diff options
| -rw-r--r-- | machines/srv1/configuration.nix | 96 |
1 files changed, 79 insertions, 17 deletions
diff --git a/machines/srv1/configuration.nix b/machines/srv1/configuration.nix index 16111b3..b03a22e 100644 --- a/machines/srv1/configuration.nix +++ b/machines/srv1/configuration.nix @@ -19,6 +19,17 @@ in boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only networking.hostName = "srv1"; + networking.extraHosts = '' + 192.168.1.136 srv1.niedzwiedzinski.cyou git.niedzwiedzinski.cyou + ''; + + services.dnsmasq = { + enable = true; + servers = [ "1.1.1.1" "8.8.8.8" ]; + extraConfig = '' + address=/.srv1.niedzwiedzinski.cyou/192.168.1.136 + ''; + }; time.timeZone = "Europe/Warsaw"; i18n.defaultLocale = "en_US.UTF-8"; # Less confusing locale than polish one @@ -35,6 +46,19 @@ in allowReboot = true; }; + nixpkgs.config = { + packageOverrides = super: { + rss-bridge = super.rss-bridge.overrideDerivation (attrs: { + src = pkgs.fetchFromGitHub { + owner = "RSS-Bridge"; + repo = "rss-bridge"; + rev = "ee5d190391afffd037e09c04418a240f7ac67ecd"; + sha256 = "0sxdl6ycqmhd76hc5r8i1yv8vgl18ssmv1p9dzx8ikp5imvfgakc"; + }; + }); + }; + }; + # The global useDHCP flag is deprecated, therefore explicitly set to false here. # Per-interface useDHCP will be mandatory in the future, so this generated config # replicates the default behaviour. @@ -62,27 +86,33 @@ in services.sshguard.enable = true; services.nginx.enable = true; - services.nginx.virtualHosts."srv1.niedzwiedzinski.cyou" = { - enableACME = true; - forceSSL = true; - root = "/var/www/srv1.niedzwiedzinski.cyou"; - }; - services.nginx.virtualHosts."pics.srv1.niedzwiedzinski.cyou" = { - enableACME = true; - forceSSL = true; - root = "/var/www/pics.srv1.niedzwiedzinski.cyou"; - }; - services.nginx.virtualHosts."git.niedzwiedzinski.cyou" = { - locations."/".proxyPass = "http://localhost:8080/cgit/"; - locations."/cgit/".proxyPass = "http://localhost:8080"; - enableACME = true; - forceSSL = true; + services.nginx.virtualHosts = { + "srv1.niedzwiedzinski.cyou" = { + enableACME = true; + forceSSL = true; + root = "/var/www/srv1.niedzwiedzinski.cyou"; + }; + "pics.srv1.niedzwiedzinski.cyou" = { + enableACME = true; + forceSSL = true; + root = "/var/www/pics.srv1.niedzwiedzinski.cyou"; + }; + "rss.srv1.niedzwiedzinski.cyou" = { + enableACME = true; + forceSSL = true; + }; + "git.niedzwiedzinski.cyou" = { + locations."/".proxyPass = "http://0.0.0.0:8080/cgit/"; + locations."/cgit/".proxyPass = "http://0.0.0.0:8080"; + enableACME = true; + forceSSL = true; + }; }; security.acme.email = "pniedzwiedzinski19@gmail.com"; security.acme.acceptTerms = true; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - # networking.firewall.allowedUDPPorts = [ ... ]; + networking.firewall.allowedTCPPorts = [ 53 80 443 ]; + networking.firewall.allowedUDPPorts = [ 53 ]; services.molly-brown = { #hostName = "srv1.niedzwiedzinski.cyou"; @@ -111,6 +141,28 @@ in Unit = "git-fetch.service"; }; }; + + services.shuffle = { + script = '' + cd /var/www/pics.srv1.niedzwiedzinski.cyou + curr=`ls *-badeny2021 -d` + [ -d $curr ] || exit 130 + random=`cat /dev/urandom | tr -cd 'a-f0-9' | head -c 16` + mv $curr $random-badeny2021 + echo "<a href='/$random-badeny2021'>https://pics.srv1.niedzwiedzinski.cyou/$random-badeny2021</a>" > krol_tedium.html + ''; + serviceConfig = { + Type = "oneshot"; + }; + }; + timers.shuffle = { + partOf = ["shuffle.service"]; + wantedBy = ["timers.target"]; + timerConfig = { + OnCalendar = "daily"; + Unit = "shuffle.service"; + }; + }; }; services.lighttpd = { @@ -144,6 +196,16 @@ in ]; }; + services.rss-bridge = { + enable = true; + virtualHost = "rss.srv1.niedzwiedzinski.cyou"; + whitelist = [ + "Instagram" + "Soundcloud" + "Facebook" + ]; + }; + users.users.git = { isSystemUser = true; description = "git user"; |