summaryrefslogtreecommitdiffstats
path: root/makefu
diff options
context:
space:
mode:
Diffstat (limited to 'makefu')
-rw-r--r--makefu/2configs/bgt/auphonic.pub1
-rw-r--r--makefu/2configs/bgt/download.binaergewitter.de.nix (renamed from makefu/2configs/nginx/download.binaergewitter.de.nix)23
-rw-r--r--makefu/2configs/bgt/hidden_service.nix (renamed from makefu/2configs/deployment/bgt/hidden_service.nix)0
3 files changed, 19 insertions, 5 deletions
diff --git a/makefu/2configs/bgt/auphonic.pub b/makefu/2configs/bgt/auphonic.pub
new file mode 100644
index 000000000..37b8e0599
--- /dev/null
+++ b/makefu/2configs/bgt/auphonic.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDvP50lgtHhlC3LKzC1/4yzJNxkZFDSIBvEfavNfchNKJUEBPo82oVtfFgJR5XfjI7c2U9dHl+0q4qMl+9ZiZWr2YgDpAr78kpur4gjWKrnBa2eT9GIfXB3Tm1+OpI2HoeOHUKEK1gKqqe9tJfS+CLb7DLCjulW8zdLiiH6KmvyaH78hGjZv+bpx7H4rItAinl8vGe+ceRIk4tZbmkyhphXbQZa3Ov+imiJXIr7fmX3tkOhUp4YwrVlUK8J0MEa1Kf7ZYWRqvGnKYFQ73LwLPz7UIOZ93zPF4d0R7xqvdEEhIx+u1/gToQZSMUczbVqg3dixr3yeBhFA/6h0lTA61mx
diff --git a/makefu/2configs/nginx/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix
index 6b5687e72..6d64848f5 100644
--- a/makefu/2configs/nginx/download.binaergewitter.de.nix
+++ b/makefu/2configs/bgt/download.binaergewitter.de.nix
@@ -1,12 +1,25 @@
{ config, lib, pkgs, ... }:
+with import <stockholm/lib>;
let
- ident = (toString <secrets>) + "/mirrorsync.gum.id_ed25519";
+ ident = (builtins.readFile ./auphonic.pub);
in {
- systemd.services.mirrorsync = {
- startAt = "08:00:00";
- path = with pkgs; [ rsync openssh ];
- script = ''rsync -av -e "ssh -i ${ident}" mirrorsync@159.69.132.234:/var/www/html/ /var/www/binaergewitter'';
+ services.openssh = {
+ allowSFTP = true;
+ sftpFlags = [ "-l VERBOSE" ];
+ extraConfig = ''
+ Match User auphonic
+ ForceCommand internal-sftp
+ AllowTcpForwarding no
+ X11Forwarding no
+ PasswordAuthentication no
+ '';
+ };
+ users.users.auphonic = {
+ uid = genid "auphonic";
+ group = "nginx";
+ useDefaultShell = true;
+ openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ];
};
services.nginx = {
enable = lib.mkDefault true;
diff --git a/makefu/2configs/deployment/bgt/hidden_service.nix b/makefu/2configs/bgt/hidden_service.nix
index c1a31b8dc..c1a31b8dc 100644
--- a/makefu/2configs/deployment/bgt/hidden_service.nix
+++ b/makefu/2configs/bgt/hidden_service.nix