From cea6896788a42c0ea40f99deb4b5987d6741e360 Mon Sep 17 00:00:00 2001 From: Emile Date: Fri, 16 Aug 2024 23:33:53 +0200 Subject: big dump, forgot to commit... --- nix/hosts/corrino/www/ctf.emile.space.nix | 2 +- nix/hosts/corrino/www/emile.space.nix | 4 ++++ nix/hosts/corrino/www/git/cgit.nix | 8 ++++++- nix/hosts/corrino/www/md.emile.space.nix | 8 ------- nix/hosts/corrino/www/photo.emile.space.nix | 33 ---------------------------- nix/hosts/corrino/www/photo/default.nix | 8 +++++++ nix/hosts/corrino/www/photo/photoprism.nix | 33 ++++++++++++++++++++++++++++ nix/hosts/corrino/www/r2wa.rs.nix | 29 ++++++++++++++++++++---- nix/hosts/corrino/www/social.emile.space.nix | 7 ++++++ nix/hosts/corrino/www/sso.emile.space.nix | 2 +- 10 files changed, 86 insertions(+), 48 deletions(-) delete mode 100644 nix/hosts/corrino/www/photo.emile.space.nix create mode 100644 nix/hosts/corrino/www/photo/default.nix create mode 100644 nix/hosts/corrino/www/photo/photoprism.nix (limited to 'nix/hosts/corrino/www') diff --git a/nix/hosts/corrino/www/ctf.emile.space.nix b/nix/hosts/corrino/www/ctf.emile.space.nix index 1d8b382..6eee75f 100644 --- a/nix/hosts/corrino/www/ctf.emile.space.nix +++ b/nix/hosts/corrino/www/ctf.emile.space.nix @@ -13,7 +13,7 @@ }; virtualisation.oci-containers = { - backend = "docker"; + # backend = "docker"; containers = { "ctfd" = { image = "ctfd/ctfd"; diff --git a/nix/hosts/corrino/www/emile.space.nix b/nix/hosts/corrino/www/emile.space.nix index 9cca880..c39ca31 100644 --- a/nix/hosts/corrino/www/emile.space.nix +++ b/nix/hosts/corrino/www/emile.space.nix @@ -13,6 +13,10 @@ ''; }; + "/@hanemile".extraConfig = '' + return 301 https://social.emile.space/@hanemile; + ''; + #"/.well-known" = { # root = "/var/www/emile.space"; # extraConfig = '' diff --git a/nix/hosts/corrino/www/git/cgit.nix b/nix/hosts/corrino/www/git/cgit.nix index e6983e5..1e63dfc 100644 --- a/nix/hosts/corrino/www/git/cgit.nix +++ b/nix/hosts/corrino/www/git/cgit.nix @@ -72,6 +72,12 @@ section = "Radare2"; owner = "emile"; }; + r2wars-web = { + desc = "The software behind https://r2wa.rs"; + path = "/var/lib/git/repositories/r2wars-web.git"; + section = "Radare2"; + owner = "emile"; + }; r2wars-rs = { desc = "A rust implementation of radare2"; path = "/var/lib/git/repositories/r2wars-rs.git"; @@ -538,7 +544,7 @@ # exposing stuff gitDaemon = { - enable = false; + enable = true; user = "git"; group = "git"; diff --git a/nix/hosts/corrino/www/md.emile.space.nix b/nix/hosts/corrino/www/md.emile.space.nix index 7ad7a94..52b4a53 100644 --- a/nix/hosts/corrino/www/md.emile.space.nix +++ b/nix/hosts/corrino/www/md.emile.space.nix @@ -4,17 +4,9 @@ services.nginx.virtualHosts."md.emile.space" = { forceSSL = true; enableACME = true; - - # TODO(emile): figure out why this doesn't work when enabled, has to do with authelia - # extraConfig = authelia-location; - locations = { "/" = { - # proxyPass = "http://127.0.0.1:3003"; proxyPass = "http://127.0.0.1:${toString config.services.hedgedoc.settings.port}"; - - # TODO(emile): figure out why this doesn't work when enabled, has to do with authelia - # extraConfig = authelia-authrequest; }; }; }; diff --git a/nix/hosts/corrino/www/photo.emile.space.nix b/nix/hosts/corrino/www/photo.emile.space.nix deleted file mode 100644 index 9c1e97a..0000000 --- a/nix/hosts/corrino/www/photo.emile.space.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, ... }: - -{ - services.nginx.virtualHosts."photo.emile.space" = { - forceSSL = true; - enableACME = true; - - locations = { - "/" = { - proxyPass = "http://127.0.0.1:${toString config.services.photoprism.port}"; - proxyWebsockets = true; - }; - }; - }; - - services.photoprism = { - enable = true; - - address = "127.0.0.1"; - port = config.emile.ports.photo; - - passwordFile = config.age.secrets.photoprism_password.path; - - # originalsPath = "/data/photos"; - originalsPath = "/mnt/storagebox-bx11/photos"; - - settings = { - PHOTOPRISM_ADMIN_USER = "root"; - PHOTOPRISM_DEFAULT_LOCALE = "en"; - PHOTOPRISM_SITE_URL = "https://photo.emile.space"; - }; - }; -} diff --git a/nix/hosts/corrino/www/photo/default.nix b/nix/hosts/corrino/www/photo/default.nix new file mode 100644 index 0000000..dd555e4 --- /dev/null +++ b/nix/hosts/corrino/www/photo/default.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + imports = [ + ./photoprism.nix + # ./immich.nix + ]; +} diff --git a/nix/hosts/corrino/www/photo/photoprism.nix b/nix/hosts/corrino/www/photo/photoprism.nix new file mode 100644 index 0000000..c1cbbf8 --- /dev/null +++ b/nix/hosts/corrino/www/photo/photoprism.nix @@ -0,0 +1,33 @@ +{ config, ... }: + +{ + services.nginx.virtualHosts."photo.emile.space" = { + forceSSL = true; + enableACME = true; + + locations = { + "/" = { + proxyPass = "http://127.0.0.1:${toString config.services.photoprism.port}"; + proxyWebsockets = true; + }; + }; + }; + + services.photoprism = { + enable = true; + + address = "127.0.0.1"; + port = config.emile.ports.photo.photoprism; + + passwordFile = config.age.secrets.photoprism_password.path; + + # originalsPath = "/data/photos"; + originalsPath = "/mnt/storagebox-bx11/photos"; + + settings = { + PHOTOPRISM_ADMIN_USER = "root"; + PHOTOPRISM_DEFAULT_LOCALE = "en"; + PHOTOPRISM_SITE_URL = "https://photo.emile.space"; + }; + }; +} diff --git a/nix/hosts/corrino/www/r2wa.rs.nix b/nix/hosts/corrino/www/r2wa.rs.nix index f7a0a7e..7da11e1 100644 --- a/nix/hosts/corrino/www/r2wa.rs.nix +++ b/nix/hosts/corrino/www/r2wa.rs.nix @@ -1,16 +1,37 @@ -{ ... }: +{ config, pkgs, ... }: { services.nginx.virtualHosts."r2wa.rs" = { forceSSL = true; enableACME = true; - # kTLS = true; - locations = { "/" = { - return = "301 http://emile.space/blog/2020/r2wars/"; + proxyPass = "http://127.0.0.1:${toString config.emile.ports.r2wars-web}"; }; }; }; + + environment.systemPackages = with pkgs; [ radare2 ]; + + # deploy: + # - push code + # - build in order to get the new hash (nix build .#r2war-sweb) + # - update hash in the package (//nix/pkgs/r2wars-web/default.nix) + # - deploy + + services.emile.r2wars-web = { + enable = true; + + host = "127.0.0.1"; + port = config.emile.ports.r2wars-web; + + # TODO(emile): change these when going live + sessionKey = "insecuretmpkey"; + salt = "insecuresalt"; + + logfilePath = "/var/lib/r2wars/r2wars.log"; + databasePath = "/var/lib/r2wars/main.db"; + sessiondbPath = "/var/lib/r2wars/session.db"; + }; } diff --git a/nix/hosts/corrino/www/social.emile.space.nix b/nix/hosts/corrino/www/social.emile.space.nix index 62e1933..9f9a6f1 100644 --- a/nix/hosts/corrino/www/social.emile.space.nix +++ b/nix/hosts/corrino/www/social.emile.space.nix @@ -91,4 +91,11 @@ }; environmentFile = config.age.secrets.gotosocial_environment_file.path; }; + + systemd.services.gotosocial = { + after = [ "authelia-main.service" ]; + serviceConfig = { + Restart = "on-failure"; + }; + }; } diff --git a/nix/hosts/corrino/www/sso.emile.space.nix b/nix/hosts/corrino/www/sso.emile.space.nix index 0f77197..27988fa 100644 --- a/nix/hosts/corrino/www/sso.emile.space.nix +++ b/nix/hosts/corrino/www/sso.emile.space.nix @@ -192,7 +192,7 @@ in { }; totp = { - disable = false; + disable = true; issuer = "sso.emile.space"; algorithm = "sha1"; digits = 6; -- cgit 1.4.1