commit 75d120146e11592ed3d9d99f8d6a5a133a81f874
parent 67a65a4179ee3a0bcfaa50f77c630d1586c96f02
Author: Leah (ctucx) <git@ctu.cx>
Date: Sun, 19 Mar 2023 19:30:54 +0100
parent 67a65a4179ee3a0bcfaa50f77c630d1586c96f02
Author: Leah (ctucx) <git@ctu.cx>
Date: Sun, 19 Mar 2023 19:30:54 +0100
machines/lollo/websites: deprecate oeffisear.ch and oeffi.ctu.cx
6 files changed, 138 insertions(+), 122 deletions(-)
D
|
69
---------------------------------------------------------------------
M
|
108
+++++++++++++++++++++++++++++++++++++++++--------------------------------------
A
|
61
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/machines/lollo/websites/default.nix b/machines/lollo/websites/default.nix @@ -13,7 +13,6 @@ ./wifionic.de.nix ./oeffisear.ch.nix - ./oeffi.ctu.cx.nix ]; }
diff --git a/machines/lollo/websites/oeffi.ctu.cx.nix b/machines/lollo/websites/oeffi.ctu.cx.nix @@ -1,69 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - - dns.zones."ctu.cx".subdomains.oeffi.CNAME = lib.mkIf config.networking.usePBBUplink [ "${config.networking.fqdn}." ]; - - users.groups.oeffisearch = {}; - users.users.oeffisearch = { - isSystemUser = true; - home = "/var/lib/oeffisearch"; - group = "oeffisearch"; - }; - - systemd.services.oeffi-web = { - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - onFailure = [ "email-notify@%i.service" ]; - - serviceConfig = { - User = "oeffisearch"; - Group = "oeffisearch"; - - WorkingDirectory = "${pkgs.oeffi-web}/share/oeffi-web"; - ReadWritePaths = [ "/var/lib/oeffisearch" ]; - - PrivateTmp = true; - ProtectHome = true; - ProtectSystem = "strict"; - ProtectKernelTunables = true; - ProtectHostname = true; - ProtectClock = true; - ProtectControlGroups = true; - RestrictAddressFamilies = "AF_INET AF_INET6"; - - NoNewPrivileges = true; - PrivateDevices = true; - RestrictSUIDSGID = true; - ProtectKernelModules = true; - MemoryDenyWriteExecute = true; - RestrictNamespaces = true; - RestrictRealtime = true; - LockPersonality = true; - - ExecStart = "${pkgs.oeffi-web}/bin/oeffi"; - - Restart = "on-failure"; - RestartSec = "5"; - }; - - environment = { - PORT = "8082"; - CACHE_PATH = "/var/lib/oeffisearch"; - }; - }; - - services.nginx = { - enable = true; - virtualHosts."oeffi.ctu.cx" = { - enableACME = lib.mkIf config.networking.usePBBUplink true; - forceSSL = lib.mkIf config.networking.usePBBUplink true; - kTLS = lib.mkIf config.networking.usePBBUplink true; - locations = { - "/".proxyPass = "http://127.0.0.1:8082"; - "/assets/".alias = "${pkgs.oeffi-web}/share/oeffi-web/assets/"; - }; - }; - }; - -}
diff --git a/machines/lollo/websites/oeffisear.ch.nix b/machines/lollo/websites/oeffisear.ch.nix @@ -11,56 +11,56 @@ group = "oeffisearch"; }; - age.secrets.restic-oeffisearch.file = ../../../secrets/lollo/restic/oeffisearch.age; - - restic-backups.oeffisearch = { - user = "oeffisearch"; - passwordFile = config.age.secrets.restic-oeffisearch.path; - paths = [ "/var/lib/oeffisearch" ]; - }; - - systemd.services.oeffisearch = { - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - onFailure = [ "email-notify@%i.service" ]; - - serviceConfig = { - User = "oeffisearch"; - Group = "oeffisearch"; - - WorkingDirectory = "/var/lib/oeffisearch"; - ReadWritePaths = [ "/var/lib/oeffisearch" ]; - - PrivateTmp = true; - ProtectHome = true; - ProtectSystem = "strict"; - ProtectKernelTunables = true; - ProtectHostname = true; - ProtectClock = true; - ProtectControlGroups = true; - RestrictAddressFamilies = "AF_INET AF_INET6"; - - NoNewPrivileges = true; - PrivateDevices = true; - RestrictSUIDSGID = true; - ProtectKernelModules = true; - MemoryDenyWriteExecute = true; - RestrictNamespaces = true; - RestrictRealtime = true; - LockPersonality = true; - - ExecStart = "${pkgs.oeffisearch}/bin/oeffisearch"; - - Restart = "on-failure"; - RestartSec = "5"; - }; - - environment = { - PORT = "8081"; - CACHE_PATH = "/var/lib/oeffisearch"; - }; - }; + # age.secrets.restic-oeffisearch.file = ../../../secrets/lollo/restic/oeffisearch.age; +# + # restic-backups.oeffisearch = { + # user = "oeffisearch"; + # passwordFile = config.age.secrets.restic-oeffisearch.path; + # paths = [ "/var/lib/oeffisearch" ]; + # }; + # systemd.services.oeffisearch = { + # wantedBy = [ "multi-user.target" ]; + # after = [ "network.target" ]; + # onFailure = [ "email-notify@%i.service" ]; +# + # serviceConfig = { + # User = "oeffisearch"; + # Group = "oeffisearch"; +# + # WorkingDirectory = "/var/lib/oeffisearch"; + # ReadWritePaths = [ "/var/lib/oeffisearch" ]; +# + # PrivateTmp = true; + # ProtectHome = true; + # ProtectSystem = "strict"; + # ProtectKernelTunables = true; + # ProtectHostname = true; + # ProtectClock = true; + # ProtectControlGroups = true; + # RestrictAddressFamilies = "AF_INET AF_INET6"; +# + # NoNewPrivileges = true; + # PrivateDevices = true; + # RestrictSUIDSGID = true; + # ProtectKernelModules = true; + # MemoryDenyWriteExecute = true; + # RestrictNamespaces = true; + # RestrictRealtime = true; + # LockPersonality = true; +# + # ExecStart = "${pkgs.oeffisearch}/bin/oeffisearch"; +# + # Restart = "on-failure"; + # RestartSec = "5"; + # }; +# + # environment = { + # PORT = "8081"; + # CACHE_PATH = "/var/lib/oeffisearch"; + # }; + # }; +# services.nginx = { enable = true; virtualHosts."oeffisear.ch" = { @@ -68,12 +68,16 @@ forceSSL = lib.mkIf config.networking.usePBBUplink true; kTLS = lib.mkIf config.networking.usePBBUplink true; locations = { - "@api".proxyPass = "http://127.0.0.1:8081"; "/" = { - root = "${pkgs.oeffisearch}/share/oeffisearch"; + root = ./oeffisearch; index = "index.html"; - tryFiles = "$uri $uri/ @api"; }; + # "@api".proxyPass = "http://127.0.0.1:8081"; + # "/" = { + # root = "${pkgs.oeffisearch}/share/oeffisearch"; + # index = "index.html"; + # tryFiles = "$uri $uri/ @api"; + # }; }; }; };
diff --git a/machines/lollo/websites/oeffisearch/favicon-64x64.png b/machines/lollo/websites/oeffisearch/favicon-64x64.png Binary files differ.
diff --git a/machines/lollo/websites/oeffisearch/index.html b/machines/lollo/websites/oeffisearch/index.html @@ -0,0 +1,60 @@ +<!DOCTYPE html> +<html lang="de"> + <head> + <title>Öffisearch</title> + <meta charset="UTF-8"> + + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + <meta name="theme-color" content="#ffffff"> + <meta name="description" content="Plan your public transport journeys"> + + <link rel="icon" type="image/png" sizes="64x64" href="/favicon-64x64.png"> + <link rel="manifest" href="manifest.json"> + <style> +body { + background-color: #2a2a2a; + min-height: 100vh; + overflow-x: hidden; + overflow-y: visible; +} + +#overlay { + position: fixed; + top: 0; + left: 0; + height: 100vh; + width: 100vw; + overflow: hidden; + display: flex; + flex-direction: column; +} + +#overlay>* { + margin: auto; +} + +#logo { + background-color: #7171e5; + border-radius: 15%; + width: 50vmin; + height: 50vmin; +} + +#logo>svg { + width: 75%; + height: 75%; + margin: 12.5%; + fill: white; +} + </style> + </head> + <body> + <div id="content"></div> + <div id="overlay"> + <div id="logo"> + <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><path d="M12 2c-4 0-8 .5-8 4v9.5C4 17.43 5.57 19 7.5 19L6 20.5v.5h2.23l2-2H14l2 2h2v-.5L16.5 19c1.93 0 3.5-1.57 3.5-3.5V6c0-3.5-3.58-4-8-4zM7.5 17c-.83 0-1.5-.67-1.5-1.5S6.67 14 7.5 14s1.5.67 1.5 1.5S8.33 17 7.5 17zm3.5-7H6V6h5v4zm2 0V6h5v4h-5zm3.5 7c-.83 0-1.5-.67-1.5-1.5s.67-1.5 1.5-1.5 1.5.67 1.5 1.5-.67 1.5-1.5 1.5z"/><path fill="none" d="M0 0h24v24H0V0z"/></svg> + </div> + <h1 style="color:white;">Öffisearch is currently unavailable.</h1> + </div> + </body> +</html>+ \ No newline at end of file
diff --git a/machines/lollo/websites/oeffisearch/manifest.json b/machines/lollo/websites/oeffisearch/manifest.json @@ -0,0 +1,21 @@ +{ + "name": "Öffisearch", + "short_name": "Öffisearch", + "start_url": ".", + "icons": [ + { + "src": "/favicon-64x64.png", + "sizes": "64x64", + "type": "image/png" + }, + { + "src": "/favicon-512x512.png", + "sizes": "512x512", + "type": "image/png" + } + ], + "theme_color": "#ffffff", + "background_color": "#ffffff", + "display": "standalone" +} +