c3d2-web: cleanup
This commit is contained in:
parent
1c1131f86a
commit
000007c9e4
|
@ -1,12 +1,11 @@
|
||||||
{ config, hostRegistry, lib, pkgs, ... }:
|
{ config, hostRegistry, lib, pkgs, ... }:
|
||||||
let
|
|
||||||
webroot = "/var/www";
|
|
||||||
in
|
|
||||||
{
|
{
|
||||||
microvm = {
|
microvm = {
|
||||||
vcpu = 4;
|
vcpu = 4;
|
||||||
mem = 2 * 1024; # drone-ssh-runner clones the git repo which requires some RAM
|
mem = 2 * 1024; # drone-ssh-runner clones the git repo which requires some RAM
|
||||||
};
|
};
|
||||||
|
|
||||||
c3d2.deployment = {
|
c3d2.deployment = {
|
||||||
# /tmp is to small for drone to clone the repo even with depth
|
# /tmp is to small for drone to clone the repo even with depth
|
||||||
mounts = lib.mkOptionDefault [ "tmp" ];
|
mounts = lib.mkOptionDefault [ "tmp" ];
|
||||||
|
@ -15,13 +14,15 @@ in
|
||||||
|
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
|
|
||||||
networking.hostName = "c3d2-web";
|
networking = {
|
||||||
networking.firewall.allowedTCPPorts = [
|
hostName = "c3d2-web";
|
||||||
# telme10
|
firewall.allowedTCPPorts = [
|
||||||
23
|
# telme10
|
||||||
# gemini
|
23
|
||||||
1965
|
# gemini
|
||||||
];
|
1965
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
security.acme.certs = {
|
security.acme.certs = {
|
||||||
# agate cannot load modern crypto like "ec256" keys
|
# agate cannot load modern crypto like "ec256" keys
|
||||||
|
@ -42,7 +43,7 @@ in
|
||||||
];
|
];
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
root = "${webroot}/c3d2";
|
root = "/var/www/c3d2";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
index portal.html index.html;
|
index portal.html index.html;
|
||||||
'';
|
'';
|
||||||
|
@ -87,7 +88,7 @@ in
|
||||||
];
|
];
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
root = "${webroot}/c3d2/datenspuren";
|
root = "/var/www/c3d2/datenspuren";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
index index.html;
|
index index.html;
|
||||||
rewrite ^/$ /2023/ redirect;
|
rewrite ^/$ /2023/ redirect;
|
||||||
|
@ -99,7 +100,7 @@ in
|
||||||
"autotopia.c3d2.de" = {
|
"autotopia.c3d2.de" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
root = "${webroot}/c3d2/autotopia";
|
root = "/var/www/c3d2/autotopia";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
index index.html;
|
index index.html;
|
||||||
rewrite ^/$ /2020/ redirect;
|
rewrite ^/$ /2020/ redirect;
|
||||||
|
@ -118,6 +119,7 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Gemini server
|
# Gemini server
|
||||||
services.agate = {
|
services.agate = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -218,7 +220,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.tmpfiles.rules = with config.users.users.c3d2-web; [
|
systemd.tmpfiles.rules = with config.users.users.c3d2-web; [
|
||||||
"d ${webroot}/c3d2 0755 c3d2-web ${group} -"
|
"d /var/www/c3d2 0755 c3d2-web ${group} -"
|
||||||
"d ${config.services.agate.contentDir} 0755 c3d2-web ${group} -"
|
"d ${config.services.agate.contentDir} 0755 c3d2-web ${group} -"
|
||||||
"d ${home} 0700 c3d2-web ${group} -"
|
"d ${home} 0700 c3d2-web ${group} -"
|
||||||
];
|
];
|
||||||
|
|
Loading…
Reference in New Issue