts/flora/configuration.nix +++ b/hosts/flora/configuration.nix @@ -4,12 +4,12 @@ imports = [ ./hardware-configuration.nix ./services/hedgedoc.nix - ./services/daemoniones.nix + #./services/daemoniones.nix ./services/nginx.nix - ./services/workadventure.nix - #./../../../nginx/vod.nix ./services/pleroma.nix - ./services/picarones.nix + ./services/cgit.nix + ./services/surveys.nix + #./services/picarones.nix ]; # Use the GRUB 2 boot loader. diff --git a/hosts/flora/services/cgit.nix b/hosts/flora/services/cgit.nix new file mode 100644 index 0000000..094bfd5 --- /dev/null +++ b/hosts/flora/services/cgit.nix @@ -0,0 +1,94 @@ +{pkgs, config, ...}: + +{ + containers.cgit = { + autoStart = true; + privateNetwork = true; + hostAddress6 = "fd00::42:12"; + localAddress6 = "fd00::42:13"; + + bindMounts."/git" = { + hostPath = "/var/git/public"; + isReadOnly = true; + }; + + config = {pkgs, config, ...}: { + services.lighttpd.enable = true; + services.lighttpd.extraConfig = ''server.use-ipv6 = "enable"''; + services.lighttpd.cgit = { + enable = true; + subdir = "git"; + configText = '' + source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py + about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh + cache-size=1000 + logo=/git/cgit.png + favicon=/git/favicon.ico + + # take css from an assumed repo `config` + css=/git/config/plain/cgit.css + + # remove .git extensions from repo names + remove-suffix=1 + + # readme formats which may be parsed + readme=:README.md + readme=:README + readme=:README.txt + readme=:README.org + + # allow cloning repos + enable-http-clone=1 + + enable-follow-links=1 + enable-html-serving=1 + enable-index-owner=0 + + mimetype.css=text/css + mimetype.jpg=image/jpeg + mimetype.jpeg=image/jpeg + mimetype.pdf=application/pdf + mimetype.png=image/png + mimetype.svg=image/svg+xml + + # some nice formatting + root-title=An Assortment of Stuff + root-desc=hand-squished into git repos + enable-commit-graph=1 + enable-log-linecount=1 + enable-log-filecount=1 + branch-sort=age + # suppress email addresses in html logs + noplainemail=1 + + # maximum file size for plain blobs in kilobyte + max-blob-size=100 + + cache-scanrc-ttl=1 + + scan-path=/git + ''; + }; + + networking.firewall.allowedTCPPorts = [ 80 ]; + }; + }; + + services.nginx.recommendedProxySettings = true; + services.nginx.virtualHosts."stuebinm.eu" = { + locations."/git/".proxyPass = "http://[${config.containers.cgit.localAddress6}]"; + enableACME = true; + forceSSL = true; + }; + + # user for git repo administration + users.users.git = { + openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys; + home = "/var/git"; + isNormalUser = true; + packages = [ pkgs.git ]; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + +} diff --git a/hosts/flora/services/surveys.nix b/hosts/flora/services/surveys.nix new file mode 100644 index 0000000..befa673 --- /dev/null +++ b/hosts/flora/services/surveys.nix @@ -0,0 +1,23 @@ +{pkgs, config, ...}: + +let survey = pkgs.fetchgit { + url = "https://stuebinm.eu/git/slightly-better-surveys"; + rev = "c255269db0c739400b62d4c4041e3238b1045d22"; + sha256 = "007q6s5xc3kn3dy1zj7hc94wyn495qam2x1020br3crwgpxy3hmp"; + }; +in +{ + services.nginx.virtualHosts."survey.stuebinm.eu" = { + locations."/".root = survey.outPath + "/site"; + locations."/upload".proxyPass = "http://localhost:8080"; + + enableACME = true; + forceSSL = true; + }; + + services.nginx.appendHttpConfig = '' + types { + application/wasm wasm; + } + ''; +} diff --git a/hosts/flora/services/workadventure.nix b/hosts/flora/services/workadventure.nix deleted file mode 100644 index f38f5da..0000000 --- a/hosts/flora/services/workadventure.nix +++ /dev/null @@ -1,104 +0,0 @@ -{pkgs, config, ...}: - - -let - haccpkgssrc = pkgs.fetchgit { - url = "https://gitlab.infra4future.de/stuebinm/workadventure-nix-hacc"; - rev = "a4ffb828aadf5ffd54a269f8a9ec9553c016069b"; - sha256 = "12qfisfwr170b94j12rhy2q3smrwc7a3nh6xzbxlphnr3vadplvz"; - }; - haccpkgs = import "${haccpkgssrc}"; - fediventure = pkgs.fetchgit { - url = "https://gitlab.infra4future.de/stuebinm/fediventure-simple"; - rev = "f32d3c5efd39df558f80b862c60b2866c567d999"; - sha256 = "0kdb29hzh6s7rsz8s9z40hsmj09rrww1lcyfdi7wpng9ixi1jfvx"; - }; -in - -{ - - containers.wa-test = { - autoStart = true; - privateNetwork = true; - hostAddress6 = "fd00::42:20"; - localAddress6 = "fd00::42:21"; - - config = {config, pkgs, ...}: { - imports = [ "${fediventure}/workadventure.nix" ]; - networking.firewall.allowedTCPPorts = [ 80 443 5000 7890 ]; - - services.workadventure.instances."space.stuebinm.eu" = { - nginx.default = true; - nginx.domain = "space.stuebinm.eu"; - maps.path = haccpkgs.workadventure-hacc-rc3-map.outPath + "/"; - frontend.settings.startRoomUrl = "space.stuebinm.eu/maps/main.json"; - frontend.settings = { - stunServer = "stun:chaski.stuebinm.eu:3478"; - turnServer = "turn:95.217.159.23"; - turnUser = "chaski"; - turnPassword = "chaski"; - jitsiUrl = "meet.ffmuc.net"; - }; - }; - - services.prometheus = { - enable = true; - port = 9001; - scrapeConfigs = [ { - job_name = "workadventure-back"; - static_configs = [ { - targets = [ "localhost:8080" ]; - } ]; - } ]; - }; - - services.grafana = { - enable = true; - port = 5000; - addr = "[::]"; - rootUrl = "https://space.stuebinm.eu/metrics/"; - auth.anonymous.enable = true; - provision = { - enable = true; - datasources = [ { - name = "workadventure"; - type = "prometheus"; - url = "http://localhost:9001"; - } ]; - }; - }; - - systemd.services.goaccess = { - enable = true; - description = "Uses goaccess to publish a neat acces log on /var/www/index.html"; - requires = [ "nginx.service" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig.Type = "simple"; - path = [ pkgs.goaccess ]; - environment = {"HOME" = "/tmp";}; # necessary as goaccess will crash otherwise — is fixed upstream, but not yet in nixos - script = '' - mkdir -p /var/www-goaccess/ - goaccess /var/log/nginx/access.log -o /var/www-goaccess/index.html --log-format=COMBINED --html - ''; - }; - - services.nginx.virtualHosts."space.stuebinm.eu" = { - locations."/stats/".alias = "/var/www-goaccess/"; - }; - }; - }; - - services.nginx.virtualHosts."space.stuebinm.eu" = { - extraConfig = '' - proxy_read_timeout 300s; - proxy_connect_timeout 75s; - ''; - locations."/metrics/".proxyPass = "http://[${config.containers.wa-test.localAddress6}]:5000/"; - locations."/metrics/".proxyWebsockets = true; - locations."/".proxyPass = "http://[${config.containers.wa-test.localAddress6}]:80"; - locations."/".proxyWebsockets = true; - enableACME = true; - forceSSL = true; - }; -} - -- cgit v1.2.3