diff options
Diffstat (limited to '')
| -rw-r--r-- | hosts/by-name/server2/configuration.nix | 23 | ||||
| -rw-r--r-- | hosts/by-name/server2/secrets/backup/backuppass.age (renamed from hosts/by-name/server2/secrets/backuppass.age) | 0 | ||||
| -rw-r--r-- | hosts/by-name/server2/secrets/backup/backupssh.age (renamed from hosts/by-name/server2/secrets/backupssh.age) | 0 | ||||
| -rw-r--r-- | hosts/by-name/server3/configuration.nix | 20 | ||||
| -rw-r--r-- | hosts/by-name/server3/secrets/backup/backuppass.age (renamed from hosts/by-name/server3/secrets/backuppass.age) | 0 | ||||
| -rw-r--r-- | hosts/by-name/server3/secrets/backup/backupssh.age (renamed from hosts/by-name/server3/secrets/backupssh.age) | 0 | ||||
| -rw-r--r-- | hosts/by-name/server3/secrets/matrix/passwd.age (renamed from modules/by-name/ma/matrix/passwd.age) | 0 | ||||
| -rw-r--r-- | hosts/by-name/server3/websites.nix | 36 |
8 files changed, 69 insertions, 10 deletions
diff --git a/hosts/by-name/server2/configuration.nix b/hosts/by-name/server2/configuration.nix index de9fc4d..5fe635a 100644 --- a/hosts/by-name/server2/configuration.nix +++ b/hosts/by-name/server2/configuration.nix @@ -14,19 +14,27 @@ vhack = { back = { enable = true; - repositories = { - "${config.services.gitolite.dataDir}/repositories/vhack.eu/nixos-server.git" = { - domain = "issues.foss-syndicate.org"; - port = 9220; - }; + domain = "issues.foss-syndicate.org"; + settings = { + scan_path = "${config.services.gitolite.dataDir}/repositories"; + project_list = "${config.services.gitolite.dataDir}/projects.list"; }; }; backup = { enable = true; - privateSshKey = ./secrets/backupssh.age; - privatePassword = ./secrets/backuppass.age; + privateSshKey = ./secrets/backup/backupssh.age; + privatePassword = ./secrets/backup/backuppass.age; user = "u384702-sub3"; }; + dns = { + enable = true; + openFirewall = true; + interfaces = [ + "185.16.61.132" + "2a03:4000:a:106::1" + ]; + zones = import ../../../zones {}; + }; etesync = { enable = true; secretFile = ./secrets/etesync/secret_file.age; @@ -53,6 +61,7 @@ enable = true; redirects = { "source.foss-syndicate.org" = "https://git.foss-syndicate.org/vhack.eu/nixos-server"; + "source.vhack.eu" = "https://source.foss-syndicate.org"; }; }; nixconfig.enable = true; diff --git a/hosts/by-name/server2/secrets/backuppass.age b/hosts/by-name/server2/secrets/backup/backuppass.age index 5fd5568..5fd5568 100644 --- a/hosts/by-name/server2/secrets/backuppass.age +++ b/hosts/by-name/server2/secrets/backup/backuppass.age diff --git a/hosts/by-name/server2/secrets/backupssh.age b/hosts/by-name/server2/secrets/backup/backupssh.age index c2d3abb..c2d3abb 100644 --- a/hosts/by-name/server2/secrets/backupssh.age +++ b/hosts/by-name/server2/secrets/backup/backupssh.age diff --git a/hosts/by-name/server3/configuration.nix b/hosts/by-name/server3/configuration.nix index 2afc79f..9ad73ea 100644 --- a/hosts/by-name/server3/configuration.nix +++ b/hosts/by-name/server3/configuration.nix @@ -1,4 +1,4 @@ -{config, ...}: { +{...}: { imports = [ ./networking.nix # network configuration that just works ./hardware.nix @@ -7,11 +7,24 @@ vhack = { backup = { enable = true; - privateSshKey = ./secrets/backupssh.age; - privatePassword = ./secrets/backuppass.age; + privateSshKey = ./secrets/backup/backupssh.age; + privatePassword = ./secrets/backup/backuppass.age; user = "u384702-sub4"; }; + dns = { + enable = true; + openFirewall = true; + interfaces = [ + "92.60.38.179" + "2a03:4000:33:25b::4f4e" + ]; + zones = import ../../../zones {}; + }; fail2ban.enable = true; + nix-sync = { + enable = true; + domains = import ./websites.nix {}; + }; mastodon = { enable = true; domain = "mastodon.vhack.eu"; @@ -23,6 +36,7 @@ enable = true; fqdn = "matrix.vhack.eu"; url = "vhack.eu"; + sharedSecretFile = ./secrets/matrix/passwd.age; }; miniflux = { enable = true; diff --git a/hosts/by-name/server3/secrets/backuppass.age b/hosts/by-name/server3/secrets/backup/backuppass.age index e7eea19..e7eea19 100644 --- a/hosts/by-name/server3/secrets/backuppass.age +++ b/hosts/by-name/server3/secrets/backup/backuppass.age diff --git a/hosts/by-name/server3/secrets/backupssh.age b/hosts/by-name/server3/secrets/backup/backupssh.age index ae8c5ec..ae8c5ec 100644 --- a/hosts/by-name/server3/secrets/backupssh.age +++ b/hosts/by-name/server3/secrets/backup/backupssh.age diff --git a/modules/by-name/ma/matrix/passwd.age b/hosts/by-name/server3/secrets/matrix/passwd.age index 6386ed6..6386ed6 100644 --- a/modules/by-name/ma/matrix/passwd.age +++ b/hosts/by-name/server3/secrets/matrix/passwd.age diff --git a/hosts/by-name/server3/websites.nix b/hosts/by-name/server3/websites.nix new file mode 100644 index 0000000..466f1e9 --- /dev/null +++ b/hosts/by-name/server3/websites.nix @@ -0,0 +1,36 @@ +{...}: let + mkWkd = domain: { + domain = "openpgpkey.${domain}"; + repositoryUrl = "https://git.foss-syndicate.org/vhack.eu/pgp-wkd.git"; + extraSettings = { + locations."/.well-known/openpgpkey/".extraConfig = '' + default_type application/octet-stream; + + # Came from: https://www.uriports.com/blog/setting-up-openpgp-web-key-directory/ + # No idea if it is actually necessary + # add_header Access-Control-Allow-Origin * always; + ''; + }; + }; +in [ + { + domain = "vhack.eu"; + repositoryUrl = "https://codeberg.org/vhack.eu/website.git"; + } + { + domain = "b-peetz.de"; + repositoryUrl = "https://git.foss-syndicate.org/bpeetz/b-peetz.de.git"; + } + + # Trinitrix + { + domain = "trinitrix.vhack.eu"; + repositoryUrl = "https://codeberg.org/trinitrix/website.git"; + } + + # WKD + (mkWkd "b-peetz.de") + (mkWkd "s-schoeffel.de") + (mkWkd "sils.li") + (mkWkd "vhack.eu") +] |