ctucx.git: nixfiles

ctucx' nixfiles

commit 2c4af844916da74b9e0e9a82aa1c03f762a17cfa
parent e873a147c25cfe391da7c243a26d23c6869d7e92
Author: Leah (ctucx) <git@ctu.cx>
Date: Fri, 12 May 2023 16:24:58 +0200

cleanup

6 files changed, 6 insertions(+), 124 deletions(-)
M
configurations/linux/programs/sway.nix
|
4
++--
M
machines/trabbi/mail.nix
|
7
++-----
R
machines/trabbi/websites/bikemap.ctu.cx/default.nix -> machines/trabbi/websites/bikemap.ctu.cx.nix
|
0
D
machines/trabbi/websites/bikemap.ctu.cx/default-gpx2tiles.nix
|
115
-------------------------------------------------------------------------------
M
machines/trabbi/websites/default.nix
|
2
+-
M
modules/default.nix
|
2
+-
diff --git a/configurations/linux/programs/sway.nix b/configurations/linux/programs/sway.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 
 {
 #  environment.noXlibs = true;

@@ -116,7 +116,7 @@
         output = {
           "*" = {
             bg = "~/Pictures/photos.ctu.cx/Bahnbilder/2019.06/20190622-153441.jpg fill";
-            scale = "1";
+            scale = lib.mkDefault "1";
           };
         };
 

diff --git a/machines/trabbi/mail.nix b/machines/trabbi/mail.nix
@@ -14,7 +14,7 @@
     TXT   = [ "v=spf1 a mx ip4:${config.networking.primaryIP4} +ip6:${config.networking.primaryIP} ~all" ];
     DMARC = "v=DMARC1; p=none";
     MX    = with mx; [ (mx 10 "${config.networking.fqdn}.") ];
-   in {
+  in {
     "ctu.cx" = {
       inherit MX TXT;
 

@@ -116,12 +116,11 @@
         ];
       };
 
-
       "mail@zug.network" = {
         hashedPasswordFile = config.age.secrets.mail-password-zugnetwork.path;      	
         aliases = [
           "@zug.network"
-		];
+    	  ];
       };
     };
   };

@@ -134,6 +133,4 @@
     ];
   };
 
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-
 }

diff --git a/machines/trabbi/websites/bikemap.ctu.cx/default.nix b/machines/trabbi/websites/bikemap.ctu.cx.nix
diff --git a/machines/trabbi/websites/bikemap.ctu.cx/default-gpx2tiles.nix b/machines/trabbi/websites/bikemap.ctu.cx/default-gpx2tiles.nix
@@ -1,115 +0,0 @@
-{ pkgs, ... }:
-
-let
-  gpx2tiles = pkgs.stdenv.mkDerivation rec {
-    name = "gpx2tiles";
-
-    src = pkgs.fetchFromGitHub {
-      owner  = "raalkml";
-      repo   = "gpx2tiles";
-      rev    = "bfe287bfdf21869212b5d095bba6979caee4a308";
-      sha256 = "0x4cparlbxvjnwhwkdz157py1bmad2sap3wjjzaq988aymxnadym";
-    };
-
-    buildInputs = with pkgs; [
-      pkgconfig
-      libxml2
-      gd
-    ];
-
-    makeFlags = [ "PREFIX=${placeholder "out"}" ];
-  };
-
-  deployScript = pkgs.writeShellScript "deploy" ''
-    systemctl start deploy-bikemap
-    systemctl status deploy-bikemap
-  '';
-
-  deployHook = pkgs.writeShellScriptBin "post-receive" ''
-    [ -t 0 ] || cat >/dev/null
-    [ -z "$GL_REPO" ] && die GL_REPO not set
-
-    #deploy bikemap
-    [ "$GL_REPO" == "bikemap" ] && sudo ${deployScript}
-  '';
-
-in {
-
-  users = {
-    users."bikemap" = {
-      home = "/var/lib/bikemap";
-      group = "git";
-      isSystemUser = true;
-    };
-  };
-
-  security.sudo.extraRules = [{
-    users    = [ "git" ];
-    commands = [
-      { command = "${deployScript}"; options = [ "SETENV" "NOPASSWD" ]; }
-    ];
-  }];
-
-  systemd = {
-    services.deploy-bikemap = {
-      script = ''
-        tmpdir=$(mktemp -d);
-
-        ${pkgs.git}/bin/git clone /var/lib/gitolite/repositories/bikemap.git $tmpdir
-
-        mkdir $tmpdir/tiles;
-        ${gpx2tiles}/bin/gpx2tiles -j 2 -t 7:2+ -t 13:4+ -z 6 -Z 16 -c ff8800 -C $tmpdir/tiles $tmpdir/tracks/*.gpx;
-
-        rm -rf ~/*;
-
-        cp -r  $tmpdir/dist/* ~/.;
-        cp -r  $tmpdir/tiles ~/.;
-        echo "{\"lastUpdated\":\"$(date +"%Y-%m-%d %H:%M")\"}" > ~/lastUpdated.json;
-
-        rm -rf $tmpdir;
-      '';
-
-      serviceConfig = {
-        Type = "oneshot";
-
-        User  = "bikemap";
-        Group = "git";
-
-        WorkingDirectory        = "~";
-        StateDirectory          = "bikemap";
-        StateDirectoryMode      = "755";
-
-        NoNewPrivileges         = true;
-        PrivateTmp              = true;
-        PrivateDevices          = true;
-
-        RestrictAddressFamilies = "none";
-        RestrictNamespaces      = true;
-        RestrictRealtime        = true;
-
-        ProtectSystem           = "full";
-        ProtectControlGroups    = true;
-        ProtectKernelModules    = true;
-        ProtectKernelTunables   = true;
-
-        DevicePolicy            = "closed";
-        LockPersonality         = true;
-      };
-    };
-  };
-
-  services = {
-    gitolite.commonHooks = [ "${deployHook}/bin/post-receive" ];
-    nginx = {
-      enable = true;
-      virtualHosts."ctu.cx" = {
-        enableACME = true;
-        forceSSL   = true;
-        kTLS       = true;
-        locations  = {
-          "/bikemap/".alias = "/var/lib/bikemap/";
-        };
-      };
-    };
-  };
-}

diff --git a/machines/trabbi/websites/default.nix b/machines/trabbi/websites/default.nix
@@ -4,7 +4,7 @@
 
   imports = [
     ./ctu.cx.nix
-    ./bikemap.ctu.cx
+    ./bikemap.ctu.cx.nix
   ];
 
 }

diff --git a/modules/default.nix b/modules/default.nix
@@ -23,7 +23,7 @@
   ]);
 
   options = {
-    networking.usePBBUplink = lib.mkOption { type = lib.types.bool; };
+    networking.usePBBUplink  = lib.mkOption { type = lib.types.bool; };
     networking.primaryIP     = lib.mkOption { type = lib.types.str; };
     networking.primaryIP4    = lib.mkOption { type = lib.types.str; };
     networking.secondaryIP4  = lib.mkOption { type = lib.types.str; };