From 26c897d72ce24a300b871a737c74742f35221006 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 28 Nov 2018 17:00:39 +0100 Subject: ma bgt: init download.binaergewitter.de --- makefu/2configs/bgt/auphonic.pub | 1 + makefu/2configs/bgt/download.binaergewitter.de.nix | 38 +++++++++++++++++ makefu/2configs/bgt/hidden_service.nix | 48 ++++++++++++++++++++++ makefu/2configs/deployment/bgt/hidden_service.nix | 48 ---------------------- .../2configs/nginx/download.binaergewitter.de.nix | 25 ----------- 5 files changed, 87 insertions(+), 73 deletions(-) create mode 100644 makefu/2configs/bgt/auphonic.pub create mode 100644 makefu/2configs/bgt/download.binaergewitter.de.nix create mode 100644 makefu/2configs/bgt/hidden_service.nix delete mode 100644 makefu/2configs/deployment/bgt/hidden_service.nix delete mode 100644 makefu/2configs/nginx/download.binaergewitter.de.nix diff --git a/makefu/2configs/bgt/auphonic.pub b/makefu/2configs/bgt/auphonic.pub new file mode 100644 index 000000000..37b8e0599 --- /dev/null +++ b/makefu/2configs/bgt/auphonic.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDvP50lgtHhlC3LKzC1/4yzJNxkZFDSIBvEfavNfchNKJUEBPo82oVtfFgJR5XfjI7c2U9dHl+0q4qMl+9ZiZWr2YgDpAr78kpur4gjWKrnBa2eT9GIfXB3Tm1+OpI2HoeOHUKEK1gKqqe9tJfS+CLb7DLCjulW8zdLiiH6KmvyaH78hGjZv+bpx7H4rItAinl8vGe+ceRIk4tZbmkyhphXbQZa3Ov+imiJXIr7fmX3tkOhUp4YwrVlUK8J0MEa1Kf7ZYWRqvGnKYFQ73LwLPz7UIOZ93zPF4d0R7xqvdEEhIx+u1/gToQZSMUczbVqg3dixr3yeBhFA/6h0lTA61mx diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix new file mode 100644 index 000000000..6d64848f5 --- /dev/null +++ b/makefu/2configs/bgt/download.binaergewitter.de.nix @@ -0,0 +1,38 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + ident = (builtins.readFile ./auphonic.pub); +in { + services.openssh = { + allowSFTP = true; + sftpFlags = [ "-l VERBOSE" ]; + extraConfig = '' + Match User auphonic + ForceCommand internal-sftp + AllowTcpForwarding no + X11Forwarding no + PasswordAuthentication no + ''; + }; + users.users.auphonic = { + uid = genid "auphonic"; + group = "nginx"; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ]; + }; + services.nginx = { + enable = lib.mkDefault true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + virtualHosts."download.binaergewitter.de" = { + serverAliases = [ "dl2.binaergewitter.de" ]; + root = "/var/www/binaergewitter"; + extraConfig = '' + access_log /var/spool/nginx/logs/binaergewitter.access.log combined; + error_log /var/spool/nginx/logs/binaergewitter.error.log error; + autoindex on; + ''; + }; + }; +} diff --git a/makefu/2configs/bgt/hidden_service.nix b/makefu/2configs/bgt/hidden_service.nix new file mode 100644 index 000000000..c1a31b8dc --- /dev/null +++ b/makefu/2configs/bgt/hidden_service.nix @@ -0,0 +1,48 @@ +{ pkgs, lib, ... }: + +with lib; +let + name = "bgt_cyberwar_hidden_service"; + sec = (toString ) + "/"; + secdir = sec + name; + srvdir = "/var/lib/tor/onion/"; + basedir = srvdir + name; + hn = builtins.readFile (secdir + "/hostname"); +in +{ + systemd.services.prepare-hidden-service = { + wantedBy = [ "local-fs.target" ]; + before = [ "tor.service" ]; + serviceConfig = { + ExecStart = pkgs.writeScript "prepare-euer-blog-service" '' + #!/bin/sh + set -euf + if ! test -d "${basedir}" ;then + mkdir -p "${srvdir}" + cp -r "${secdir}" "${srvdir}" + chown -R tor:tor "${srvdir}" + chmod -R 700 "${basedir}" + else + echo "not overwriting ${basedir}" + fi + ''; + Type = "oneshot"; + RemainAfterExit = "yes"; + TimeoutSec = "0"; + }; + }; + services.nginx.virtualHosts."${hn}".locations."/" = { + proxyPass = "https://blog.binaergewitter.de"; + extraConfig = '' + proxy_set_header Host blog.binaergewitter.de; + proxy_ssl_server_name on; + ''; + }; + services.tor = { + enable = true; + hiddenServices."${name}".map = [ + { port = "80"; } + # { port = "443"; toHost = "blog.binaergewitter.de"; } + ]; + }; +} diff --git a/makefu/2configs/deployment/bgt/hidden_service.nix b/makefu/2configs/deployment/bgt/hidden_service.nix deleted file mode 100644 index c1a31b8dc..000000000 --- a/makefu/2configs/deployment/bgt/hidden_service.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ pkgs, lib, ... }: - -with lib; -let - name = "bgt_cyberwar_hidden_service"; - sec = (toString ) + "/"; - secdir = sec + name; - srvdir = "/var/lib/tor/onion/"; - basedir = srvdir + name; - hn = builtins.readFile (secdir + "/hostname"); -in -{ - systemd.services.prepare-hidden-service = { - wantedBy = [ "local-fs.target" ]; - before = [ "tor.service" ]; - serviceConfig = { - ExecStart = pkgs.writeScript "prepare-euer-blog-service" '' - #!/bin/sh - set -euf - if ! test -d "${basedir}" ;then - mkdir -p "${srvdir}" - cp -r "${secdir}" "${srvdir}" - chown -R tor:tor "${srvdir}" - chmod -R 700 "${basedir}" - else - echo "not overwriting ${basedir}" - fi - ''; - Type = "oneshot"; - RemainAfterExit = "yes"; - TimeoutSec = "0"; - }; - }; - services.nginx.virtualHosts."${hn}".locations."/" = { - proxyPass = "https://blog.binaergewitter.de"; - extraConfig = '' - proxy_set_header Host blog.binaergewitter.de; - proxy_ssl_server_name on; - ''; - }; - services.tor = { - enable = true; - hiddenServices."${name}".map = [ - { port = "80"; } - # { port = "443"; toHost = "blog.binaergewitter.de"; } - ]; - }; -} diff --git a/makefu/2configs/nginx/download.binaergewitter.de.nix b/makefu/2configs/nginx/download.binaergewitter.de.nix deleted file mode 100644 index 6b5687e72..000000000 --- a/makefu/2configs/nginx/download.binaergewitter.de.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - ident = (toString ) + "/mirrorsync.gum.id_ed25519"; -in { - systemd.services.mirrorsync = { - startAt = "08:00:00"; - path = with pkgs; [ rsync openssh ]; - script = ''rsync -av -e "ssh -i ${ident}" mirrorsync@159.69.132.234:/var/www/html/ /var/www/binaergewitter''; - }; - services.nginx = { - enable = lib.mkDefault true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - virtualHosts."download.binaergewitter.de" = { - serverAliases = [ "dl2.binaergewitter.de" ]; - root = "/var/www/binaergewitter"; - extraConfig = '' - access_log /var/spool/nginx/logs/binaergewitter.access.log combined; - error_log /var/spool/nginx/logs/binaergewitter.error.log error; - autoindex on; - ''; - }; - }; -} -- cgit v1.2.3