ma gumr.: enable workadventure

2021-01-27 23:00:02 +01:00 · 2021-01-27 23:00:02 +01:00 · 0088e2b3cf
commit 0088e2b3cf
parent 54cd4c84e5
2 changed files with 23 additions and 9 deletions
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@ -65,7 +65,7 @@ in {
        };
        networking.firewall = {
          allowedTCPPorts =
-          [
+            [
            53
            655
            21031
@ -83,6 +83,9 @@ in {
      # <stockholm/makefu/2configs/exim-retiolum.nix>
      <stockholm/makefu/2configs/git/cgit-retiolum.nix>
      ### systemdUltras ###
      <stockholm/makefu/2configs/systemdultras/ircbot.nix>
      ###### Shack #####
      # <stockholm/makefu/2configs/shack/events-publisher>
      # <stockholm/makefu/2configs/shack/gitlab-runner>
@ -98,7 +101,7 @@ in {
      { krebs.exim.enable = mkDefault true; }
      # sharing
-      <stockholm/makefu/2configs/share/gum.nix>
+      <stockholm/makefu/2configs/share/gum.nix> # samba sahre
      <stockholm/makefu/2configs/torrent.nix>
      <stockholm/makefu/2configs/sickbeard>
@ -145,7 +148,10 @@ in {
      <stockholm/makefu/2configs/deployment/gecloudpad>
      <stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix>
      <stockholm/makefu/2configs/deployment/docker/etherpad.euer.krebsco.de.nix>
      # <stockholm/makefu/2configs/deployment/systemdultras-rss.nix>
      <stockholm/makefu/2configs/shiori.nix>
      <stockholm/makefu/2configs/workadventure>
      <stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix>
      <stockholm/makefu/2configs/bgt/hidden_service.nix>
@ -177,12 +183,19 @@ in {
    { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
    { path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ];
  ###### stable
-
+  security.acme.certs."cgit.euer.krebsco.de" = {
-  services.nginx.virtualHosts."cgit.euer.krebsco.de" = {
+    email = "letsencrypt@syntax-fehler.de";
-    forceSSL = true;
+    webroot = "/var/lib/acme/acme-challenge";
-    enableACME = true;
+    group = "nginx";
-    locations."/".proxyPass = "http://localhost/";
+  };
-    locations."/".extraConfig = ''proxy_set_header Host cgit;'';
+  services.nginx.virtualHosts."cgit" = {
    serverAliases = [ "cgit.euer.krebsco.de" ];
    addSSL = true;
    sslCertificate = "/var/lib/acme/cgit.euer.krebsco.de/fullchain.pem";
    sslCertificateKey = "/var/lib/acme/cgit.euer.krebsco.de/key.pem";
    locations."/.well-known/acme-challenge".extraConfig = ''
      root /var/lib/acme/acme-challenge;
    '';
  };
  krebs.build.host = config.krebs.hosts.gum;
@ -190,6 +203,7 @@ in {
  # Network
  networking = {
    firewall = {
        allowedTCPPorts = [ 80 443 ];
        allowPing = true;
        logRefusedConnections = false;
    };
--- a/makefu/1systems/gum/hardware-config.nix
+++ b/makefu/1systems/gum/hardware-config.nix
@ -69,7 +69,7 @@ in {
    fsType = "ext4";
    options = [ "nofail" ];
  };
-  fileSystems."/var/www/o.euer.krebsco.de" = {
+  fileSystems."/var/lib/nextcloud/data" = {
    device = "/dev/nixos/nextcloud";
    fsType = "ext4";
    options = [ "nofail" ];