about summary refs log tree commit diff
path: root/machines/srv1
diff options
context:
space:
mode:
authorPatryk Niedźwiedziński <pniedzwiedzinski19@gmail.com>2021-03-02 10:41:22 +0100
committerPatryk Niedźwiedziński <pniedzwiedzinski19@gmail.com>2021-03-02 10:41:22 +0100
commitc4d8b4fd397752d23d3756fc58547b21a0daef0e (patch)
tree388622f68ffe0dd447cdd76ecd49a6c7e4b82913 /machines/srv1
parenta17c00ee99142b7c04d25db33e25f441f65890ce (diff)
downloaddots-c4d8b4fd397752d23d3756fc58547b21a0daef0e.tar.gz
dots-c4d8b4fd397752d23d3756fc58547b21a0daef0e.zip
Add dnsmasq
Funbox shit
Diffstat (limited to 'machines/srv1')
-rw-r--r--machines/srv1/configuration.nix96
1 files changed, 79 insertions, 17 deletions
diff --git a/machines/srv1/configuration.nix b/machines/srv1/configuration.nix
index 16111b3..b03a22e 100644
--- a/machines/srv1/configuration.nix
+++ b/machines/srv1/configuration.nix
@@ -19,6 +19,17 @@ in
     boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
 
     networking.hostName = "srv1";
+    networking.extraHosts = ''
+      192.168.1.136 srv1.niedzwiedzinski.cyou git.niedzwiedzinski.cyou
+    '';
+
+    services.dnsmasq = {
+      enable = true;
+      servers = [ "1.1.1.1" "8.8.8.8" ];
+      extraConfig = ''
+        address=/.srv1.niedzwiedzinski.cyou/192.168.1.136
+      '';
+    };
 
     time.timeZone = "Europe/Warsaw";
     i18n.defaultLocale = "en_US.UTF-8"; # Less confusing locale than polish one
@@ -35,6 +46,19 @@ in
       allowReboot = true;
     };
 
+    nixpkgs.config = {
+      packageOverrides = super: {
+        rss-bridge = super.rss-bridge.overrideDerivation (attrs: {
+	  src = pkgs.fetchFromGitHub {
+            owner = "RSS-Bridge";
+            repo = "rss-bridge";
+            rev = "ee5d190391afffd037e09c04418a240f7ac67ecd";
+            sha256 = "0sxdl6ycqmhd76hc5r8i1yv8vgl18ssmv1p9dzx8ikp5imvfgakc";
+          };
+        });
+      };
+    };
+
   # The global useDHCP flag is deprecated, therefore explicitly set to false here.
   # Per-interface useDHCP will be mandatory in the future, so this generated config
   # replicates the default behaviour.
@@ -62,27 +86,33 @@ in
   services.sshguard.enable = true;
 
   services.nginx.enable = true;
-  services.nginx.virtualHosts."srv1.niedzwiedzinski.cyou" = {
-    enableACME = true;
-    forceSSL = true;
-    root = "/var/www/srv1.niedzwiedzinski.cyou";
-  };
-  services.nginx.virtualHosts."pics.srv1.niedzwiedzinski.cyou" = {
-    enableACME = true;
-    forceSSL = true;
-    root = "/var/www/pics.srv1.niedzwiedzinski.cyou";
-  };
-  services.nginx.virtualHosts."git.niedzwiedzinski.cyou" = {
-    locations."/".proxyPass = "http://localhost:8080/cgit/";
-    locations."/cgit/".proxyPass = "http://localhost:8080";
-    enableACME = true;
-    forceSSL = true;
+  services.nginx.virtualHosts = {
+    "srv1.niedzwiedzinski.cyou" = {
+      enableACME = true;
+      forceSSL = true;
+      root = "/var/www/srv1.niedzwiedzinski.cyou";
+    };
+    "pics.srv1.niedzwiedzinski.cyou" = {
+      enableACME = true;
+      forceSSL = true;
+      root = "/var/www/pics.srv1.niedzwiedzinski.cyou";
+    };
+    "rss.srv1.niedzwiedzinski.cyou" = {
+      enableACME = true;
+      forceSSL = true;
+    };
+    "git.niedzwiedzinski.cyou" = {
+      locations."/".proxyPass = "http://0.0.0.0:8080/cgit/";
+      locations."/cgit/".proxyPass = "http://0.0.0.0:8080";
+      enableACME = true;
+      forceSSL = true;
+    };
   };
   security.acme.email = "pniedzwiedzinski19@gmail.com";
   security.acme.acceptTerms = true;
 
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
+  networking.firewall.allowedTCPPorts = [ 53 80 443 ];
+  networking.firewall.allowedUDPPorts = [ 53 ];
 
   services.molly-brown = {
     #hostName = "srv1.niedzwiedzinski.cyou";
@@ -111,6 +141,28 @@ in
         Unit = "git-fetch.service";
       };
     };
+
+    services.shuffle = {
+      script = ''
+        cd /var/www/pics.srv1.niedzwiedzinski.cyou
+	curr=`ls *-badeny2021 -d`
+	[ -d $curr ] || exit 130
+	random=`cat /dev/urandom | tr -cd 'a-f0-9' | head -c 16`
+	mv $curr $random-badeny2021
+	echo "<a href='/$random-badeny2021'>https://pics.srv1.niedzwiedzinski.cyou/$random-badeny2021</a>" > krol_tedium.html
+      '';
+      serviceConfig = {
+        Type = "oneshot";
+      };
+    };
+    timers.shuffle = {
+      partOf = ["shuffle.service"];
+      wantedBy = ["timers.target"];
+      timerConfig = {
+        OnCalendar = "daily";
+	Unit = "shuffle.service";
+      };
+    };
   };
 
   services.lighttpd = {
@@ -144,6 +196,16 @@ in
     ];
   };
 
+  services.rss-bridge = {
+    enable = true;
+    virtualHost = "rss.srv1.niedzwiedzinski.cyou";
+    whitelist = [
+      "Instagram"
+      "Soundcloud"
+      "Facebook"
+    ];
+  };
+
   users.users.git = {
     isSystemUser = true;
     description = "git user";