diff options
Diffstat (limited to 'Omni/Cloud')
| -rw-r--r-- | Omni/Cloud/Cal.nix | 81 | ||||
| -rw-r--r-- | Omni/Cloud/Chat.nix | 2 | ||||
| -rw-r--r-- | Omni/Cloud/Comms/Xmpp.nix | 74 | ||||
| -rw-r--r-- | Omni/Cloud/Git.nix | 2 | ||||
| -rw-r--r-- | Omni/Cloud/Mail.nix | 87 | ||||
| -rw-r--r-- | Omni/Cloud/Monica.nix | 4 | ||||
| -rw-r--r-- | Omni/Cloud/NostrRelay.nix | 4 | ||||
| -rw-r--r-- | Omni/Cloud/OpenWebui.nix | 43 | ||||
| -rw-r--r-- | Omni/Cloud/Ports.nix | 1 | ||||
| -rw-r--r-- | Omni/Cloud/Web.nix | 164 | ||||
| -rw-r--r-- | Omni/Cloud/Znc.nix | 2 | ||||
| -rwxr-xr-x | Omni/Cloud/post-receive.sh | 10 |
12 files changed, 271 insertions, 203 deletions
diff --git a/Omni/Cloud/Cal.nix b/Omni/Cloud/Cal.nix new file mode 100644 index 0000000..3c3c46c --- /dev/null +++ b/Omni/Cloud/Cal.nix @@ -0,0 +1,81 @@ +{config, ...}: let + ports = import ./Ports.nix; + rootDomain = config.networking.domain; +in { + networking.firewall.allowedTCPPorts = [ports.radicale]; + + services.radicale = { + enable = true; + rights = { + # Allow reading root collection for authenticated users + root = { + user = ".*"; + collection = ""; + permissions = "R"; + }; + # Allow reading and writing principal collection (same as username) + principal = { + user = ".+"; + collection = "{user}"; + permissions = "RW"; + }; + # Make shared collection visible as part of root listing + shared_principal = { + user = ".+"; + collection = "shared"; + permissions = "RW"; + }; + # Allow reading and writing calendars and address books that are direct + # children of the principal collection + calendars = { + user = ".+"; + collection = "{user}/[^/]+"; + permissions = "rw"; + }; + # Allow ben full access to shared/ben, repeat this for other shared + # calendars as needed. + ben_shared = { + user = "ben"; + collection = "shared/ben(/.+)?"; + permissions = "rwD"; + }; + # Must be authed to write to the shared collections + shared_write = { + user = ".+"; + collection = "shared/[^/]+"; + permissions = "rw"; + }; + # Allow any user to read the shared collection + shared_read = { + user = ".+"; + collection = "shared(/.*)?"; + permissions = "r"; + }; + }; + settings = { + server = { + hosts = [ + "0.0.0.0:${toString ports.radicale}" + "[::]:${toString ports.radicale}" + ]; + }; + auth = { + type = "htpasswd"; + htpasswd_filename = "/etc/radicale/users"; + htpasswd_encryption = "plain"; + }; + }; + }; + + services.nginx.virtualHosts."cal.${rootDomain}" = { + locations."/".proxyPass = "http://localhost:${toString ports.radicale}"; + forceSSL = true; + useACMEHost = rootDomain; + extraConfig = '' + proxy_set_header X-Script-Name ""; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_pass_header Authorization; + ''; + }; +} diff --git a/Omni/Cloud/Chat.nix b/Omni/Cloud/Chat.nix index a3a6a78..6b15dd7 100644 --- a/Omni/Cloud/Chat.nix +++ b/Omni/Cloud/Chat.nix @@ -88,7 +88,7 @@ in { }; }; }; - # matrix client, available at chat.simatime.com + # matrix client, available at chat.bensima.com # # note that element and matrix-synapse must be on separate fqdn's to # protect from XSS attacks: diff --git a/Omni/Cloud/Comms/Xmpp.nix b/Omni/Cloud/Comms/Xmpp.nix index ea50ed9..e48dd56 100644 --- a/Omni/Cloud/Comms/Xmpp.nix +++ b/Omni/Cloud/Comms/Xmpp.nix @@ -7,7 +7,7 @@ # xmpp chat service # let - rootDomain = config.networking.domain; # simatime.com + rootDomain = config.networking.domain; # bensima.com ssl = { cert = "/var/lib/acme/${rootDomain}/fullchain.pem"; key = "/var/lib/acme/${rootDomain}/key.pem"; @@ -32,7 +32,7 @@ in { # this is necessary bc prosody needs access to the acme certs managed in Omni/Cloud/Web.nix, when # i learn how to use security.acme better, and use separate certs, then i can fix this group group = "nginx"; - admins = ["bsima@${rootDomain}"]; + admins = ["ben@${rootDomain}"]; allowRegistration = true; inherit ssl; uploadHttp = { @@ -81,20 +81,20 @@ in { websocket_url = "wss://${rootDomain}/xmpp-websocket"; } - cross_domain_websocket = { "https://${rootDomain}", "https://anon.${rootDomain}" } + cross_domain_websocket = { "https://${rootDomain}" } cross_domain_bosh = false; -- handle this with nginx consider_bosh_secure = true; -- this is a virtualhost that allows anonymous authentication. use this -- for a public lobby. the nix module doesn't support 'authentication' -- so i have to do this here. - VirtualHost "anon.${rootDomain}" - authentication = "anonymous" - ssl = { - cafile = "/etc/ssl/certs/ca-bundle.crt"; - key = "${ssl.key}"; - certificate = "${ssl.cert}"; - }; + --VirtualHost "anon.${rootDomain}" + -- authentication = "anonymous" + -- ssl = { + -- cafile = "/etc/ssl/certs/ca-bundle.crt"; + -- key = "${ssl.key}"; + -- certificate = "${ssl.cert}"; + -- }; ''; muc = [ @@ -116,6 +116,11 @@ in { enabled = true; inherit ssl; }; + "simatime.com" = { + domain = "simatime.com"; + enabled = true; + inherit ssl; + }; }; }; @@ -154,30 +159,31 @@ in { }; }; - services.nginx.virtualHosts."anon.${rootDomain}" = { - useACMEHost = "${rootDomain}"; - forceSSL = true; - locations = { - "/http-bind" = { - proxyPass = "https://anon.${rootDomain}:5281/http-bind"; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_buffering off; - if ($request_method ~* "(GET|POST)") { - add_header Access-Control-Allow-Origin "*"; - } - if ($request_method = OPTIONS) { - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, HEAD"; - add_header Access-Control-Allow-Headers "Authorization, Origin, X-Requested-With, Content-Type, Accept"; - return 200; - } - ''; - }; - }; - }; + # this is an old proxy for the conversejs anonymous prosody host + #services.nginx.virtualHosts."anon.${rootDomain}" = { + # useACMEHost = "${rootDomain}"; + # forceSSL = true; + # locations = { + # "/http-bind" = { + # proxyPass = "https://anon.${rootDomain}:5281/http-bind"; + # extraConfig = '' + # proxy_set_header Host $host; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header X-Forwarded-Proto $scheme; + # proxy_buffering off; + # if ($request_method ~* "(GET|POST)") { + # add_header Access-Control-Allow-Origin "*"; + # } + # if ($request_method = OPTIONS) { + # add_header Access-Control-Allow-Origin "*"; + # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, HEAD"; + # add_header Access-Control-Allow-Headers "Authorization, Origin, X-Requested-With, Content-Type, Accept"; + # return 200; + # } + # ''; + # }; + # }; + #}; users.users.nginx.extraGroups = ["prosody"]; diff --git a/Omni/Cloud/Git.nix b/Omni/Cloud/Git.nix index 4d04b98..e610eb5 100644 --- a/Omni/Cloud/Git.nix +++ b/Omni/Cloud/Git.nix @@ -27,7 +27,7 @@ in { settings = { strict-export = "git-daemon-export-ok"; root-title = "ben's git repos"; - root-desc = "xmpp:buildlog@conference.simatime.com"; + root-desc = "xmpp:buildlog@conference.bensima.com"; enable-git-config = 1; clone-url = lib.strings.concatStringsSep " " [ # this doesn't work because git-daemon runs as user gitDaemon, but diff --git a/Omni/Cloud/Mail.nix b/Omni/Cloud/Mail.nix index 728ec09..22551c2 100644 --- a/Omni/Cloud/Mail.nix +++ b/Omni/Cloud/Mail.nix @@ -10,11 +10,11 @@ Known issues: mailserver = { enable = true; monitoring = { - enable = false; - alertAddress = "bsima@me.com"; + enable = true; + alertAddress = "bsima@icloud.com"; }; - fqdn = "simatime.com"; - domains = ["simatime.com" "bsima.me"]; + fqdn = "bensima.com"; + domains = ["bensima.com" "simatime.com" "bsima.me"]; certificateScheme = "acme-nginx"; # let's encrypt, using named scheme instead of number enableImap = true; enablePop3 = true; @@ -23,36 +23,46 @@ Known issues: enableManageSieve = true; virusScanning = false; # ur on ur own localDnsResolver = true; + dmarcReporting = { + enable = true; + organizationName = "Ben Sima"; + domain = "bensima.com"; + localpart = "dmarc"; + }; # Define proper virtual aliases instead of placeholder extraVirtualAliases = { - "blocked@simatime.com" = "ben@simatime.com"; + "blocked@bensima.com" = "ben@bensima.com"; + + # forward old addresses to new domain + "ben@bsima.me" = "ben@bensima.com"; + "ben@simatime.com" = "ben@bensima.com"; }; loginAccounts = { - "ben@simatime.com" = { + "ben@bensima.com" = { hashedPasswordFile = "/home/ben/hashed-mail-password"; aliases = [ - # my default email + # my old emails + "ben@simatime.com" "ben@bsima.me" - # admin stuff - "postmaster@simatime.com" - "abuse@simatime.com" + # admin stuff, necessary i think? + "postmaster@bensima.com" + "abuse@bensima.com" ]; - catchAll = ["simatime.com" "bsima.me"]; + catchAll = ["bensima.com" "simatime.com" "bsima.me"]; quota = "10G"; }; - "dev@simatime.com" = { + "dev@bensima.com" = { hashedPasswordFile = "/home/ben/hashed-mail-password"; - aliases = ["dev@bsima.me"]; + aliases = ["dev@simatime.com" "dev@bsima.me"]; quota = "10G"; }; - "nick@simatime.com" = { - hashedPassword = "$6$31P/Mg8k8Pezy1e$Fn1tDyssf.1EgxmLYFsQpSq6RP4wbEvP/UlBlXQhyKA9FnmFtJteXsbJM1naa8Kyylo8vZM9zmeoSthHS1slA1"; - aliases = ["nicolai@simatime.com"]; + "monica@bensima.com" = { + hashedPasswordFile = "/home/ben/hashed-mail-password"; quota = "1G"; }; - "monica@simatime.com" = { + "dmarc@bensima.com" = { hashedPasswordFile = "/home/ben/hashed-mail-password"; quota = "1G"; }; @@ -63,30 +73,59 @@ Known issues: services.postfix.headerChecks = [ # Block perfora.net { - pattern = "/^Received:.*perfora\\.net/"; + pattern = "^Received:.*perfora\\.net"; action = "REJECT Domain perfora.net is blocked"; } { - pattern = "/^From:.*perfora\\.net/"; + pattern = "^From:.*perfora\\.net"; action = "REJECT Domain perfora.net is blocked"; } - + # Block novastells.com.es domain { - pattern = "/^Received:.*novastells\\.com\\.es/"; + pattern = "^Received:.*novastells\\.com\\.es"; action = "REJECT Domain novastells.com.es is blocked"; } { - pattern = "/^From:.*novastells\\.com\\.es/"; + pattern = "^From:.*novastells\\.com\\.es"; action = "REJECT Domain novastells.com.es is blocked"; } { - pattern = "/^Return-Path:.*novastells\\.com\\.es/"; + pattern = "^Return-Path:.*novastells\\.com\\.es"; action = "REJECT Domain novastells.com.es is blocked"; } { - pattern = "/^Sender:.*novastells\\.com\\.es/"; + pattern = "^Sender:.*novastells\\.com\\.es"; action = "REJECT Domain novastells.com.es is blocked"; } + + # Block optaltechtld.com domain + { + pattern = "^Received:.*optaltechtld\\.com"; + action = "REJECT Domain optaltechtld.com is blocked"; + } + { + pattern = "^From:.*optaltechtld\\.com"; + action = "REJECT Domain optaltechtld.com is blocked"; + } + { + pattern = "^Return-Path:.*optaltechtld\\.com"; + action = "REJECT Domain optaltechtld.com is blocked"; + } + { + pattern = "^Sender:.*optaltechtld\\.com"; + action = "REJECT Domain optaltechtld.com is blocked"; + } ]; + + # Increase memory limits for mbsync, otherwise it runs out of space trying to + # sync large mailboxes (like dev/INBOX) + services.dovecot2.extraConfig = '' + service imap { + vsz_limit = 4G + } + service quota-status { + vsz_limit = 4G + } + ''; } diff --git a/Omni/Cloud/Monica.nix b/Omni/Cloud/Monica.nix index 0d6ca65..39a5ce1 100644 --- a/Omni/Cloud/Monica.nix +++ b/Omni/Cloud/Monica.nix @@ -2,7 +2,7 @@ rootDomain = config.networking.domain; in { services.monica = { - enable = true; + enable = false; hostname = "monica.${rootDomain}"; appKeyFile = "/run/keys/monica-appkey"; database = { @@ -21,7 +21,7 @@ in { host = "localhost"; port = 25; # Standard SMTP port fromName = "Monica CRM"; - from = "monica@simatime.com"; + from = "monica@bensima.com"; encryption = null; # No encryption for local mail server }; }; diff --git a/Omni/Cloud/NostrRelay.nix b/Omni/Cloud/NostrRelay.nix index 1bcf99b..00401a4 100644 --- a/Omni/Cloud/NostrRelay.nix +++ b/Omni/Cloud/NostrRelay.nix @@ -8,8 +8,8 @@ # https://git.sr.ht/~gheartsfield/nostr-rs-relay/tree/master/config.toml cfg = pkgs.writeText "config.toml" '' [info] - name = "simatime" - relay_url = "wss://nostr.simatime.com" + name = "bensima" + relay_url = "wss://nostr.bensima.com" description = "yet another nostr relay" [database] diff --git a/Omni/Cloud/OpenWebui.nix b/Omni/Cloud/OpenWebui.nix new file mode 100644 index 0000000..fc662c2 --- /dev/null +++ b/Omni/Cloud/OpenWebui.nix @@ -0,0 +1,43 @@ +{ + config, + pkgs, + ... +}: let + ports = import ./Ports.nix; +in { + config.virtualisation.oci-containers.backend = "docker"; + + config.virtualisation.oci-containers.containers.open-webui-aichat = { + image = "ghcr.io/open-webui/open-webui:main"; + volumes = ["/var/lib/open-webui-aichat:/app/backend/data"]; + environment = { + PORT = toString ports.open-webui-aichat; + }; + extraOptions = ["--network=host"]; + }; + + # Add a service that updates and restarts the container + config.systemd.services."update-open-webui-aichat" = { + description = "pulling new open-webui image and restarting the service"; + wantedBy = ["multi-user.target"]; + after = ["network-online.target"]; + serviceConfig = { + Type = "oneshot"; + ExecStart = [ + # Pull the latest image + "${pkgs.docker}/bin/docker pull ghcr.io/open-webui/open-webui:main" + # Restart the container + "${pkgs.systemd}/bin/systemctl stop docker-open-webui-aichat" + "${pkgs.systemd}/bin/systemctl start docker-open-webui-aichat" + ]; + }; + }; + + # Add a timer that runs every Sunday at 3 AM + config.systemd.timers."update-open-webui-aichat" = { + wantedBy = ["timers.target"]; + timerConfig.OnCalendar = "Sun 03:00:00"; + timerConfig.Persistent = true; + unitConfig.Description = "Weekly timer for pulling new open-webui image and restarting service."; + }; +} diff --git a/Omni/Cloud/Ports.nix b/Omni/Cloud/Ports.nix index 7f16bf3..ac67d54 100644 --- a/Omni/Cloud/Ports.nix +++ b/Omni/Cloud/Ports.nix @@ -33,6 +33,7 @@ nostr-relay = 8084; ollama = 11434; open-webui = 8088; + open-webui-aichat = 4242; radicale = 5232; sabten = 8081; ssh = 22; diff --git a/Omni/Cloud/Web.nix b/Omni/Cloud/Web.nix index 79886c3..45afc4d 100644 --- a/Omni/Cloud/Web.nix +++ b/Omni/Cloud/Web.nix @@ -35,50 +35,6 @@ in { port = ports.invidious; }; - radicale = { - enable = true; - rights = { - # Allow reading root collection for authenticated users - root = { - user = ".+"; - collection = ""; - permissions = "R"; - }; - # Allow reading and writing principal collection (same as username) - principal = { - user = ".+"; - collection = "{user}"; - permissions = "RW"; - }; - # Allow reading and writing calendars and address books that are direct - # children of the principal collection - calendars = { - user = ".+"; - collection = "{user}/[^/]+"; - permissions = "rw"; - }; - # Allow any authenticated user to modify the public collection - public = { - user = ".*"; - collection = "public/.*"; - permissions = "rw"; - }; - }; - settings = { - server = { - hosts = [ - "0.0.0.0:${toString ports.radicale}" - "[::]:${toString ports.radicale}" - ]; - }; - auth = { - type = "htpasswd"; - htpasswd_filename = "/etc/radicale/users"; - htpasswd_encryption = "plain"; - }; - }; - }; - gmnisrv = { enable = false; listen = "0.0.0.0:${toString ports.gemini} [::]:${toString ports.gemini}"; @@ -86,7 +42,7 @@ in { ":tls" = {store = "/var/lib/gmnisrv";}; "bsima.me" = {"root" = "/var/web/ben";}; "${rootDomain}" = { - "root" = "/var/web/simatime.com"; + "root" = "/var/web/ben"; "cgi" = "on"; }; }; @@ -116,20 +72,28 @@ in { serverName = rootDomain; forceSSL = true; enableACME = true; + serverAliases = [ + "www.simatime.com" + "simatime.com" + "www.bsima.me" + "bsima.me" + ]; locations = { # nostr nip-5 verification - "/.well-known/nostr.json".return = "200 '${ - builtins.toJSON { - names.bensima = "2fa4b9ba71b6dab17c4723745bb7850dfdafcb6ae1a8642f76f9c64fa5f43436"; - } - }'"; + #"/.well-known/nostr.json".return = "200 '${ + # builtins.toJSON { + # names.bensima = "2fa4b9ba71b6dab17c4723745bb7850dfdafcb6ae1a8642f76f9c64fa5f43436"; + # } + #}'"; "/" = { - root = "/var/web/simatime.com"; + root = "/var/web/ben"; + index = "index.html index.htm"; extraConfig = '' autoindex on; ''; }; - # serve /~$USER paths + # serve /~$USER paths, yeah i'm the only user, but whatever this + # trick might be useful someday "~ ^/~(.+?)(/.*)?$" = { alias = "/var/web/$1$2"; index = "index.html index.htm"; @@ -140,26 +104,6 @@ in { }; }; - "bensima.com" = { - locations."/" = { - root = "/var/web/ben"; - index = "index.html index.htm"; - extraConfig = '' - autoindex on; - ''; - }; - serverAliases = [ - "www.bensima.com" - "www.bsima.me" - "bsima.me" - ]; - forceSSL = true; - useACMEHost = rootDomain; - }; - - # Monica virtual host configuration is handled by the Monica service - # Don't add a manual entry here to avoid conflicts - "hoogle.${rootDomain}" = { locations."/".proxyPass = "http://${ports.bensIp}:${toString ports.hoogle}"; forceSSL = true; @@ -172,34 +116,6 @@ in { useACMEHost = rootDomain; }; - "cal.${rootDomain}" = { - locations."/".proxyPass = "http://localhost:${toString ports.radicale}"; - forceSSL = true; - useACMEHost = rootDomain; - extraConfig = '' - proxy_set_header X-Script-Name /radicale; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $host; - proxy_pass_header Authorization; - ''; - }; - - "reddit.${rootDomain}" = { - locations."/".proxyPass = "http://localhost:${toString ports.libreddit}"; - forceSSL = true; - useACMEHost = rootDomain; - }; - "www.reddit.${rootDomain}" = { - forceSSL = true; - useACMEHost = rootDomain; - globalRedirect = "reddit.${rootDomain}"; - }; - "old.reddit.${rootDomain}" = { - forceSSL = true; - useACMEHost = rootDomain; - globalRedirect = "reddit.${rootDomain}"; - }; - "youtube.${rootDomain}" = { locations."/".proxyPass = "http://localhost:${toString ports.invidious}"; forceSSL = true; @@ -216,27 +132,6 @@ in { globalRedirect = "youtube.${rootDomain}"; }; - "dandel-rovbur.${rootDomain}" = { - locations."/".proxyPass = "http://${ports.bensIp}:${toString ports.dandel-rovbur}"; - forceSSL = true; - useACMEHost = rootDomain; - }; - - "sabten.${rootDomain}" = { - locations."/".proxyPass = "http://localhost:${toString ports.sabten}"; - forceSSL = true; - useACMEHost = rootDomain; - }; - - "sd.${rootDomain}" = { - forceSSL = true; - useACMEHost = rootDomain; - locations."/" = { - proxyPass = "http://${ports.bensIp}:${toString ports.stableDiffusion}"; - proxyWebsockets = true; - }; - }; - "music.${rootDomain}" = { forceSSL = true; useACMEHost = rootDomain; @@ -257,7 +152,7 @@ in { }; }; - "notebook.${rootDomain}" = { + "jupyter.${rootDomain}" = { forceSSL = true; useACMEHost = rootDomain; locations = { @@ -275,6 +170,17 @@ in { }; }; }; + + "aichat.${rootDomain}" = { + forceSSL = true; + useACMEHost = rootDomain; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:${toString ports.open-webui-aichat}"; + proxyWebsockets = true; + }; + }; + }; }; }; }; @@ -283,26 +189,18 @@ in { group = "nginx"; # This must contain all of the other domains we host extraDomainNames = - ["bensima.com" "www.bensima.com" "bsima.me" "www.bsima.me"] + ["simatime.com" "www.simatime.com" "bsima.me" "www.bsima.me"] ++ map (sub: "${sub}.${rootDomain}") [ - "music" "tv" "hoogle" - "dandel-rovbur" - "sabten" "cal" - "notebook" - "nostr" - "youtube" - "www.youtube" - "m.youtube" - "sd" - "gerrit" + "jupyter" "git" "monica" # xmpp stuff "upload" "conference" + "aichat" ]; }; } diff --git a/Omni/Cloud/Znc.nix b/Omni/Cloud/Znc.nix index 5b927bc..036a14f 100644 --- a/Omni/Cloud/Znc.nix +++ b/Omni/Cloud/Znc.nix @@ -15,7 +15,7 @@ N.B.: generate znc passwords with 'nix-shell -p znc --command "znc --makepass"' useLegacyConfig = false; config = { LoadModule = ["adminlog"]; - Motd = "welcome to znc.simatime.com"; + Motd = "welcome to znc.bensima.com"; User.bsima = { Admin = true; Nick = "bsima"; diff --git a/Omni/Cloud/post-receive.sh b/Omni/Cloud/post-receive.sh index 179fbd0..8df799f 100755 --- a/Omni/Cloud/post-receive.sh +++ b/Omni/Cloud/post-receive.sh @@ -6,11 +6,11 @@ # properly, so we have to manually deploy this like so: # # scp Omni/Cloud/post-receive \ -# root@simatime.com:/srv/git/.gitolite/hooks/common/post-receive +# root@bensima.com:/srv/git/.gitolite/hooks/common/post-receive # # One time only: # -# ssh root@simatime.com "sudo -u git gitolite setup -ho" +# ssh root@bensima.com "sudo -u git gitolite setup -ho" # # Also on first-time setup, might need to manually check the permissions are # correct on $webroot/archive or wherever else. @@ -22,13 +22,13 @@ do then repo=$(basename "$PWD" | sed 's/.git//g') branch=$(git rev-parse --symbolic --abbrev-ref "$refname") - webroot="/srv/www/simatime.com/" + webroot="/srv/www/bensima.com/" outdir="$webroot/archive/$repo/$branch" mkdir -p "$outdir" - echo " making: https://simatime.com/archive/$repo/$branch/$newrev.tar.gz" + echo " making: https://git.bensima.com/archive/$repo/$branch/$newrev.tar.gz" git archive "$branch" --prefix "$repo-$branch/" --format tar \ | gzip > "$outdir/$newrev.tar.gz" - echo " making: https://simatime.com/archive/$repo/$branch/$newrev.sha256" + echo " making: https://git.bensima.com/archive/$repo/$branch/$newrev.sha256" hash=$(nix-prefetch-url --unpack file://"$outdir"/"$newrev".tar.gz 2>/dev/null) echo "$hash" > "$outdir/$newrev.sha256" echo " commit: $newrev" |