diff --git a/flake.lock b/flake.lock index 39a8969a..62f51dfb 100644 --- a/flake.lock +++ b/flake.lock @@ -641,6 +641,7 @@ "secrets": "secrets", "sops-nix": "sops-nix", "spacemsg": "spacemsg", + "sshlogd": "sshlogd", "syndicate": "syndicate", "ticker": "ticker", "tigger": "tigger", @@ -764,6 +765,36 @@ "type": "github" } }, + "sshlogd": { + "inputs": { + "fenix": [ + "fenix" + ], + "naersk": [ + "naersk" + ], + "nixpkgs": [ + "nixos" + ], + "utils": [ + "flake-utils" + ] + }, + "locked": { + "lastModified": 1663624400, + "narHash": "sha256-iMVZuAmkCuyOytI2M/+jsvJICGRROPbHFyVdC+2G/C8=", + "ref": "main", + "rev": "84039de0fa99075075371796dd681de38abbad50", + "revCount": 7, + "type": "git", + "url": "https://gitea.c3d2.de/astro/sshlogd.git" + }, + "original": { + "ref": "main", + "type": "git", + "url": "https://gitea.c3d2.de/astro/sshlogd.git" + } + }, "syndicate": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 6a09bbeb..3e4c3d07 100644 --- a/flake.nix +++ b/flake.nix @@ -96,6 +96,15 @@ url = "git+https://gitea.c3d2.de/astro/scrapers.git"; flake = false; }; + sshlogd = { + url = "git+https://gitea.c3d2.de/astro/sshlogd.git?ref=main"; + inputs = { + utils.follows = "flake-utils"; + naersk.follows = "naersk"; + nixpkgs.follows = "nixos"; + fenix.follows = "fenix"; + }; + }; secrets = { url = "git+ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git"; inputs = { @@ -157,7 +166,7 @@ }; }; - outputs = inputs@{ self, eris, fenix, heliwatch, microvm, naersk, nixos, nixos-hardware, nixos-unstable, oparl-scraper, riscv64, scrapers, secrets, sops-nix, spacemsg, syndicate, ticker, tigger, yammat, zentralwerk, ... }: + outputs = inputs@{ self, eris, fenix, heliwatch, microvm, naersk, nixos, nixos-hardware, nixos-unstable, oparl-scraper, riscv64, scrapers, secrets, sshlogd, sops-nix, spacemsg, syndicate, ticker, tigger, yammat, zentralwerk, ... }: let inherit (nixos) lib; forAllSystems = lib.genAttrs [ "aarch64-linux" "x86_64-linux" ]; @@ -880,6 +889,14 @@ ./hosts/zengel ]; }; + + sshlog = nixosSystem' { + modules = [ + self.nixosModules.microvm + sshlogd.nixosModule + ./hosts/sshlog + ]; + }; }; nixosModule = self.nixosModules.c3d2; diff --git a/hosts/sshlog/default.nix b/hosts/sshlog/default.nix new file mode 100644 index 00000000..92c74c64 --- /dev/null +++ b/hosts/sshlog/default.nix @@ -0,0 +1,54 @@ +{ config, lib, pkgs, ... }: +{ + c3d2 = { + isInHq = false; + hq.statistics.enable = true; + deployment = { + server = "server9"; + mounts = [ "etc" "home" "var" ]; + mountBase = "/tank/storage/${config.networking.hostName}"; + }; + }; + + networking = { + hostName = "sshlog"; + firewall.allowedTCPPorts = [ + 22 + 80 443 + ]; + }; + + services.sshlogd.enable = true; + services.openssh.enable = lib.mkForce false; + + services.nginx = { + enable = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + additionalModules = [ pkgs.nginxModules.fancyindex ]; + virtualHosts."${config.networking.hostName}.flpk.zentralwerk.org" = { + default = true; + forceSSL = true; + enableACME = true; + + locations."/.theme/" = { + alias = pkgs.fetchFromGitHub { + owner = "barrowclift"; + repo = "directory-theme"; + rev = "fca275a3ab1d64e8cdbff7e4d2e1d44eec924e2e"; + sha256 = "sha256-UCQbQ+tyzR/Dpa0t2cogjzBJE+IJ9KAD2dtmq3gbq/U="; + }; + }; + + locations."/" = { + root = config.services.sshlogd.outputDir; + extraConfig = '' + fancyindex on; + fancyindex_exact_size off; + fancyindex_css_href /.theme/style.css; + ''; + }; + }; + }; +}