seber: init robinwobin.dev · koi.rip/dotfiles@920087a

koi.rip / dotfiles

fork atom

my nixos dotfiles :3 (git.koi.rip mirror) git.koi.rip/koi/dotfiles

linux dotfiles neovim nixos catppuccin

fork atom

seber: init robinwobin.dev

koi.rip 2 months ago 920087a7 4d45a77e

+43 -15

1 changed file

expand all

unified split

systems

seber

services

ebil-club.nix

+43 -15

systems/seber/services/ebil-club.nix

··· 1 - { pkgs, ... }: 1 + { lib, pkgs, ... }: 2 2 3 3 let 4 4 mkSite = 5 - { name, sshPubkey }: 5 + { 6 + name, 7 + sshPubkey, 8 + canonical ? null, 9 + }: 6 10 let 7 - host = "${name}.ebil.club"; 11 + defaultHost = "${name}.ebil.club"; 12 + servedHost = if canonical != null then canonical else defaultHost; 13 + 8 14 home = "/var/ebil.club/${name}"; 9 - in 10 - { 11 - services.nginx.virtualHosts."${host}" = { 12 - locations."/" = { 13 - root = "${home}/${host}"; 14 - index = "index.html"; 15 - extraConfig = "try_files $uri $uri/ =404;"; 16 - }; 17 - extraConfig = "error_page 404 /404.html;"; 15 + rootDir = "${home}/${defaultHost}"; 16 + 17 + tls = { 18 + onlySSL = true; 18 19 sslCertificate = "/run/agenix/ssl-adamperkowski-cert"; 19 20 sslCertificateKey = "/run/agenix/ssl-adamperkowski-key"; 20 - onlySSL = true; 21 + }; 22 + in 23 + { 24 + services.nginx.virtualHosts = { 25 + "${servedHost}" = ( 26 + { 27 + locations."/" = { 28 + root = rootDir; 29 + index = "index.html"; 30 + extraConfig = "try_files $uri $uri/ =404;"; 31 + }; 32 + extraConfig = "error_page 404 /404.html;"; 33 + } 34 + // tls 35 + ); 36 + } 37 + // lib.optionalAttrs (canonical != null) { 38 + "${defaultHost}" = ( 39 + { 40 + locations."/".return = "307 https://${canonical}$request_uri"; 41 + } 42 + // tls 43 + ); 21 44 }; 22 45 23 46 users = { ··· 29 52 hashedPassword = "!"; 30 53 group = name; 31 54 openssh.authorizedKeys.keys = [ 32 - ''command="${pkgs.rrsync}/bin/rrsync ~/${host}",restrict,no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ${sshPubkey}'' 55 + ''command="${pkgs.rrsync}/bin/rrsync ~/${defaultHost}",restrict,no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ${sshPubkey}'' 33 56 ]; 34 57 }; 35 58 }; 36 59 37 60 systemd.tmpfiles.rules = [ 38 61 "d ${home} 0750 ${name} nginx -" 39 - "d ${home}/${host} 2750 ${name} nginx -" 62 + "d ${home}/${defaultHost} 2750 ${name} nginx -" 40 63 ]; 41 64 }; 42 65 in ··· 49 72 (mkSite { 50 73 name = "kolpix"; 51 74 sshPubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDY0nHqaw1FriPBnK/hsdVGO69RGu6k/FAYNtUmYCEUS3MN0+loQWRwV2zk0KlWwIP/sMtWH/QjX5oNGpSt9Oj9jmfjgdPkQcl+4B/u93V6wK6Xl+5FufkXbtzENakPQVLX4INyZ9gViuRE4eguPFeRYSckcboxfeqlM24OUT7gvtn4r3z6c0Yx8qit/GVn1F7/ozi0lrSGknEVFUr3ewoQZWm7rpd9SjbTutqLtX6quEQzn6GG/wNxUodnIPwflGgBlfzej2SekuzLvnE1VfaaBvzOZei4VdvY7JrbKN+zlkmuKtEaZB7fkwOxegHsFRxLjSzLasI84wbWt38KTlDxPLjWPq62rJZOnI1XILCUamt9fSTraDfYeHeTCjrlKKctX0l4fvMLG4ZE1wHsELShisZuN4dPb1BqTgEL3s7n60kXG4TTUbo/frXocVf7PX1QINfnWkUPXT4fWkhYV0XALqBpnXs9XJXbk7dCWoWIuwm8+R2svcGvdiIrVGMy9cCP4bIqNzZ7NlOAvIysgmnLcv5GsTv7YfBXrJFnBXScsacqJaH3BLVg+zVYXKvokjZJ0mEa260aMqJDS7lK+xbnBhwH3B+tOAaR7ZoB0c1j2JyFOjTLL9K1uw0dRyQB4b0ZWQ08ByNi1rYT/FHBHU/Jl1rocEUgwmUDFNFufIMwZQ=="; 75 + }) 76 + (mkSite { 77 + name = "robin"; 78 + sshPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKKxTuK2A7wbXnjkIhDrze4B5Uj2rnpmPAWGjPDMPiyk"; 79 + canonical = "robinwobin.dev"; 52 80 }) 53 81 ]; 54 82