summaryrefslogtreecommitdiff
path: root/host/software/server
diff options
context:
space:
mode:
Diffstat (limited to 'host/software/server')
-rw-r--r--host/software/server/build.nix16
-rw-r--r--host/software/server/git.nix8
-rw-r--r--host/software/server/mail.nix8
-rw-r--r--host/software/server/website.nix27
-rw-r--r--host/software/server/wireguard.nix22
5 files changed, 60 insertions, 21 deletions
diff --git a/host/software/server/build.nix b/host/software/server/build.nix
new file mode 100644
index 0000000..44c4562
--- /dev/null
+++ b/host/software/server/build.nix
@@ -0,0 +1,16 @@
+{
+ nix.buildMachines = [ {
+ hostName = "majestix";
+ sshUser = "common";
+ system = "x86_64-linux";
+ maxJobs = 16;
+ speedFactor = 2;
+ } ];
+
+ nix = {
+ distributedBuilds = true;
+ extraOptions = ''
+ builders-use-substitutes = true
+ '';
+ };
+}
diff --git a/host/software/server/git.nix b/host/software/server/git.nix
index 209a318..2781911 100644
--- a/host/software/server/git.nix
+++ b/host/software/server/git.nix
@@ -3,8 +3,8 @@
{
services.uwsgi = {
enable = true;
- user = "nginx";
- group = "nginx";
+ user = "public";
+ group = "users";
plugins = [ "cgi" ];
instance = {
@@ -33,7 +33,7 @@
'';
};
- users.extraUsers.nginx.extraGroups = [ "git" ];
+ users.extraUsers.public.extraGroups = [ "git" ];
services.nginx.virtualHosts."code.kummerlaender.eu" = {
addSSL = true;
@@ -64,7 +64,7 @@
};
script = ''
mkdir /run/cgit
- chown -R nginx:nginx /run/cgit
+ chown -R public:users /run/cgit
'';
};
diff --git a/host/software/server/mail.nix b/host/software/server/mail.nix
index f7e498d..37c007b 100644
--- a/host/software/server/mail.nix
+++ b/host/software/server/mail.nix
@@ -1,8 +1,12 @@
{ config, pkgs, ... }:
{
- imports = [
- (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz")
+ imports = let
+ release = "nixos-21.05";
+ in [
+ (builtins.fetchTarball {
+ url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz";
+ })
];
mailserver = {
diff --git a/host/software/server/website.nix b/host/software/server/website.nix
index 9b2493e..8248a0b 100644
--- a/host/software/server/website.nix
+++ b/host/software/server/website.nix
@@ -7,6 +7,10 @@
shell = pkgs.fish;
};
+ services.nginx.user = "public";
+
+ systemd.services.nginx.serviceConfig.ProtectHome = false;
+
# `public` generates websites using their custom derivations via `nix-build`
services.nginx.virtualHosts = let
@@ -25,11 +29,11 @@
'';
};
- proxy = target: {
- proxyPass = target;
+ proxy = server: target: {
+ proxyPass = server;
extraConfig = ''
expires off;
- proxy_set_header Host code.kummerlaender.eu;
+ return ${target};
'';
};
in {
@@ -43,11 +47,18 @@
'';
};
- "pkgs.kummerlaender.eu" = default {
- "/".root = "/home/public/pkgs/result";
- "/nixexprs.tar.gz" = proxy "http://code.kummerlaender.eu/pkgs/snapshot/master.tar.gz";
- "/nixexprs.tar.xz" = proxy "http://code.kummerlaender.eu/pkgs/snapshot/master.tar.xz";
- "/nixexprs.tar.bz2" = proxy "http://code.kummerlaender.eu/pkgs/snapshot/master.tar.bz2";
+ "literatelb.org" = let
+ sub = "literatelb";
+ in default {
+ "/".root = "/home/public/${sub}/result";
+ "/".extraConfig = ''
+ location ~* \.(?:html?|xml)$ {
+ expires -1;
+ }
+ location /tangle/ {
+ autoindex on;
+ }
+ '';
};
};
}
diff --git a/host/software/server/wireguard.nix b/host/software/server/wireguard.nix
index cc4f2fa..8ebd9f5 100644
--- a/host/software/server/wireguard.nix
+++ b/host/software/server/wireguard.nix
@@ -14,18 +14,26 @@
privateKeyFile = "/etc/wireguard/private";
peers = [
- { # obelix
- publicKey = "RrsNZKZ17Ol1WHxZesLnenGKnqxiQlE0T8xFP6/5mBE=";
- allowedIPs = [ "10.100.0.2" ];
- }
- { # majestix
- publicKey = "Tkoaewh9HB5rIuJVrFgClRF4x7prOtIlSJjiTYCpxis=";
+ { # atlas
+ publicKey = "uuu0Ajabq6fkSdkw7SWLAt0cSYiXX0KWyj5amqVjqQw=";
allowedIPs = [ "10.100.0.3" ];
}
{ # athena
- publicKey = "t4SzRV/olVdzAKauJOwFau3I0fTISUvbOAaKGZd6ezU=";
+ publicKey = "eweByJZDVxq23kJjGV5e1utRdPKo4erEnwwe13bFrkE=";
allowedIPs = [ "10.100.0.4" ];
}
+ { # mobiltelefon
+ publicKey = "jUtbAF3TZDEFXlL+YTV3g26wP0IWGbpiCFGXjxo5TXE=";
+ allowedIPs = [ "10.100.0.6" ];
+ }
+ { # hephaestus
+ publicKey = "0nd/5vZaerTCUpS6uXsulCTzI3ZsUT2N2pnh7zTo8wg=";
+ allowedIPs = [ "10.100.0.7" ];
+ }
+ { # idefix
+ publicKey = "4Q1Glnceec8FOtkq8UnaYtlwsR1VIvs6lTalavNQp0A=";
+ allowedIPs = [ "10.100.0.8" ];
+ }
];
};
};