diff options
Diffstat (limited to 'host/software/server')
-rw-r--r-- | host/software/server/build.nix | 16 | ||||
-rw-r--r-- | host/software/server/git.nix | 8 | ||||
-rw-r--r-- | host/software/server/mail.nix | 8 | ||||
-rw-r--r-- | host/software/server/website.nix | 27 | ||||
-rw-r--r-- | host/software/server/wireguard.nix | 22 |
5 files changed, 60 insertions, 21 deletions
diff --git a/host/software/server/build.nix b/host/software/server/build.nix new file mode 100644 index 0000000..44c4562 --- /dev/null +++ b/host/software/server/build.nix @@ -0,0 +1,16 @@ +{ + nix.buildMachines = [ { + hostName = "majestix"; + sshUser = "common"; + system = "x86_64-linux"; + maxJobs = 16; + speedFactor = 2; + } ]; + + nix = { + distributedBuilds = true; + extraOptions = '' + builders-use-substitutes = true + ''; + }; +} diff --git a/host/software/server/git.nix b/host/software/server/git.nix index 209a318..2781911 100644 --- a/host/software/server/git.nix +++ b/host/software/server/git.nix @@ -3,8 +3,8 @@ { services.uwsgi = { enable = true; - user = "nginx"; - group = "nginx"; + user = "public"; + group = "users"; plugins = [ "cgi" ]; instance = { @@ -33,7 +33,7 @@ ''; }; - users.extraUsers.nginx.extraGroups = [ "git" ]; + users.extraUsers.public.extraGroups = [ "git" ]; services.nginx.virtualHosts."code.kummerlaender.eu" = { addSSL = true; @@ -64,7 +64,7 @@ }; script = '' mkdir /run/cgit - chown -R nginx:nginx /run/cgit + chown -R public:users /run/cgit ''; }; diff --git a/host/software/server/mail.nix b/host/software/server/mail.nix index f7e498d..37c007b 100644 --- a/host/software/server/mail.nix +++ b/host/software/server/mail.nix @@ -1,8 +1,12 @@ { config, pkgs, ... }: { - imports = [ - (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz") + imports = let + release = "nixos-21.05"; + in [ + (builtins.fetchTarball { + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz"; + }) ]; mailserver = { diff --git a/host/software/server/website.nix b/host/software/server/website.nix index 9b2493e..8248a0b 100644 --- a/host/software/server/website.nix +++ b/host/software/server/website.nix @@ -7,6 +7,10 @@ shell = pkgs.fish; }; + services.nginx.user = "public"; + + systemd.services.nginx.serviceConfig.ProtectHome = false; + # `public` generates websites using their custom derivations via `nix-build` services.nginx.virtualHosts = let @@ -25,11 +29,11 @@ ''; }; - proxy = target: { - proxyPass = target; + proxy = server: target: { + proxyPass = server; extraConfig = '' expires off; - proxy_set_header Host code.kummerlaender.eu; + return ${target}; ''; }; in { @@ -43,11 +47,18 @@ ''; }; - "pkgs.kummerlaender.eu" = default { - "/".root = "/home/public/pkgs/result"; - "/nixexprs.tar.gz" = proxy "http://code.kummerlaender.eu/pkgs/snapshot/master.tar.gz"; - "/nixexprs.tar.xz" = proxy "http://code.kummerlaender.eu/pkgs/snapshot/master.tar.xz"; - "/nixexprs.tar.bz2" = proxy "http://code.kummerlaender.eu/pkgs/snapshot/master.tar.bz2"; + "literatelb.org" = let + sub = "literatelb"; + in default { + "/".root = "/home/public/${sub}/result"; + "/".extraConfig = '' + location ~* \.(?:html?|xml)$ { + expires -1; + } + location /tangle/ { + autoindex on; + } + ''; }; }; } diff --git a/host/software/server/wireguard.nix b/host/software/server/wireguard.nix index cc4f2fa..8ebd9f5 100644 --- a/host/software/server/wireguard.nix +++ b/host/software/server/wireguard.nix @@ -14,18 +14,26 @@ privateKeyFile = "/etc/wireguard/private"; peers = [ - { # obelix - publicKey = "RrsNZKZ17Ol1WHxZesLnenGKnqxiQlE0T8xFP6/5mBE="; - allowedIPs = [ "10.100.0.2" ]; - } - { # majestix - publicKey = "Tkoaewh9HB5rIuJVrFgClRF4x7prOtIlSJjiTYCpxis="; + { # atlas + publicKey = "uuu0Ajabq6fkSdkw7SWLAt0cSYiXX0KWyj5amqVjqQw="; allowedIPs = [ "10.100.0.3" ]; } { # athena - publicKey = "t4SzRV/olVdzAKauJOwFau3I0fTISUvbOAaKGZd6ezU="; + publicKey = "eweByJZDVxq23kJjGV5e1utRdPKo4erEnwwe13bFrkE="; allowedIPs = [ "10.100.0.4" ]; } + { # mobiltelefon + publicKey = "jUtbAF3TZDEFXlL+YTV3g26wP0IWGbpiCFGXjxo5TXE="; + allowedIPs = [ "10.100.0.6" ]; + } + { # hephaestus + publicKey = "0nd/5vZaerTCUpS6uXsulCTzI3ZsUT2N2pnh7zTo8wg="; + allowedIPs = [ "10.100.0.7" ]; + } + { # idefix + publicKey = "4Q1Glnceec8FOtkq8UnaYtlwsR1VIvs6lTalavNQp0A="; + allowedIPs = [ "10.100.0.8" ]; + } ]; }; }; |