chore(sterni/machines): move http services from edwin to ingeborg

* Make sterni.lv declarative
* Disable gopher server
* Disable likely-music.sterni.lv for now
* Don't give systemd too much leeway with scheduling git syncs

Change-Id: Ie8507d96f2df76ad8e393b2181ed7378c37829d0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10480
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
This commit is contained in:
sterni 2023-12-31 00:19:22 +01:00 committed by clbot
parent 12f9b95a2c
commit 06db871bd7
10 changed files with 46 additions and 22 deletions

View file

@ -11,11 +11,6 @@
./network.nix
# These modules configure services, websites etc.
(depot.path.origSrc + "/ops/modules/btrfs-auto-scrub.nix")
./gopher.nix
./http/sterni.lv.nix
./http/code.sterni.lv.nix
./http/flipdot.openlab-augsburg.de.nix
./http/likely-music.sterni.lv.nix
];
config = {

View file

@ -1,16 +0,0 @@
{ ... }:
{
imports = [
./nginx.nix
];
config = {
services.nginx.virtualHosts."sterni.lv" = {
enableACME = true;
forceSSL = true;
# TODO(sterni): take website from store, replace /tmp with a simple LRU thing
root = toString /srv/http;
};
};
}

View file

@ -13,6 +13,16 @@
(depot.path.origSrc + "/ops/modules/btrfs-auto-scrub.nix")
./monitoring.nix
./minecraft.nix
./http/sterni.lv.nix
./http/code.sterni.lv.nix
./http/flipdot.openlab-augsburg.de.nix
# Inactive:
# ./http/likely-music.sterni.lv.nix
# ./gopher.nix
# TODO(sterni): fail2ban
# TODO(sterni): automatic backups for full recovery
];
config = {

View file

@ -212,7 +212,6 @@ in
timerConfig = {
# Fire every 6h and distribute the workload over next 6h randomly
OnCalendar = "*-*-* 00/6:00:00";
AccuracySec = "6h";
RandomizedDelaySec = "6h";
Persistent = true;
};

View file

@ -24,5 +24,7 @@
charset utf-8;
'';
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
};
}

View file

@ -0,0 +1,34 @@
{ pkgs, depot, ... }:
let
inherit (depot.users.sterni.nix.html)
__findFile
withDoctype
;
in
{
imports = [
./nginx.nix
];
config = {
services.nginx.virtualHosts."sterni.lv" = {
enableACME = true;
forceSSL = true;
root = pkgs.writeTextFile {
name = "sterni.lv-http-root";
destination = "/index.html";
text = withDoctype (<html> { } [
(<head> { } [
(<meta> { charset = "utf-8"; } null)
(<title> { } "no thoughts")
])
(<body> { } "🦩")
]);
};
# TODO(sterni): tmp.sterni.lv
locations."/tmp/".root = toString /srv/http;
};
};
}