ctucx.git: nixfiles

machines/osterei: move `oeffi-web.nix` and `oeffisearch.nix` to `websites`

diff --git a/machines/osterei/configuration.nix b/machines/osterei/configuration.nix
@@ -32,8 +32,6 @@
     ./radicale.nix
 
     # websites
-    ./oeffisearch.nix
-    ./oeffi-web.nix
     ./websites
   ];
 

diff --git a/machines/osterei/oeffisearch.nix b/machines/osterei/oeffisearch.nix
@@ -1,80 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-
-  users.groups.oeffisearch = {};
-  users.users.oeffisearch = {
-    isSystemUser = true;
-    home         = "/var/lib/oeffisearch";
-    group        = "oeffisearch";
-  };
-
-  age.secrets.restic-oeffisearch.file = ../../secrets/osterei/restic/oeffisearch.age;
-
-  restic-backups.oeffisearch = {
-    user         = "oeffisearch";
-    passwordFile = config.age.secrets.restic-oeffisearch.path;
-    paths        = [ "/var/lib/oeffisearch" ];
-  };
-
-  systemd.services.oeffisearch = {
-    wantedBy  = [ "multi-user.target" ];
-    after     = [ "network.target" ];
-    onFailure = [ "email-notify@%i.service" ];
-
-    serviceConfig = {
-      User                    = "oeffisearch";
-      Group                   = "oeffisearch";
-
-      WorkingDirectory        = "/var/lib/oeffisearch";
-      ReadWritePaths          = [ "/var/lib/oeffisearch" ];
-
-      PrivateTmp              = true;
-      ProtectHome             = true;
-      ProtectSystem           = "strict";
-      ProtectKernelTunables   = true;
-      ProtectHostname         = true;
-      ProtectClock            = true;
-      ProtectControlGroups    = true;
-      RestrictAddressFamilies = "AF_INET AF_INET6";
-
-      NoNewPrivileges         = true;
-      PrivateDevices          = true;
-      RestrictSUIDSGID        = true;
-      ProtectKernelModules    = true;
-      MemoryDenyWriteExecute  = true;
-      RestrictNamespaces      = true;
-      RestrictRealtime        = true;
-      LockPersonality         = true;
-
-      ExecStart               = "${pkgs.oeffisearch}/bin/oeffisearch";
-
-      Restart                 = "on-failure";
-      RestartSec              = "5";
-    };
-
-    environment = {
-      PORT       = "8081";
-      CACHE_PATH = "/var/lib/oeffisearch";
-    };
-  };
-
-  services.nginx = {
-    enable = true;
-    virtualHosts."oeffisear.ch" = {
-      enableACME = true;
-      forceSSL   = true;
-      locations  = {
-        "@api".proxyPass = "http://127.0.0.1:8081";
-        "/" = {
-          root     = "${pkgs.oeffisearch}/share/oeffisearch";
-          index    = "index.html";
-          tryFiles = "$uri $uri/ @api";
-        };
-      };
-    };
-  };
-
-  dns.zones."oeffisear.ch" = (pkgs.dns.lib.combinators.host "185.232.70.80" "2a03:4000:4e:af1::1");
-
-}

diff --git a/machines/osterei/websites/default.nix b/machines/osterei/websites/default.nix
@@ -5,6 +5,8 @@
   imports = [
     ./ctu.cx.nix
     ./ctu.cx-bikemap
+    ./oeffi.ctu.cx.nix
+    ./oeffisear.ch.nix
     ./photos.ctu.cx.nix
     ./flauschehorn.sexy.nix
     ./wifionic.de.nix

diff --git a/machines/osterei/oeffi-web.nix b/machines/osterei/websites/oeffi.ctu.cx.nix

diff --git a/machines/osterei/websites/oeffisear.ch.nix b/machines/osterei/websites/oeffisear.ch.nix
@@ -0,0 +1,80 @@
+{ config, pkgs, ... }:
+
+{
+
+  users.groups.oeffisearch = {};
+  users.users.oeffisearch = {
+    isSystemUser = true;
+    home         = "/var/lib/oeffisearch";
+    group        = "oeffisearch";
+  };
+
+  age.secrets.restic-oeffisearch.file = ../../../secrets/osterei/restic/oeffisearch.age;
+
+  restic-backups.oeffisearch = {
+    user         = "oeffisearch";
+    passwordFile = config.age.secrets.restic-oeffisearch.path;
+    paths        = [ "/var/lib/oeffisearch" ];
+  };
+
+  systemd.services.oeffisearch = {
+    wantedBy  = [ "multi-user.target" ];
+    after     = [ "network.target" ];
+    onFailure = [ "email-notify@%i.service" ];
+
+    serviceConfig = {
+      User                    = "oeffisearch";
+      Group                   = "oeffisearch";
+
+      WorkingDirectory        = "/var/lib/oeffisearch";
+      ReadWritePaths          = [ "/var/lib/oeffisearch" ];
+
+      PrivateTmp              = true;
+      ProtectHome             = true;
+      ProtectSystem           = "strict";
+      ProtectKernelTunables   = true;
+      ProtectHostname         = true;
+      ProtectClock            = true;
+      ProtectControlGroups    = true;
+      RestrictAddressFamilies = "AF_INET AF_INET6";
+
+      NoNewPrivileges         = true;
+      PrivateDevices          = true;
+      RestrictSUIDSGID        = true;
+      ProtectKernelModules    = true;
+      MemoryDenyWriteExecute  = true;
+      RestrictNamespaces      = true;
+      RestrictRealtime        = true;
+      LockPersonality         = true;
+
+      ExecStart               = "${pkgs.oeffisearch}/bin/oeffisearch";
+
+      Restart                 = "on-failure";
+      RestartSec              = "5";
+    };
+
+    environment = {
+      PORT       = "8081";
+      CACHE_PATH = "/var/lib/oeffisearch";
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    virtualHosts."oeffisear.ch" = {
+      enableACME = true;
+      forceSSL   = true;
+      locations  = {
+        "@api".proxyPass = "http://127.0.0.1:8081";
+        "/" = {
+          root     = "${pkgs.oeffisearch}/share/oeffisearch";
+          index    = "index.html";
+          tryFiles = "$uri $uri/ @api";
+        };
+      };
+    };
+  };
+
+  dns.zones."oeffisear.ch" = (pkgs.dns.lib.combinators.host "185.232.70.80" "2a03:4000:4e:af1::1");
+
+}