ctucx.git: nixfiles

machines/lollo/websites/flauschehorn.sexy -> machines/briefkasten/websites/flauschehorn.sexy

diff --git a/machines/briefkasten/configuration.nix b/machines/briefkasten/configuration.nix
@@ -21,6 +21,8 @@
     ./gotosocial.nix
 
     ./scanner-sftp.nix
+
+    ./websites
   ];
 
   networking.usePBBUplink = true;

diff --git a/machines/briefkasten/websites/default.nix b/machines/briefkasten/websites/default.nix
@@ -0,0 +1,10 @@
+{ ... }:
+
+{
+
+  imports = [
+    ./flauschehorn.sexy.nix
+  ];
+
+}
+

diff --git a/machines/briefkasten/websites/flauschehorn.sexy.nix b/machines/briefkasten/websites/flauschehorn.sexy.nix
@@ -0,0 +1,75 @@
+{ pkgs, config, lib, ...}:
+
+{
+
+  dns.zones."flauschehorn.sexy" = lib.mkIf config.networking.usePBBUplink (pkgs.dns.lib.combinators.host config.networking.primaryIP4 config.networking.primaryIP);
+
+  users = {
+    users."flauschehorn" = {
+      home = "/var/lib/flauschehorn";
+      group = "flauschehorn";
+      isSystemUser = true;
+    };
+    groups."flauschehorn" = {};
+  };
+
+  systemd = {
+    services.flauschehorn-fetcher = {
+      startAt     = "*-*-* 3:00:00";
+      after       = [ "network-online.target" ];
+      environment = {
+        DB_PATH = "hornpostings.db";
+      };
+      serviceConfig = {
+        Type = "oneshot";
+
+        ExecStart = "${pkgs.flauschehorn-sexy}/bin/mastofetch";
+
+        User  = "flauschehorn";
+        Group = "flauschehorn";
+
+        WorkingDirectory        = "~";
+        StateDirectory          = "flauschehorn";
+        StateDirectoryMode      = "755";
+
+        NoNewPrivileges         = true;
+        PrivateTmp              = true;
+        PrivateDevices          = true;
+
+        RestrictAddressFamilies = "AF_INET AF_INET6";
+        RestrictNamespaces      = true;
+        RestrictRealtime        = true;
+
+        ProtectSystem           = "full";
+        ProtectControlGroups    = true;
+        ProtectKernelModules    = true;
+        ProtectKernelTunables   = true;
+
+        DevicePolicy            = "closed";
+        LockPersonality         = true;
+      };
+    };
+  };
+
+  services = {
+    fcgiwrap.enable = true;
+    nginx = {
+      enable = true;
+      virtualHosts."flauschehorn.sexy" = {
+        enableACME = lib.mkIf config.networking.usePBBUplink true;
+        forceSSL   = lib.mkIf config.networking.usePBBUplink true;
+        kTLS       = lib.mkIf config.networking.usePBBUplink true;
+        locations  = {
+          "/".extraConfig = ''
+            include "${pkgs.nginx}/conf/fastcgi_params";
+            fastcgi_param SCRIPT_FILENAME "${pkgs.flauschehorn-sexy}/bin/website";
+            fastcgi_param DB_PATH         "/var/lib/flauschehorn/hornpostings.db";
+            fastcgi_param QUERY_STRING    $args;
+            fastcgi_pass  unix:${config.services.fcgiwrap.socketAddress};
+          '';
+        };
+      };
+    };
+  };
+
+}

diff --git a/machines/lollo/websites/default.nix b/machines/lollo/websites/default.nix
@@ -9,7 +9,6 @@
 #    ./storage.home.ctu.cx
 
     ./photos.ctu.cx.nix
-    ./flauschehorn.sexy.nix
     ./wifionic.de.nix
 
     ./oeffisear.ch.nix

diff --git a/machines/lollo/websites/flauschehorn.sexy.nix b/machines/lollo/websites/flauschehorn.sexy.nix
@@ -1,75 +0,0 @@
-{ pkgs, config, lib, ...}:
-
-{
-
-  dns.zones."flauschehorn.sexy" = lib.mkIf config.networking.usePBBUplink (pkgs.dns.lib.combinators.host "195.39.246.42" "2a0f:4ac0:acab::42");
-
-  users = {
-    users."flauschehorn" = {
-      home = "/var/lib/flauschehorn";
-      group = "flauschehorn";
-      isSystemUser = true;
-    };
-    groups."flauschehorn" = {};
-  };
-
-  systemd = {
-    services.flauschehorn-fetcher = {
-      startAt     = "*-*-* 3:00:00";
-      after       = [ "network-online.target" ];
-      environment = {
-        DB_PATH = "hornpostings.db";
-      };
-      serviceConfig = {
-        Type = "oneshot";
-
-        ExecStart = "${pkgs.flauschehorn-sexy}/bin/mastofetch";
-
-        User  = "flauschehorn";
-        Group = "flauschehorn";
-
-        WorkingDirectory        = "~";
-        StateDirectory          = "flauschehorn";
-        StateDirectoryMode      = "755";
-
-        NoNewPrivileges         = true;
-        PrivateTmp              = true;
-        PrivateDevices          = true;
-
-        RestrictAddressFamilies = "AF_INET AF_INET6";
-        RestrictNamespaces      = true;
-        RestrictRealtime        = true;
-
-        ProtectSystem           = "full";
-        ProtectControlGroups    = true;
-        ProtectKernelModules    = true;
-        ProtectKernelTunables   = true;
-
-        DevicePolicy            = "closed";
-        LockPersonality         = true;
-      };
-    };
-  };
-
-  services = {
-    fcgiwrap.enable = true;
-    nginx = {
-      enable = true;
-      virtualHosts."flauschehorn.sexy" = {
-        enableACME = lib.mkIf config.networking.usePBBUplink true;
-        forceSSL   = lib.mkIf config.networking.usePBBUplink true;
-        kTLS       = lib.mkIf config.networking.usePBBUplink true;
-        locations  = {
-          "/".extraConfig = ''
-            include "${pkgs.nginx}/conf/fastcgi_params";
-            fastcgi_param SCRIPT_FILENAME "${pkgs.flauschehorn-sexy}/bin/website";
-            fastcgi_param DB_PATH         "/var/lib/flauschehorn/hornpostings.db";
-            fastcgi_param QUERY_STRING    $args;
-            fastcgi_pass  unix:${config.services.fcgiwrap.socketAddress};
-          '';
-        };
-      };
-    };
-  };
-
-}