commit a31e6e94c1e69b1f6964fef0d4581a5492f4ce9b
parent d9d7f5b150a718afef0e9a4c9f685447f1ef109b
Author: Leah (ctucx) <git@ctu.cx>
Date: Fri, 12 May 2023 15:41:52 +0200
parent d9d7f5b150a718afef0e9a4c9f685447f1ef109b
Author: Leah (ctucx) <git@ctu.cx>
Date: Fri, 12 May 2023 15:41:52 +0200
machines/lollo/websites/things.home.ctu.cx -> machines/briefkasten/websites/things.home.ctu.cx
7 files changed, 77 insertions(+), 77 deletions(-)
A
|
62
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
D
|
62
--------------------------------------------------------------
diff --git a/machines/briefkasten/websites/default.nix b/machines/briefkasten/websites/default.nix @@ -5,6 +5,7 @@ imports = [ ./wiki.home.ctu.cx.nix ./music.home.ctu.cx.nix + ./things.home.ctu.cx.nix ./flauschehorn.sexy.nix ./wifionic.de.nix ];
diff --git a/machines/briefkasten/websites/things.home.ctu.cx.nix b/machines/briefkasten/websites/things.home.ctu.cx.nix @@ -0,0 +1,62 @@ +{ config, pkgs, lib, ... }: + +{ + + dns.zones."ctu.cx".subdomains."things.home".CNAME = lib.mkIf config.networking.usePBBUplink [ "${config.networking.fqdn}." ]; + + age.secrets.restic-ctucx-things.file = ./. + "/../../../secrets/${config.networking.hostName}/restic/ctucx-things.age"; + + restic-backups.things = { + user = "things"; + passwordFile = config.age.secrets.restic-ctucx-things.path; + paths = [ "/var/lib/ctucx-things" ]; + }; + + + users.users.ctucx-things = { + isSystemUser = true; + home = "/var/lib/ctucx-things"; + createHome = true; + group = config.services.nginx.group; + }; + + services = { + phpfpm.pools.ctucx-things = { + user = "ctucx-things"; + group = config.services.nginx.group; + phpEnv = { + THINGS_STORAGE_PATH = "/var/lib/ctucx-things"; + }; + settings = { + pm = "dynamic"; + "listen.owner" = config.services.nginx.user; + "pm.max_children" = 1; + "pm.start_servers" = 1; + "pm.min_spare_servers" = 1; + "pm.max_spare_servers" = 1; + "pm.max_requests" = 500; + }; + }; + + nginx = { + enable = true; + virtualHosts."things.home.ctu.cx" = { + enableACME = lib.mkIf config.networking.usePBBUplink true; + forceSSL = lib.mkIf config.networking.usePBBUplink true; + kTLS = lib.mkIf config.networking.usePBBUplink true; + root = pkgs.ctucx-things; + locations = { + "/".index = "index.php index.html"; + "/".tryFiles = "$uri $uri/ /index.php"; + "~ \.php$".extraConfig = '' + fastcgi_pass unix:${config.services.phpfpm.pools.ctucx-things.socket}; + fastcgi_index index.php; + ''; + }; + }; + }; + + }; + +} +
diff --git a/machines/lollo/websites/default.nix b/machines/lollo/websites/default.nix @@ -3,7 +3,6 @@ { imports = [ - ./things.home.ctu.cx.nix # ./storage.home.ctu.cx ./photos.ctu.cx.nix
diff --git a/machines/lollo/websites/things.home.ctu.cx.nix b/machines/lollo/websites/things.home.ctu.cx.nix @@ -1,62 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - - dns.zones."ctu.cx".subdomains."things.home".CNAME = lib.mkIf config.networking.usePBBUplink [ "${config.networking.fqdn}." ]; - - age.secrets.restic-things.file = ../../../secrets/lollo/restic/things.age; - - restic-backups.things = { - user = "things"; - passwordFile = config.age.secrets.restic-things.path; - paths = [ "/var/lib/ctucx-things" ]; - }; - - - users.users.things = { - isSystemUser = true; - home = "/var/lib/ctucx-things"; - createHome = true; - group = config.services.nginx.group; - }; - - services = { - phpfpm.pools.ctucx-things = { - user = "things"; - group = config.services.nginx.group; - phpEnv = { - THINGS_STORAGE_PATH = "/var/lib/ctucx-things"; - }; - settings = { - pm = "dynamic"; - "listen.owner" = config.services.nginx.user; - "pm.max_children" = 1; - "pm.start_servers" = 1; - "pm.min_spare_servers" = 1; - "pm.max_spare_servers" = 1; - "pm.max_requests" = 500; - }; - }; - - nginx = { - enable = true; - virtualHosts."things.home.ctu.cx" = { - enableACME = lib.mkIf config.networking.usePBBUplink true; - forceSSL = lib.mkIf config.networking.usePBBUplink true; - kTLS = lib.mkIf config.networking.usePBBUplink true; - root = pkgs.ctucx-things; - locations = { - "/".index = "index.php index.html"; - "/".tryFiles = "$uri $uri/ /index.php"; - "~ \.php$".extraConfig = '' - fastcgi_pass unix:${config.services.phpfpm.pools.ctucx-things.socket}; - fastcgi_index index.php; - ''; - }; - }; - }; - - }; - -} -
diff --git a/secrets/briefkasten/restic/ctucx-things.age b/secrets/briefkasten/restic/ctucx-things.age @@ -0,0 +1,13 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5dS9CVXloMHFvTjV1QlZv +d3AwcEpHM3ZmNURkaUlsbVRzUGxDRjVoMURnCk1qSkdOVEZSN0w2ZUg5bGhRT2NV +NWsrUXNsNmN2U0wzZGxLMHJDRWdxdWMKLT4gc3NoLWVkMjU1MTkgNGhLQ013IGtJ +TW1GUW5pTERvK2wwVnJ4cTUyRkx1RnVYNUIweTFCNHdaaWtKSm9GaUEKaGFZRXd6 +aEVyVEh1SWlKQlhKK2x4Yi9nYmxuWWJDZkpGNXdxMi9VM3g5awotPiArLWdyZWFz +ZSBYVEpOYHxEIGNlI2d0UGw6ClJCajZueWVQR05UdnA5eFB4QS9lb0U5UlZORlpL +L1Y2TzZsSXo1RUtESDdDRHZ1cjM4OVZiQ0hqNGVrdkxtVjYKQkxMczBYbUFYa1RM +WHV5cmUycDgKLS0tIExSc1pPbmFMK2hRYnd3UnFZNUs4MXZtOXg4T0Y2eUdxdGxr +L0loc0xVNGMKR1wni1wsSz2zABGS2vFm0uK3wVgst76JkfibG8hWXCpnkC0PejUk +J1qo/s4MnEsMbF7za0vXJdQjaOngHuuPPCVxBveeB3bVEwK17hy2lbUNDaDmtKAW +puXujgLFlsQb +-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/lollo/restic/things.age b/secrets/lollo/restic/things.age @@ -1,13 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0UmpocElWZUlZNzRMZFRK -aE00cHBKKzFnd3ZjWXJsdVo5VDhJa0toaGpJCnIzanI2NUpmV1JGUm1GdHBSMDky -aFY5MnFlVmhQNkg0ZVIyOVM2bFhIWVUKLT4gc3NoLWVkMjU1MTkgMXJjY0t3IFo0 -Q2Izd0VQT2xpT21wMlFWZHpoSGFXNVBDZ1NSaWVBQmtXY0MzNzk5VUUKM0tYQkRy -dWQ1ZERlblhRZ0FMVWN1MGNReEN1OWtxa09xbm9lUTBCSUs1MAotPiAmZnp7Tmpx -LWdyZWFzZQpoWTk3ZERzUWVmUXM3SzNrNWw0K291a2JvaEtBR1YvNTZGVURkbm5P -OHcwbVVlbEk2c3c1dG9GOWpqLzFUM2RGCmlyZlJ4VlJzQlo5T0dOT2plZ1Yvem1v -UjU0cmYvNHZCTncKLS0tIHRlckpjam1OZDVseGV1R1pVbUFsSHdHdngzOGdmbHRE -UVhQSm8wckFHTWsKMNvRintDk1/VZowYRO5N3WIM9+kxvoblS9Ru2Fy8hOz+fzi0 -QzvhHL5LXElcHepi5f0WrChzQk226ADj0IdfZBtIvbjS4a7XKLoWeLLw13Z4cshA -5qgSZroy7ZqN638p ------END AGE ENCRYPTED FILE-----
diff --git a/secrets/secrets.nix b/secrets/secrets.nix @@ -47,7 +47,6 @@ in { "lollo/restic/vnstat.age".publicKeys = [ leah lollo ]; "lollo/restic/oeffisearch.age".publicKeys = [ leah lollo ]; "lollo/restic/influxdb.age".publicKeys = [ leah lollo ]; - "lollo/restic/things.age".publicKeys = [ leah lollo ]; "briefkasten/radicale-users.age".publicKeys = [ leah briefkasten ]; "briefkasten/gotosocial-env.age".publicKeys = [ leah briefkasten ]; @@ -56,6 +55,7 @@ in { "briefkasten/restic/radicale.age".publicKeys = [ leah briefkasten ]; "briefkasten/restic/gotosocial.age".publicKeys = [ leah briefkasten ]; + "briefkasten/restic/ctucx-things.age".publicKeys = [ leah briefkasten ]; "lollo/solar-nrw/vpn-secrets.age".publicKeys = [ leah lollo ]; "lollo/solar-nrw/solax2mqtt.age".publicKeys = [ leah lollo ];