commit 7f6d6a6f0812731276822183fc90fc8c3aa14e94
parent f63e1642c7a54782fadf068f5bb97da50e2a29cc
Author: Katja (ctucx) <git@ctu.cx>
Date: Tue, 3 Dec 2024 12:11:11 +0100
parent f63e1642c7a54782fadf068f5bb97da50e2a29cc
Author: Katja (ctucx) <git@ctu.cx>
Date: Tue, 3 Dec 2024 12:11:11 +0100
machines/briefkasten/websites: move `photos.ctu.cx` to `hector`
4 files changed, 105 insertions(+), 106 deletions(-)
D
|
104
-------------------------------------------------------------------------------
A
|
104
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/machines/briefkasten/websites/default.nix b/machines/briefkasten/websites/default.nix @@ -6,8 +6,6 @@ ./music.home.ctu.cx.nix ./audiobooks.home.ctu.cx.nix # ./storage.home.ctu.cx - - ./photos.ctu.cx.nix ]; }
diff --git a/machines/briefkasten/websites/photos.ctu.cx.nix b/machines/briefkasten/websites/photos.ctu.cx.nix @@ -1,104 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - galleryConfig = { - globalSection = { - SourceDir = "/mnt/photos.ctu.cx"; - TargetDir = "/var/lib/ctucx-gallery"; - MogrifyCmd = "${pkgs.imagemagick}/bin/mogrify"; - }; - - sections = { - Thumbnails = { - SmallHeight = "200"; - SmallQuality = "90"; - }; - - Site = { - Author = "ctucx"; - Name = "ctucx.photos"; - Description = "photos that i made"; - Tags = "ctucx, ctucx bahnbilder"; - ShowOriginalsButton = "true"; - SymlinkOriginals = "true"; - EnableJS = "true"; - }; - }; - }; - - galleryConfigFile = pkgs.writeText "gallery.ini" (lib.generators.toINIWithGlobalSection {} galleryConfig); - -in { - - dns.zones."ctu.cx".subdomains.photos.CNAME = lib.mkIf config.networking.usePBBUplink [ "${config.networking.fqdn}." ]; - - fileSystems."/mnt/photos.ctu.cx" = { - device = "/nix/persist/home/katja/syncthing/Pictures/photos.ctu.cx"; - options = [ "bind" "ro" ]; - }; - - users = { - users."ctucx-gallery" = { - home = "/var/lib/ctucx-gallery"; - group = "ctucx-gallery"; - isSystemUser = true; - }; - groups."ctucx-gallery" = {}; - }; - - - systemd.services.ctucx-gallery = { - startAt = "*-*-* *:0/10:00"; - wantedBy = [ "multi-user.target" ]; - requires = [ "local-fs.target" ]; - path = [ pkgs.imagemagick ]; - - serviceConfig = { - Type = "oneshot"; -# DynamicUser = true; - - ExecStart = "${pkgs.ctucx-gallery}/bin/gallery ${galleryConfigFile}"; - - User = "ctucx-gallery"; - Group = "ctucx-gallery"; - - - StateDirectory = "ctucx-gallery"; - StateDirectoryMode = "755"; - - NoNewPrivileges = true; - PrivateTmp = true; - PrivateDevices = true; - - RestrictAddressFamilies = "AF_INET AF_INET6"; - RestrictNamespaces = true; - RestrictRealtime = true; - - ProtectSystem = "full"; - ProtectControlGroups = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - - DevicePolicy = "closed"; - LockPersonality = true; - }; - }; - - services.nginx = { - enable = true; - virtualHosts."photos.ctu.cx" = { - enableACME = lib.mkIf config.networking.usePBBUplink true; - forceSSL = lib.mkIf config.networking.usePBBUplink true; - kTLS = lib.mkIf config.networking.usePBBUplink true; - root = "/var/lib/ctucx-gallery"; - locations."~* \.html$".extraConfig = '' - add_header Last-Modified $date_gmt; - add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; - if_modified_since off; - expires off; - etag off; - ''; - }; - }; - -}
diff --git a/machines/hector/websites/default.nix b/machines/hector/websites/default.nix @@ -6,6 +6,7 @@ ./ctu.cx.nix ./things.ctu.cx.nix ./bikemap.ctu.cx.nix + ./photos.ctu.cx.nix ]; }
diff --git a/machines/hector/websites/photos.ctu.cx.nix b/machines/hector/websites/photos.ctu.cx.nix @@ -0,0 +1,104 @@ +{ config, pkgs, lib, ... }: + +let + galleryConfig = { + globalSection = { + SourceDir = "/mnt/photos.ctu.cx"; + TargetDir = "/var/lib/ctucx-gallery"; + MogrifyCmd = "${pkgs.imagemagick}/bin/mogrify"; + }; + + sections = { + Thumbnails = { + SmallHeight = "200"; + SmallQuality = "90"; + }; + + Site = { + Author = "ctucx"; + Name = "ctucx.photos"; + Description = "photos that i made"; + Tags = "ctucx, ctucx bahnbilder"; + ShowOriginalsButton = "true"; + SymlinkOriginals = "true"; + EnableJS = "true"; + }; + }; + }; + + galleryConfigFile = pkgs.writeText "gallery.ini" (lib.generators.toINIWithGlobalSection {} galleryConfig); + +in { + + dns.zones."ctu.cx".subdomains.photos.CNAME = [ "${config.networking.fqdn}." ]; + + fileSystems."/mnt/photos.ctu.cx" = { + device = "/home/katja/syncthing/Pictures/photos.ctu.cx"; + options = [ "bind" "ro" ]; + }; + + users = { + users."ctucx-gallery" = { + home = "/var/lib/ctucx-gallery"; + group = "ctucx-gallery"; + isSystemUser = true; + }; + groups."ctucx-gallery" = {}; + }; + + + systemd.services.ctucx-gallery = { + startAt = "*-*-* *:0/10:00"; + wantedBy = [ "multi-user.target" ]; + requires = [ "local-fs.target" ]; + path = [ pkgs.imagemagick ]; + + serviceConfig = { + Type = "oneshot"; +# DynamicUser = true; + + ExecStart = "${pkgs.ctucx-gallery}/bin/gallery ${galleryConfigFile}"; + + User = "ctucx-gallery"; + Group = "ctucx-gallery"; + + + StateDirectory = "ctucx-gallery"; + StateDirectoryMode = "755"; + + NoNewPrivileges = true; + PrivateTmp = true; + PrivateDevices = true; + + RestrictAddressFamilies = "AF_INET AF_INET6"; + RestrictNamespaces = true; + RestrictRealtime = true; + + ProtectSystem = "full"; + ProtectControlGroups = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + + DevicePolicy = "closed"; + LockPersonality = true; + }; + }; + + services.nginx = { + enable = true; + virtualHosts."photos.ctu.cx" = { + enableACME = true; + forceSSL = true; + kTLS = true; + root = "/var/lib/ctucx-gallery"; + locations."~* \.html$".extraConfig = '' + add_header Last-Modified $date_gmt; + add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + if_modified_since off; + expires off; + etag off; + ''; + }; + }; + +}