From 060a8f28fa1fc648bdf66afb31a5d1efac868837 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 28 Jul 2023 22:24:15 +0200 Subject: makefu: move out to own repo, add vacation-note --- makefu/2configs/bgt/auphonic.pub | 1 - makefu/2configs/bgt/backup.nix | 21 ------ makefu/2configs/bgt/download.binaergewitter.de.nix | 86 ---------------------- makefu/2configs/bgt/etherpad.euer.krebsco.de.nix | 66 ----------------- makefu/2configs/bgt/hidden_service.nix | 48 ------------ makefu/2configs/bgt/social-to-irc.nix | 37 ---------- makefu/2configs/bgt/template.md | 43 ----------- 7 files changed, 302 deletions(-) delete mode 100644 makefu/2configs/bgt/auphonic.pub delete mode 100644 makefu/2configs/bgt/backup.nix delete mode 100644 makefu/2configs/bgt/download.binaergewitter.de.nix delete mode 100644 makefu/2configs/bgt/etherpad.euer.krebsco.de.nix delete mode 100644 makefu/2configs/bgt/hidden_service.nix delete mode 100644 makefu/2configs/bgt/social-to-irc.nix delete mode 100644 makefu/2configs/bgt/template.md (limited to 'makefu/2configs/bgt') diff --git a/makefu/2configs/bgt/auphonic.pub b/makefu/2configs/bgt/auphonic.pub deleted file mode 100644 index 37b8e0599..000000000 --- a/makefu/2configs/bgt/auphonic.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDvP50lgtHhlC3LKzC1/4yzJNxkZFDSIBvEfavNfchNKJUEBPo82oVtfFgJR5XfjI7c2U9dHl+0q4qMl+9ZiZWr2YgDpAr78kpur4gjWKrnBa2eT9GIfXB3Tm1+OpI2HoeOHUKEK1gKqqe9tJfS+CLb7DLCjulW8zdLiiH6KmvyaH78hGjZv+bpx7H4rItAinl8vGe+ceRIk4tZbmkyhphXbQZa3Ov+imiJXIr7fmX3tkOhUp4YwrVlUK8J0MEa1Kf7ZYWRqvGnKYFQ73LwLPz7UIOZ93zPF4d0R7xqvdEEhIx+u1/gToQZSMUczbVqg3dixr3yeBhFA/6h0lTA61mx diff --git a/makefu/2configs/bgt/backup.nix b/makefu/2configs/bgt/backup.nix deleted file mode 100644 index dc3260266..000000000 --- a/makefu/2configs/bgt/backup.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - # Manual steps: - # 1. ssh-copy-id root ssh-key to the remotes you want to back up - # 2. run `rsnapshot hourly` manually as root to check if everything works - - services.rsnapshot = { - enable = true; - cronIntervals = { - daily = "50 21 * * *"; - hourly = "0 */4 * * *"; - }; - extraConfig = '' -retain hourly 5 -retain daily 365 -snapshot_root /var/backup/bgt -backup root@binaergewitter.jit.computer:/opt/isso jit -backup root@binaergewitter.jit.computer:/etc/systemd/system/isso.service jit -backup root@binaergewitter.jit.computer:/etc/nginx/conf.d/isso.conf jit - ''; - }; -} diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix deleted file mode 100644 index 31da31a71..000000000 --- a/makefu/2configs/bgt/download.binaergewitter.de.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -let - ident = (builtins.readFile ./auphonic.pub); - bgtaccess = "/var/spool/nginx/logs/binaergewitter.access.log"; - bgterror = "/var/spool/nginx/logs/binaergewitter.error.log"; - - # TODO: only when the data is stored somewhere else - wwwdir = "/var/www/binaergewitter"; - storedir = "/media/cloud/www/binaergewitter"; -in { - fileSystems."${wwwdir}" = { - device = storedir; - options = [ "bind" ]; - }; - - services.openssh = { - allowSFTP = true; - sftpFlags = [ "-l VERBOSE" ]; - extraConfig = '' - HostkeyAlgorithms +ssh-rsa - - Match User auphonic - ForceCommand internal-sftp - AllowTcpForwarding no - X11Forwarding no - PasswordAuthentication no - PubkeyAcceptedAlgorithms +ssh-rsa - - ''; - }; - - users.users.auphonic = { - uid = genid "auphonic"; - group = "nginx"; - # for storedir - extraGroups = [ "download" ]; - useDefaultShell = true; - isSystemUser = true; - openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ]; - }; - - services.logrotate = { - enable = true; - settings.bgt = { - files = [ bgtaccess bgterror ]; - rotate = 5; - frequency = "weekly"; - create = "600 nginx nginx"; - postrotate = "${pkgs.systemd}/bin/systemctl reload nginx"; - }; - }; - - # 20.09 unharden nginx to write logs - systemd.services.nginx.serviceConfig.ReadWritePaths = [ - "/var/spool/nginx/logs/" - ]; - security.acme.certs."download.binaergewitter.de" = { - dnsProvider = "cloudflare"; - credentialsFile = toString ; - webroot = lib.mkForce null; - }; - - services.nginx = { - appendHttpConfig = '' - types { - audio/ogg oga ogg opus; - } - ''; - enable = lib.mkDefault true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - virtualHosts."download.binaergewitter.de" = { - addSSL = true; - enableACME = true; - serverAliases = [ "dl2.binaergewitter.de" ]; - root = "/var/www/binaergewitter"; - extraConfig = '' - access_log ${bgtaccess} combined; - error_log ${bgterror} error; - autoindex on; - ''; - }; - }; -} diff --git a/makefu/2configs/bgt/etherpad.euer.krebsco.de.nix b/makefu/2configs/bgt/etherpad.euer.krebsco.de.nix deleted file mode 100644 index ff180e307..000000000 --- a/makefu/2configs/bgt/etherpad.euer.krebsco.de.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ lib, ... }: -let - port = 19201; -in { - #services.nginx.virtualHosts."euer.krebsco.de".serverAliases = [ "etherpad.euer.krebsco.de" ]; - services.nginx.virtualHosts."etherpad.euer.krebsco.de" = { - # useACMEHost = "euer.krebsco.de"; - extraConfig = '' - ssl_session_timeout 30m; - ''; - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://127.0.0.1:${toString port}"; - # from https://github.com/ether/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy - locations."/".extraConfig = '' - - proxy_buffering off; # be careful, this line doesn't override any proxy_buffering on set in a conf.d/file.conf - proxy_set_header Host $host; - proxy_pass_header Server; - - # Note you might want to pass these headers etc too. - proxy_set_header X-Real-IP $remote_addr; # https://nginx.org/en/docs/http/ngx_http_proxy_module.html - proxy_set_header X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP - proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used - proxy_http_version 1.1; # recommended with keepalive connections - - # WebSocket proxying - from https://nginx.org/en/docs/http/websocket.html - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 1799s; - ''; - }; - state = [ "/var/lib/docker/volumes/etherpad_data/_data/" ]; - virtualisation.oci-containers.containers."etherpad-lite" = { - #image = "makefoo/bgt-etherpad:2021-04-16.3"; # --build-arg ETHERPAD_PLUGINS="ep_markdown" - image = "etherpad/etherpad:1.8.14"; - - ports = [ "127.0.0.1:${toString port}:9001" ]; - volumes = [ - "/var/src/secrets/etherpad/apikey:/opt/etherpad-lite/APIKEY.txt" - "etherpad_data:/opt/etherpad-lite/var" # persistent dirtydb - ]; - # for postgres - #DB_TYPE=postgres - #DB_HOST=db.local - #DB_PORT=4321 - #DB_NAME=etherpad - #DB_USER=dbusername - #DB_PASS=mypassword - environment = { - # ADMIN_PASSWORD = "auf jeden fall nicht das echte admin passwort"; - # LOGLEVEL = "DEBUG"; - - SUPPRESS_ERRORS_IN_PAD_TEXT = "true"; - TRUST_PROXY = "true"; - TITLE = "Binärgewitter Etherpad"; - SKIN_NAME = "no-skin"; - DEFAULT_PAD_TEXT = builtins.readFile ./template.md; - PAD_OPTIONS_USE_MONOSPACE_FONT = "true"; - PAD_OPTIONS_USER_NAME = "true"; - PAD_OPTIONS_USER_COLOR = "true"; - PAD_OPTIONS_CHAT_AND_USERS = "true"; - PAD_OPTIONS_LANG = "en-US"; - }; - }; -} diff --git a/makefu/2configs/bgt/hidden_service.nix b/makefu/2configs/bgt/hidden_service.nix deleted file mode 100644 index 56d319e39..000000000 --- a/makefu/2configs/bgt/hidden_service.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ pkgs, lib, ... }: - -with lib; -let - name = "bgt_cyberwar_hidden_service"; - sec = (toString ) + "/"; - secdir = sec + name; - srvdir = "/var/lib/tor/onion/"; - basedir = srvdir + name; - hn = builtins.readFile (secdir + "/hostname"); -in -{ - systemd.services.prepare-hidden-service = { - wantedBy = [ "local-fs.target" ]; - before = [ "tor.service" ]; - serviceConfig = { - ExecStart = pkgs.writeScript "prepare-euer-blog-service" '' - #!/bin/sh - set -euf - if ! test -d "${basedir}" ;then - mkdir -p "${srvdir}" - cp -r "${secdir}" "${srvdir}" - chown -R tor:tor "${srvdir}" - chmod -R 700 "${basedir}" - else - echo "not overwriting ${basedir}" - fi - ''; - Type = "oneshot"; - RemainAfterExit = "yes"; - TimeoutSec = "0"; - }; - }; - services.nginx.virtualHosts."${hn}".locations."/" = { - proxyPass = "https://blog.binaergewitter.de"; - extraConfig = '' - proxy_set_header Host blog.binaergewitter.de; - proxy_ssl_server_name on; - ''; - }; - services.tor = { - enable = true; - hiddenServices."${name}".map = [ - { port = 80; } - # { port = 443; toHost = "blog.binaergewitter.de"; } - ]; - }; -} diff --git a/makefu/2configs/bgt/social-to-irc.nix b/makefu/2configs/bgt/social-to-irc.nix deleted file mode 100644 index 9d9640a9f..000000000 --- a/makefu/2configs/bgt/social-to-irc.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ pkgs, ... }: -{ - systemd.services.brockman.environment."BROCKMAN_LOG_LEVEL" = "DEBUG"; - krebs.brockman = { - enable = true; - config = { - channel = "#binaergewitter"; - notifyErrors = false; - irc = { - host = "irc.libera.chat"; - port = 6667; - }; - #controller = { - # nick = "brockman-systemdultras"; - # channels = []; - #}; - bots = { - bgt-mastodon-rss = { - feed = "https://jit.social/users/binaergewitter.rss"; - #extraChannels = [ "#binaergewitter" ]; - delay = 180; - }; - bgt-blog-rss = { - feed = "https://blog.binaergewitter.de/rss.xml"; - #extraChannels = [ "#binaergewitter" ]; - delay = 180; - }; - bgt-twitter = { - feed = "http://rss.makefu.r/?action=display&bridge=Twitter&context=By+username&u=binaergewitter&format=Atom"; - #extraChannels = [ "#binaergewitter" ]; - delay = 280; - }; - }; - }; - - }; -} diff --git a/makefu/2configs/bgt/template.md b/makefu/2configs/bgt/template.md deleted file mode 100644 index be21d7c0c..000000000 --- a/makefu/2configs/bgt/template.md +++ /dev/null @@ -1,43 +0,0 @@ -# - -0. Sendung twittern und mastodieren (eine Woche + eine Stunde vorher) von Ingo/l33tname (wichtig) -1. `eine` Person anrufen (den Host): - - markus madmas@studio.link - - Felix1 makefu@studio.link - - L33tFelix l33tname@studio.link - - Ingo ingo@studio.link -2. Jitis an machen https://meet.ffmuc.net/bgt-aktuell (mittel) -3. studio-link aufnehmen drücken (wichtig) -4. audiocity starten, 48000Hz einstellen, Audio-Device checken und aufnehmen drücken (wichtig) -4. alternative parecord: - `$ pacmd list-sources | grep -e device.string -e 'name:' # keins der "monitor" devices` - `$ parecord --channels=1 -d alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo bgt.wav` -5. darkice starten (wichtig) -6. Ingo daran erinnern, dass er die Überschriften richtig aussprechen muss -7. klatschen -8. Hallihallo und Herzlich Willkommen - -## Vorschläge -### Backlog von Picks und Lesefoo aus der letzten Woche - ---- - -## Blast from the Past - -## Toter der Woche - -## Untoter der Woche - -## AI der Woche - -## News - -## Themen - -## Mimimi der Woche - -## Lesefoo - -## Picks - -## Ende -- cgit v1.2.3