hosts/sshlog: init

flake.lock

@@ -641,6 +641,7 @@
         "secrets": "secrets",
         "sops-nix": "sops-nix",
         "spacemsg": "spacemsg",
+        "sshlogd": "sshlogd",
         "syndicate": "syndicate",
         "ticker": "ticker",
         "tigger": "tigger",
@@ -764,6 +765,36 @@
         "type": "github"
       }
     },
+    "sshlogd": {
+      "inputs": {
+        "fenix": [
+          "fenix"
+        ],
+        "naersk": [
+          "naersk"
+        ],
+        "nixpkgs": [
+          "nixos"
+        ],
+        "utils": [
+          "flake-utils"
+        ]
+      },
+      "locked": {
+        "lastModified": 1663624400,
+        "narHash": "sha256-iMVZuAmkCuyOytI2M/+jsvJICGRROPbHFyVdC+2G/C8=",
+        "ref": "main",
+        "rev": "84039de0fa99075075371796dd681de38abbad50",
+        "revCount": 7,
+        "type": "git",
+        "url": "https://gitea.c3d2.de/astro/sshlogd.git"
+      },
+      "original": {
+        "ref": "main",
+        "type": "git",
+        "url": "https://gitea.c3d2.de/astro/sshlogd.git"
+      }
+    },
     "syndicate": {
       "inputs": {
         "nixpkgs": [

flake.nix

@@ -96,6 +96,15 @@
       url = "git+https://gitea.c3d2.de/astro/scrapers.git";
       flake = false;
     };
+    sshlogd = {
+      url = "git+https://gitea.c3d2.de/astro/sshlogd.git?ref=main";
+      inputs = {
+        utils.follows = "flake-utils";
+        naersk.follows = "naersk";
+        nixpkgs.follows = "nixos";
+        fenix.follows = "fenix";
+      };
+    };
     secrets = {
       url = "git+ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git";
       inputs = {
@@ -157,7 +166,7 @@
     };
   };
 
-  outputs = inputs@{ self, eris, fenix, heliwatch, microvm, naersk, nixos, nixos-hardware, nixos-unstable, oparl-scraper, riscv64, scrapers, secrets, sops-nix, spacemsg, syndicate, ticker, tigger, yammat, zentralwerk, ... }:
+  outputs = inputs@{ self, eris, fenix, heliwatch, microvm, naersk, nixos, nixos-hardware, nixos-unstable, oparl-scraper, riscv64, scrapers, secrets, sshlogd, sops-nix, spacemsg, syndicate, ticker, tigger, yammat, zentralwerk, ... }:
     let
       inherit (nixos) lib;
       forAllSystems = lib.genAttrs [ "aarch64-linux" "x86_64-linux" ];
@@ -880,6 +889,14 @@
             ./hosts/zengel
           ];
         };
+
+        sshlog = nixosSystem' {
+          modules = [
+            self.nixosModules.microvm
+            sshlogd.nixosModule
+            ./hosts/sshlog
+          ];
+        };
       };
 
       nixosModule = self.nixosModules.c3d2;

hosts/sshlog/default.nix

@@ -0,0 +1,54 @@
+{ config, lib, pkgs, ... }:
+{
+  c3d2 = {
+    isInHq = false;
+    hq.statistics.enable = true;
+    deployment = {
+      server = "server9";
+      mounts = [ "etc" "home" "var" ];
+      mountBase = "/tank/storage/${config.networking.hostName}";
+    };
+  };
+
+  networking = {
+    hostName = "sshlog";
+    firewall.allowedTCPPorts = [
+      22
+      80 443
+    ];
+  };
+  
+  services.sshlogd.enable = true;
+  services.openssh.enable = lib.mkForce false;
+
+  services.nginx = {
+    enable = true;
+    recommendedOptimisation = true;
+    recommendedTlsSettings = true;
+    recommendedGzipSettings = true;
+    additionalModules = [ pkgs.nginxModules.fancyindex ];
+    virtualHosts."${config.networking.hostName}.flpk.zentralwerk.org" = {
+      default = true;
+      forceSSL = true;
+      enableACME = true;
+
+      locations."/.theme/" = {
+        alias = pkgs.fetchFromGitHub {
+          owner = "barrowclift";
+          repo = "directory-theme";
+          rev = "fca275a3ab1d64e8cdbff7e4d2e1d44eec924e2e";
+          sha256 = "sha256-UCQbQ+tyzR/Dpa0t2cogjzBJE+IJ9KAD2dtmq3gbq/U=";
+        };
+      };
+
+      locations."/" = {
+        root = config.services.sshlogd.outputDir;
+        extraConfig = ''
+          fancyindex on;
+          fancyindex_exact_size off;
+          fancyindex_css_href /.theme/style.css;
+        '';
+      };
+    };
+  };
+}