forked from c3d2/nix-config
hosts/sshlog: init
This commit is contained in:
parent
e2b01afea9
commit
8a4db81345
31
flake.lock
31
flake.lock
|
@ -641,6 +641,7 @@
|
|||
"secrets": "secrets",
|
||||
"sops-nix": "sops-nix",
|
||||
"spacemsg": "spacemsg",
|
||||
"sshlogd": "sshlogd",
|
||||
"syndicate": "syndicate",
|
||||
"ticker": "ticker",
|
||||
"tigger": "tigger",
|
||||
|
@ -764,6 +765,36 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"sshlogd": {
|
||||
"inputs": {
|
||||
"fenix": [
|
||||
"fenix"
|
||||
],
|
||||
"naersk": [
|
||||
"naersk"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nixos"
|
||||
],
|
||||
"utils": [
|
||||
"flake-utils"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1663624400,
|
||||
"narHash": "sha256-iMVZuAmkCuyOytI2M/+jsvJICGRROPbHFyVdC+2G/C8=",
|
||||
"ref": "main",
|
||||
"rev": "84039de0fa99075075371796dd681de38abbad50",
|
||||
"revCount": 7,
|
||||
"type": "git",
|
||||
"url": "https://gitea.c3d2.de/astro/sshlogd.git"
|
||||
},
|
||||
"original": {
|
||||
"ref": "main",
|
||||
"type": "git",
|
||||
"url": "https://gitea.c3d2.de/astro/sshlogd.git"
|
||||
}
|
||||
},
|
||||
"syndicate": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
|
19
flake.nix
19
flake.nix
|
@ -96,6 +96,15 @@
|
|||
url = "git+https://gitea.c3d2.de/astro/scrapers.git";
|
||||
flake = false;
|
||||
};
|
||||
sshlogd = {
|
||||
url = "git+https://gitea.c3d2.de/astro/sshlogd.git?ref=main";
|
||||
inputs = {
|
||||
utils.follows = "flake-utils";
|
||||
naersk.follows = "naersk";
|
||||
nixpkgs.follows = "nixos";
|
||||
fenix.follows = "fenix";
|
||||
};
|
||||
};
|
||||
secrets = {
|
||||
url = "git+ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git";
|
||||
inputs = {
|
||||
|
@ -157,7 +166,7 @@
|
|||
};
|
||||
};
|
||||
|
||||
outputs = inputs@{ self, eris, fenix, heliwatch, microvm, naersk, nixos, nixos-hardware, nixos-unstable, oparl-scraper, riscv64, scrapers, secrets, sops-nix, spacemsg, syndicate, ticker, tigger, yammat, zentralwerk, ... }:
|
||||
outputs = inputs@{ self, eris, fenix, heliwatch, microvm, naersk, nixos, nixos-hardware, nixos-unstable, oparl-scraper, riscv64, scrapers, secrets, sshlogd, sops-nix, spacemsg, syndicate, ticker, tigger, yammat, zentralwerk, ... }:
|
||||
let
|
||||
inherit (nixos) lib;
|
||||
forAllSystems = lib.genAttrs [ "aarch64-linux" "x86_64-linux" ];
|
||||
|
@ -880,6 +889,14 @@
|
|||
./hosts/zengel
|
||||
];
|
||||
};
|
||||
|
||||
sshlog = nixosSystem' {
|
||||
modules = [
|
||||
self.nixosModules.microvm
|
||||
sshlogd.nixosModule
|
||||
./hosts/sshlog
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
nixosModule = self.nixosModules.c3d2;
|
||||
|
|
|
@ -0,0 +1,54 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
c3d2 = {
|
||||
isInHq = false;
|
||||
hq.statistics.enable = true;
|
||||
deployment = {
|
||||
server = "server9";
|
||||
mounts = [ "etc" "home" "var" ];
|
||||
mountBase = "/tank/storage/${config.networking.hostName}";
|
||||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
hostName = "sshlog";
|
||||
firewall.allowedTCPPorts = [
|
||||
22
|
||||
80 443
|
||||
];
|
||||
};
|
||||
|
||||
services.sshlogd.enable = true;
|
||||
services.openssh.enable = lib.mkForce false;
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedTlsSettings = true;
|
||||
recommendedGzipSettings = true;
|
||||
additionalModules = [ pkgs.nginxModules.fancyindex ];
|
||||
virtualHosts."${config.networking.hostName}.flpk.zentralwerk.org" = {
|
||||
default = true;
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
|
||||
locations."/.theme/" = {
|
||||
alias = pkgs.fetchFromGitHub {
|
||||
owner = "barrowclift";
|
||||
repo = "directory-theme";
|
||||
rev = "fca275a3ab1d64e8cdbff7e4d2e1d44eec924e2e";
|
||||
sha256 = "sha256-UCQbQ+tyzR/Dpa0t2cogjzBJE+IJ9KAD2dtmq3gbq/U=";
|
||||
};
|
||||
};
|
||||
|
||||
locations."/" = {
|
||||
root = config.services.sshlogd.outputDir;
|
||||
extraConfig = ''
|
||||
fancyindex on;
|
||||
fancyindex_exact_size off;
|
||||
fancyindex_css_href /.theme/style.css;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue