ctucx.git: nixfiles

machines/lollo/websites: move flauschehorn.sexy here

diff --git a/machines/lollo/websites/default.nix b/machines/lollo/websites/default.nix
@@ -6,6 +6,8 @@
     ./wiki.home.ctu.cx.nix
     ./music.home.ctu.cx.nix
     ./storage.home.ctu.cx
+
+    ./flauschehorn.sexy.nix
   ];
 
 }

diff --git a/machines/lollo/websites/flauschehorn.sexy.nix b/machines/lollo/websites/flauschehorn.sexy.nix
@@ -0,0 +1,90 @@
+{ pkgs, config, ...}:
+
+let
+  flauschehorn = pkgs.nimPackages.buildNimPackage {
+    name = "flauschehorn";
+
+    nimBinOnly  = true;
+    nimRelease  = true;
+
+    buildInputs = [ pkgs.sqlite ];
+
+    src = pkgs.fetchgit {
+      url    = "https://cgit.ctu.cx/flauschehorn.sexy";
+      rev    = "993cb3388e41506aed2875971a980becc348ccb0";
+      sha256 = "164mrbhq7aq19b577ddwgs47s6d6lzjzs6nnr9bzavpc2f6ai07z";
+    };
+  };
+
+in {
+
+  dns.zones."flauschehorn.sexy" = (pkgs.dns.lib.combinators.host "195.39.246.41" "2a0f:4ac0:acab::1");
+
+  users = {
+    users."flauschehorn" = {
+      home = "/var/lib/flauschehorn";
+      group = "flauschehorn";
+      isSystemUser = true;
+    };
+    groups."flauschehorn" = {};
+  };
+
+  systemd = {
+    services.flauschehorn-fetcher = {
+      startAt     = "*-*-* 3:00:00";
+      after       = [ "network-online.target" ];
+      environment = {
+        DB_PATH = "hornpostings.db";
+      };
+      serviceConfig = {
+        Type = "oneshot";
+
+        ExecStart = "${flauschehorn}/bin/mastofetch";
+
+        User  = "flauschehorn";
+        Group = "flauschehorn";
+
+        WorkingDirectory        = "~";
+        StateDirectory          = "flauschehorn";
+        StateDirectoryMode      = "755";
+
+        NoNewPrivileges         = true;
+        PrivateTmp              = true;
+        PrivateDevices          = true;
+
+        RestrictAddressFamilies = "AF_INET AF_INET6";
+        RestrictNamespaces      = true;
+        RestrictRealtime        = true;
+
+        ProtectSystem           = "full";
+        ProtectControlGroups    = true;
+        ProtectKernelModules    = true;
+        ProtectKernelTunables   = true;
+
+        DevicePolicy            = "closed";
+        LockPersonality         = true;
+      };
+    };
+  };
+
+  services = {
+    fcgiwrap.enable = true;
+    nginx = {
+      enable = true;
+      virtualHosts."flauschehorn.sexy" = {
+        enableACME = true;
+        forceSSL   = true;
+        locations  = {
+          "/".extraConfig = ''
+            include "${pkgs.nginx}/conf/fastcgi_params";
+            fastcgi_param SCRIPT_FILENAME "${flauschehorn}/bin/website";
+            fastcgi_param DB_PATH         "/var/lib/flauschehorn/hornpostings.db";
+            fastcgi_param QUERY_STRING    $args;
+            fastcgi_pass  unix:${config.services.fcgiwrap.socketAddress};
+          '';
+        };
+      };
+    };
+  };
+
+}

diff --git a/machines/osterei/websites/default.nix b/machines/osterei/websites/default.nix
@@ -8,7 +8,6 @@
     ./oeffi.ctu.cx.nix
     ./oeffisear.ch.nix
     ./photos.ctu.cx.nix
-    ./flauschehorn.sexy.nix
     ./wifionic.de.nix
   ];
 

diff --git a/machines/osterei/websites/flauschehorn.sexy.nix b/machines/osterei/websites/flauschehorn.sexy.nix
@@ -1,90 +0,0 @@
-{ pkgs, config, ...}:
-
-let
-  flauschehorn = pkgs.nimPackages.buildNimPackage {
-    name = "flauschehorn";
-
-    nimBinOnly  = true;
-    nimRelease  = true;
-
-    buildInputs = [ pkgs.sqlite ];
-
-    src = pkgs.fetchgit {
-      url    = "https://cgit.ctu.cx/flauschehorn.sexy";
-      rev    = "993cb3388e41506aed2875971a980becc348ccb0";
-      sha256 = "164mrbhq7aq19b577ddwgs47s6d6lzjzs6nnr9bzavpc2f6ai07z";
-    };
-  };
-
-in {
-
-  dns.zones."flauschehorn.sexy" = (pkgs.dns.lib.combinators.host "185.232.70.80" "2a03:4000:4e:af1::1");
-
-  users = {
-    users."flauschehorn" = {
-      home = "/var/lib/flauschehorn";
-      group = "flauschehorn";
-      isSystemUser = true;
-    };
-    groups."flauschehorn" = {};
-  };
-
-  systemd = {
-    services.flauschehorn-fetcher = {
-      startAt     = "*-*-* 3:00:00";
-      after       = [ "network-online.target" ];
-      environment = {
-        DB_PATH = "hornpostings.db";
-      };
-      serviceConfig = {
-        Type = "oneshot";
-
-        ExecStart = "${flauschehorn}/bin/mastofetch";
-
-        User  = "flauschehorn";
-        Group = "flauschehorn";
-
-        WorkingDirectory        = "~";
-        StateDirectory          = "flauschehorn";
-        StateDirectoryMode      = "755";
-
-        NoNewPrivileges         = true;
-        PrivateTmp              = true;
-        PrivateDevices          = true;
-
-        RestrictAddressFamilies = "AF_INET AF_INET6";
-        RestrictNamespaces      = true;
-        RestrictRealtime        = true;
-
-        ProtectSystem           = "full";
-        ProtectControlGroups    = true;
-        ProtectKernelModules    = true;
-        ProtectKernelTunables   = true;
-
-        DevicePolicy            = "closed";
-        LockPersonality         = true;
-      };
-    };
-  };
-
-  services = {
-    fcgiwrap.enable = true;
-    nginx = {
-      enable = true;
-      virtualHosts."flauschehorn.sexy" = {
-        enableACME = true;
-        forceSSL   = true;
-        locations  = {
-          "/".extraConfig = ''
-            include "${pkgs.nginx}/conf/fastcgi_params";
-            fastcgi_param SCRIPT_FILENAME "${flauschehorn}/bin/website";
-            fastcgi_param DB_PATH         "/var/lib/flauschehorn/hornpostings.db";
-            fastcgi_param QUERY_STRING    $args;
-            fastcgi_pass  unix:${config.services.fcgiwrap.socketAddress};
-          '';
-        };
-      };
-    };
-  };
-
-}