From 009a43799c28eca77752de4268c0e74700d13527 Mon Sep 17 00:00:00 2001 From: Patryk Niedźwiedziński Date: Wed, 30 Oct 2024 20:16:45 +0100 Subject: srv3: move services to folder --- machines/srv3/baby-yoda.png | Bin 957567 -> 0 bytes machines/srv3/baby-yoda.png.comp | Bin 7710 -> 0 bytes machines/srv3/cgit.nix | 106 ------------------------- machines/srv3/configuration.nix | 9 ++- machines/srv3/services/cgit/baby-yoda.png | Bin 0 -> 957567 bytes machines/srv3/services/cgit/baby-yoda.png.comp | Bin 0 -> 7710 bytes machines/srv3/services/cgit/default.nix | 106 +++++++++++++++++++++++++ machines/srv3/services/webdav/default.nix | 47 +++++++++++ machines/srv3/webdav.nix | 33 -------- 9 files changed, 160 insertions(+), 141 deletions(-) delete mode 100644 machines/srv3/baby-yoda.png delete mode 100644 machines/srv3/baby-yoda.png.comp delete mode 100644 machines/srv3/cgit.nix create mode 100644 machines/srv3/services/cgit/baby-yoda.png create mode 100644 machines/srv3/services/cgit/baby-yoda.png.comp create mode 100644 machines/srv3/services/cgit/default.nix create mode 100644 machines/srv3/services/webdav/default.nix delete mode 100644 machines/srv3/webdav.nix diff --git a/machines/srv3/baby-yoda.png b/machines/srv3/baby-yoda.png deleted file mode 100644 index 42a200c..0000000 Binary files a/machines/srv3/baby-yoda.png and /dev/null differ diff --git a/machines/srv3/baby-yoda.png.comp b/machines/srv3/baby-yoda.png.comp deleted file mode 100644 index 26eb247..0000000 Binary files a/machines/srv3/baby-yoda.png.comp and /dev/null differ diff --git a/machines/srv3/cgit.nix b/machines/srv3/cgit.nix deleted file mode 100644 index bcd63bb..0000000 --- a/machines/srv3/cgit.nix +++ /dev/null @@ -1,106 +0,0 @@ -{ pkgs, ...}: -let - cgitHostname = "git.niedzwiedzinski.cyou"; - - mirror = pkgs.writeScriptBin "mirror" '' - #!/bin/sh - - name=`echo "$1" | rev | cut -d'/' -f1 | rev` - - cd /srv/git - sudo -u git ${pkgs.git}/bin/git clone --mirror $1 $name - sudo -u git /run/current-system/sw/bin/chmod -R g+w $name - ''; - - newrepo = pkgs.writeScriptBin "newrepo" '' - #!/bin/sh - - [ -z $1 ] && echo "Pass repo name" && exit 1 - - sudo -u git git init --bare /srv/git/$1 - sudo -u git /run/current-system/sw/bin/chmod -R g+w /srv/git/$1 - ''; - -in -{ - environment.systemPackages = [ newrepo mirror ]; - systemd.services.git-fetch = { - script = '' - #!/bin/sh - cd /srv/git - for f in `find . -name HEAD`; do - cd ''${f%HEAD} - ${pkgs.git}/bin/git fetch - cd /srv/git - done - ''; - serviceConfig = { - Type = "oneshot"; - User = "git"; - }; - }; - systemd.timers.git-fetch = { - partOf = [ "git-fetch.service" ]; - wantedBy = ["timers.target" ]; - timerConfig = { - OnCalendar = "hourly"; - Unit = "git-fetch.service"; - }; - }; - services.nginx.virtualHosts."${cgitHostname}" = { - locations."=/mylogo.png" = { - alias = "${./baby-yoda.png.comp}"; - }; - forceSSL = true; - enableACME = true; - }; - services.cgit.gitN = { - enable = true; - user = "cgit"; - package = pkgs.cgit-pink; - scanPath = "/srv/git"; - nginx.virtualHost = cgitHostname; - settings = { - about-filter = let formatScript = pkgs.writeScriptBin "about-format.sh" '' - #!/bin/sh - ${pkgs.coreutils}/bin/cat << EOF - -
- EOF - ${pkgs.coreutils}/bin/cat /dev/stdin | ${pkgs.lowdown}/bin/lowdown - echo '
' - ''; - in "${formatScript}/bin/about-format.sh"; - cache-size = "1000"; - root-title = cgitHostname; - root-desc = "Personal git server, because I can"; - readme = ":README.md"; - snapshots = "tar.gz zip"; - clone-prefix = "https://${cgitHostname}"; - section-from-path = "1"; - logo = "/mylogo.png"; - }; - }; - - users = { - groups = { git = {}; }; - users = { - git = { - isSystemUser = true; - group = "git"; - description = "git user"; - home = "/srv/git"; - shell = "${pkgs.git}/bin/git-shell"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqlCe4ovKa/Gwl5xmgu9nvVPmFXMgwdeLRYW7Gg7RWx pniedzwiedzinski19@gmail.com" - ]; - }; - }; - }; -} diff --git a/machines/srv3/configuration.nix b/machines/srv3/configuration.nix index ae54e48..f223b11 100644 --- a/machines/srv3/configuration.nix +++ b/machines/srv3/configuration.nix @@ -13,8 +13,8 @@ in ../../modules/obsidian-livesync.nix ./home-assistant.nix ./hardware-configuration.nix - ./webdav.nix - ./cgit.nix + ./services/webdav + ./services/cgit ./noip.nix ]; @@ -24,6 +24,11 @@ in adminsFile = "/etc/couchdb.ini"; }; + services.srv3-webdav = { + enable = true; + domain = "files.${domain}"; + }; + boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only diff --git a/machines/srv3/services/cgit/baby-yoda.png b/machines/srv3/services/cgit/baby-yoda.png new file mode 100644 index 0000000..42a200c Binary files /dev/null and b/machines/srv3/services/cgit/baby-yoda.png differ diff --git a/machines/srv3/services/cgit/baby-yoda.png.comp b/machines/srv3/services/cgit/baby-yoda.png.comp new file mode 100644 index 0000000..26eb247 Binary files /dev/null and b/machines/srv3/services/cgit/baby-yoda.png.comp differ diff --git a/machines/srv3/services/cgit/default.nix b/machines/srv3/services/cgit/default.nix new file mode 100644 index 0000000..bcd63bb --- /dev/null +++ b/machines/srv3/services/cgit/default.nix @@ -0,0 +1,106 @@ +{ pkgs, ...}: +let + cgitHostname = "git.niedzwiedzinski.cyou"; + + mirror = pkgs.writeScriptBin "mirror" '' + #!/bin/sh + + name=`echo "$1" | rev | cut -d'/' -f1 | rev` + + cd /srv/git + sudo -u git ${pkgs.git}/bin/git clone --mirror $1 $name + sudo -u git /run/current-system/sw/bin/chmod -R g+w $name + ''; + + newrepo = pkgs.writeScriptBin "newrepo" '' + #!/bin/sh + + [ -z $1 ] && echo "Pass repo name" && exit 1 + + sudo -u git git init --bare /srv/git/$1 + sudo -u git /run/current-system/sw/bin/chmod -R g+w /srv/git/$1 + ''; + +in +{ + environment.systemPackages = [ newrepo mirror ]; + systemd.services.git-fetch = { + script = '' + #!/bin/sh + cd /srv/git + for f in `find . -name HEAD`; do + cd ''${f%HEAD} + ${pkgs.git}/bin/git fetch + cd /srv/git + done + ''; + serviceConfig = { + Type = "oneshot"; + User = "git"; + }; + }; + systemd.timers.git-fetch = { + partOf = [ "git-fetch.service" ]; + wantedBy = ["timers.target" ]; + timerConfig = { + OnCalendar = "hourly"; + Unit = "git-fetch.service"; + }; + }; + services.nginx.virtualHosts."${cgitHostname}" = { + locations."=/mylogo.png" = { + alias = "${./baby-yoda.png.comp}"; + }; + forceSSL = true; + enableACME = true; + }; + services.cgit.gitN = { + enable = true; + user = "cgit"; + package = pkgs.cgit-pink; + scanPath = "/srv/git"; + nginx.virtualHost = cgitHostname; + settings = { + about-filter = let formatScript = pkgs.writeScriptBin "about-format.sh" '' + #!/bin/sh + ${pkgs.coreutils}/bin/cat << EOF + +
+ EOF + ${pkgs.coreutils}/bin/cat /dev/stdin | ${pkgs.lowdown}/bin/lowdown + echo '
' + ''; + in "${formatScript}/bin/about-format.sh"; + cache-size = "1000"; + root-title = cgitHostname; + root-desc = "Personal git server, because I can"; + readme = ":README.md"; + snapshots = "tar.gz zip"; + clone-prefix = "https://${cgitHostname}"; + section-from-path = "1"; + logo = "/mylogo.png"; + }; + }; + + users = { + groups = { git = {}; }; + users = { + git = { + isSystemUser = true; + group = "git"; + description = "git user"; + home = "/srv/git"; + shell = "${pkgs.git}/bin/git-shell"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqlCe4ovKa/Gwl5xmgu9nvVPmFXMgwdeLRYW7Gg7RWx pniedzwiedzinski19@gmail.com" + ]; + }; + }; + }; +} diff --git a/machines/srv3/services/webdav/default.nix b/machines/srv3/services/webdav/default.nix new file mode 100644 index 0000000..e184490 --- /dev/null +++ b/machines/srv3/services/webdav/default.nix @@ -0,0 +1,47 @@ +{ config, lib, ... }: +let +cfg = config.services.srv3-webdav; +in +{ + + options = { + services.srv3-webdav = { + enable = lib.mkEnableOption "WebDav server"; + + domain = lib.mkOption { + type = lib.types.str; + description = "Where webdav server should live"; + }; + + port = lib.mkOption { + type = lib.types.number; + default = 6060; +# FIX: Hardening reverse proxy + description = "Internal port on which webdav server will run"; + }; + + configFile = lib.mkOption { + type = lib.types.path; + default = "/etc/webdav.yaml"; + description = "WebDav server config file"; + }; + }; + + }; + config = lib.mkIf cfg.enable { + services.nginx.virtualHosts.${cfg.domain} = { + forceSSL = true; + enableACME = true; + + locations."/" = { + proxyPass = "http://localhost:${toString cfg.port}"; + }; + }; + + services.webdav = { + enable = true; + configFile = cfg.configFile; + }; + }; + +} diff --git a/machines/srv3/webdav.nix b/machines/srv3/webdav.nix deleted file mode 100644 index 9a4c126..0000000 --- a/machines/srv3/webdav.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ pkgs, ... }: -let - port = "6060"; -in -{ - services.nginx.virtualHosts."files.niedzwiedzinski.cyou" = { - forceSSL = true; - enableACME = true; - - locations."/" = { - proxyPass = "http://localhost:${port}"; - }; - }; - - services.webdav = { - enable = true; - configFile = "/etc/webdav.yaml"; - #settings = { - #address = "0.0.0.0"; - #port = port; - #scope = "/srv/files"; - #modify = true; - #auth = true; - #users = [ - #{ - #username = "patryk"; - #password = "test"; - #} - #]; - #}; - }; - -} -- cgit 1.4.1