ma bgt: init download.binaergewitter.de
This commit is contained in:
parent
7ee2e1e266
commit
26c897d72c
1
makefu/2configs/bgt/auphonic.pub
Normal file
1
makefu/2configs/bgt/auphonic.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDvP50lgtHhlC3LKzC1/4yzJNxkZFDSIBvEfavNfchNKJUEBPo82oVtfFgJR5XfjI7c2U9dHl+0q4qMl+9ZiZWr2YgDpAr78kpur4gjWKrnBa2eT9GIfXB3Tm1+OpI2HoeOHUKEK1gKqqe9tJfS+CLb7DLCjulW8zdLiiH6KmvyaH78hGjZv+bpx7H4rItAinl8vGe+ceRIk4tZbmkyhphXbQZa3Ov+imiJXIr7fmX3tkOhUp4YwrVlUK8J0MEa1Kf7ZYWRqvGnKYFQ73LwLPz7UIOZ93zPF4d0R7xqvdEEhIx+u1/gToQZSMUczbVqg3dixr3yeBhFA/6h0lTA61mx
|
@ -1,12 +1,25 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with import <stockholm/lib>;
|
||||||
let
|
let
|
||||||
ident = (toString <secrets>) + "/mirrorsync.gum.id_ed25519";
|
ident = (builtins.readFile ./auphonic.pub);
|
||||||
in {
|
in {
|
||||||
systemd.services.mirrorsync = {
|
services.openssh = {
|
||||||
startAt = "08:00:00";
|
allowSFTP = true;
|
||||||
path = with pkgs; [ rsync openssh ];
|
sftpFlags = [ "-l VERBOSE" ];
|
||||||
script = ''rsync -av -e "ssh -i ${ident}" mirrorsync@159.69.132.234:/var/www/html/ /var/www/binaergewitter'';
|
extraConfig = ''
|
||||||
|
Match User auphonic
|
||||||
|
ForceCommand internal-sftp
|
||||||
|
AllowTcpForwarding no
|
||||||
|
X11Forwarding no
|
||||||
|
PasswordAuthentication no
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
users.users.auphonic = {
|
||||||
|
uid = genid "auphonic";
|
||||||
|
group = "nginx";
|
||||||
|
useDefaultShell = true;
|
||||||
|
openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ];
|
||||||
};
|
};
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = lib.mkDefault true;
|
enable = lib.mkDefault true;
|
Loading…
Reference in New Issue
Block a user