ctucx.git: nixfiles

ctucx' nixfiles

commit 28824c440418f985d28b4dfe7cebecb52bdd75cd
parent 7fbab4e4cc78ec7cd3122ff9fa9b81a74b2c698b
Author: Leah (ctucx) <git@ctu.cx>
Date: Sun, 3 Dec 2023 17:58:33 +0100

machines/briefkasten/websites/flauschehorn.sexy: move to machine `trabbi`

4 files changed, 76 insertions(+), 76 deletions(-)
M
machines/briefkasten/websites/default.nix
|
1
-
D
machines/briefkasten/websites/flauschehorn.sexy.nix
|
75
---------------------------------------------------------------------------
M
machines/trabbi/websites/default.nix
|
1
+
A
machines/trabbi/websites/flauschehorn.sexy.nix
|
75
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/machines/briefkasten/websites/default.nix b/machines/briefkasten/websites/default.nix
@@ -8,7 +8,6 @@
 #    ./storage.home.ctu.cx
 
     ./photos.ctu.cx.nix
-    ./flauschehorn.sexy.nix
     ./wifionic.de.nix
   ];
 

diff --git a/machines/briefkasten/websites/flauschehorn.sexy.nix b/machines/briefkasten/websites/flauschehorn.sexy.nix
@@ -1,75 +0,0 @@
-{ pkgs, config, lib, ...}:
-
-{
-
-  dns.zones."flauschehorn.sexy" = lib.mkIf config.networking.usePBBUplink (pkgs.dns.lib.combinators.host config.networking.primaryIP4 config.networking.primaryIP);
-
-  users = {
-    users."flauschehorn" = {
-      home = "/var/lib/flauschehorn";
-      group = "flauschehorn";
-      isSystemUser = true;
-    };
-    groups."flauschehorn" = {};
-  };
-
-  systemd = {
-    services.flauschehorn-fetcher = {
-      startAt     = "*-*-* 3:00:00";
-      after       = [ "network-online.target" ];
-      environment = {
-        DB_PATH = "hornpostings.db";
-      };
-      serviceConfig = {
-        Type = "oneshot";
-
-        ExecStart = "${pkgs.flauschehorn-sexy}/bin/mastofetch";
-
-        User  = "flauschehorn";
-        Group = "flauschehorn";
-
-        WorkingDirectory        = "~";
-        StateDirectory          = "flauschehorn";
-        StateDirectoryMode      = "755";
-
-        NoNewPrivileges         = true;
-        PrivateTmp              = true;
-        PrivateDevices          = true;
-
-        RestrictAddressFamilies = "AF_INET AF_INET6";
-        RestrictNamespaces      = true;
-        RestrictRealtime        = true;
-
-        ProtectSystem           = "full";
-        ProtectControlGroups    = true;
-        ProtectKernelModules    = true;
-        ProtectKernelTunables   = true;
-
-        DevicePolicy            = "closed";
-        LockPersonality         = true;
-      };
-    };
-  };
-
-  services = {
-    fcgiwrap.enable = true;
-    nginx = {
-      enable = true;
-      virtualHosts."flauschehorn.sexy" = {
-        enableACME = lib.mkIf config.networking.usePBBUplink true;
-        forceSSL   = lib.mkIf config.networking.usePBBUplink true;
-        kTLS       = lib.mkIf config.networking.usePBBUplink true;
-        locations  = {
-          "/".extraConfig = ''
-            include "${pkgs.nginx}/conf/fastcgi_params";
-            fastcgi_param SCRIPT_FILENAME "${pkgs.flauschehorn-sexy}/bin/website";
-            fastcgi_param DB_PATH         "/var/lib/flauschehorn/hornpostings.db";
-            fastcgi_param QUERY_STRING    $args;
-            fastcgi_pass  unix:${config.services.fcgiwrap.socketAddress};
-          '';
-        };
-      };
-    };
-  };
-
-}

diff --git a/machines/trabbi/websites/default.nix b/machines/trabbi/websites/default.nix
@@ -3,6 +3,7 @@
 {
 
   imports = [
+    ./flauschehorn.sexy.nix
     ./ctu.cx.nix
     ./bikemap.ctu.cx.nix
     ./things.ctu.cx.nix

diff --git a/machines/trabbi/websites/flauschehorn.sexy.nix b/machines/trabbi/websites/flauschehorn.sexy.nix
@@ -0,0 +1,75 @@
+{ pkgs, config, lib, ...}:
+
+{
+
+  dns.zones."flauschehorn.sexy" = (pkgs.dns.lib.combinators.host config.networking.primaryIP4 config.networking.primaryIP);
+
+  users = {
+    users."flauschehorn" = {
+      home = "/var/lib/flauschehorn";
+      group = "flauschehorn";
+      isSystemUser = true;
+    };
+    groups."flauschehorn" = {};
+  };
+
+  systemd = {
+    services.flauschehorn-fetcher = {
+      startAt     = "*-*-* 3:00:00";
+      after       = [ "network-online.target" ];
+      environment = {
+        DB_PATH = "hornpostings.db";
+      };
+      serviceConfig = {
+        Type = "oneshot";
+
+        ExecStart = "${pkgs.flauschehorn-sexy}/bin/mastofetch";
+
+        User  = "flauschehorn";
+        Group = "flauschehorn";
+
+        WorkingDirectory        = "~";
+        StateDirectory          = "flauschehorn";
+        StateDirectoryMode      = "755";
+
+        NoNewPrivileges         = true;
+        PrivateTmp              = true;
+        PrivateDevices          = true;
+
+        RestrictAddressFamilies = "AF_INET AF_INET6";
+        RestrictNamespaces      = true;
+        RestrictRealtime        = true;
+
+        ProtectSystem           = "full";
+        ProtectControlGroups    = true;
+        ProtectKernelModules    = true;
+        ProtectKernelTunables   = true;
+
+        DevicePolicy            = "closed";
+        LockPersonality         = true;
+      };
+    };
+  };
+
+  services = {
+    fcgiwrap.enable = true;
+    nginx = {
+      enable = true;
+      virtualHosts."flauschehorn.sexy" = {
+        enableACME = true;
+        forceSSL   = true;
+        kTLS       = true;
+        locations  = {
+          "/".extraConfig = ''
+            include "${pkgs.nginx}/conf/fastcgi_params";
+            fastcgi_param SCRIPT_FILENAME "${pkgs.flauschehorn-sexy}/bin/website";
+            fastcgi_param DB_PATH         "/var/lib/flauschehorn/hornpostings.db";
+            fastcgi_param QUERY_STRING    $args;
+            fastcgi_pass  unix:${config.services.fcgiwrap.socketAddress};
+          '';
+        };
+      };
+    };
+  };
+
+}