diff options
Diffstat (limited to 'Omni/Cloud')
| -rw-r--r-- | Omni/Cloud/Chat.nix | 2 | ||||
| -rw-r--r-- | Omni/Cloud/Comms/Xmpp.nix | 72 | ||||
| -rw-r--r-- | Omni/Cloud/Git.nix | 2 | ||||
| -rw-r--r-- | Omni/Cloud/Mail.nix | 42 | ||||
| -rw-r--r-- | Omni/Cloud/Monica.nix | 4 | ||||
| -rw-r--r-- | Omni/Cloud/NostrRelay.nix | 4 | ||||
| -rw-r--r-- | Omni/Cloud/Web.nix | 102 | ||||
| -rw-r--r-- | Omni/Cloud/Znc.nix | 2 | ||||
| -rwxr-xr-x | Omni/Cloud/post-receive.sh | 10 |
9 files changed, 95 insertions, 145 deletions
diff --git a/Omni/Cloud/Chat.nix b/Omni/Cloud/Chat.nix index a3a6a78..6b15dd7 100644 --- a/Omni/Cloud/Chat.nix +++ b/Omni/Cloud/Chat.nix @@ -88,7 +88,7 @@ in { }; }; }; - # matrix client, available at chat.simatime.com + # matrix client, available at chat.bensima.com # # note that element and matrix-synapse must be on separate fqdn's to # protect from XSS attacks: diff --git a/Omni/Cloud/Comms/Xmpp.nix b/Omni/Cloud/Comms/Xmpp.nix index ea50ed9..93d7cfc 100644 --- a/Omni/Cloud/Comms/Xmpp.nix +++ b/Omni/Cloud/Comms/Xmpp.nix @@ -7,7 +7,7 @@ # xmpp chat service # let - rootDomain = config.networking.domain; # simatime.com + rootDomain = config.networking.domain; # bensima.com ssl = { cert = "/var/lib/acme/${rootDomain}/fullchain.pem"; key = "/var/lib/acme/${rootDomain}/key.pem"; @@ -81,20 +81,20 @@ in { websocket_url = "wss://${rootDomain}/xmpp-websocket"; } - cross_domain_websocket = { "https://${rootDomain}", "https://anon.${rootDomain}" } + cross_domain_websocket = { "https://${rootDomain}" } cross_domain_bosh = false; -- handle this with nginx consider_bosh_secure = true; -- this is a virtualhost that allows anonymous authentication. use this -- for a public lobby. the nix module doesn't support 'authentication' -- so i have to do this here. - VirtualHost "anon.${rootDomain}" - authentication = "anonymous" - ssl = { - cafile = "/etc/ssl/certs/ca-bundle.crt"; - key = "${ssl.key}"; - certificate = "${ssl.cert}"; - }; + --VirtualHost "anon.${rootDomain}" + -- authentication = "anonymous" + -- ssl = { + -- cafile = "/etc/ssl/certs/ca-bundle.crt"; + -- key = "${ssl.key}"; + -- certificate = "${ssl.cert}"; + -- }; ''; muc = [ @@ -116,6 +116,11 @@ in { enabled = true; inherit ssl; }; + "simatime.com" = { + domain = "simatime.com"; + enabled = true; + inherit ssl; + }; }; }; @@ -154,30 +159,31 @@ in { }; }; - services.nginx.virtualHosts."anon.${rootDomain}" = { - useACMEHost = "${rootDomain}"; - forceSSL = true; - locations = { - "/http-bind" = { - proxyPass = "https://anon.${rootDomain}:5281/http-bind"; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_buffering off; - if ($request_method ~* "(GET|POST)") { - add_header Access-Control-Allow-Origin "*"; - } - if ($request_method = OPTIONS) { - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, HEAD"; - add_header Access-Control-Allow-Headers "Authorization, Origin, X-Requested-With, Content-Type, Accept"; - return 200; - } - ''; - }; - }; - }; + # this is an old proxy for the conversejs anonymous prosody host + #services.nginx.virtualHosts."anon.${rootDomain}" = { + # useACMEHost = "${rootDomain}"; + # forceSSL = true; + # locations = { + # "/http-bind" = { + # proxyPass = "https://anon.${rootDomain}:5281/http-bind"; + # extraConfig = '' + # proxy_set_header Host $host; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header X-Forwarded-Proto $scheme; + # proxy_buffering off; + # if ($request_method ~* "(GET|POST)") { + # add_header Access-Control-Allow-Origin "*"; + # } + # if ($request_method = OPTIONS) { + # add_header Access-Control-Allow-Origin "*"; + # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, HEAD"; + # add_header Access-Control-Allow-Headers "Authorization, Origin, X-Requested-With, Content-Type, Accept"; + # return 200; + # } + # ''; + # }; + # }; + #}; users.users.nginx.extraGroups = ["prosody"]; diff --git a/Omni/Cloud/Git.nix b/Omni/Cloud/Git.nix index 4d04b98..e610eb5 100644 --- a/Omni/Cloud/Git.nix +++ b/Omni/Cloud/Git.nix @@ -27,7 +27,7 @@ in { settings = { strict-export = "git-daemon-export-ok"; root-title = "ben's git repos"; - root-desc = "xmpp:buildlog@conference.simatime.com"; + root-desc = "xmpp:buildlog@conference.bensima.com"; enable-git-config = 1; clone-url = lib.strings.concatStringsSep " " [ # this doesn't work because git-daemon runs as user gitDaemon, but diff --git a/Omni/Cloud/Mail.nix b/Omni/Cloud/Mail.nix index bc14d93..61ccf30 100644 --- a/Omni/Cloud/Mail.nix +++ b/Omni/Cloud/Mail.nix @@ -10,11 +10,11 @@ Known issues: mailserver = { enable = true; monitoring = { - enable = false; - alertAddress = "bsima@me.com"; + enable = true; + alertAddress = "bsima@icloud.com"; }; - fqdn = "simatime.com"; - domains = ["simatime.com" "bsima.me"]; + fqdn = "bensima.com"; + domains = ["bensima.com" "simatime.com" "bsima.me"]; certificateScheme = "acme-nginx"; # let's encrypt, using named scheme instead of number enableImap = true; enablePop3 = true; @@ -26,33 +26,33 @@ Known issues: # Define proper virtual aliases instead of placeholder extraVirtualAliases = { - "blocked@simatime.com" = "ben@simatime.com"; + "blocked@bensima.com" = "ben@bensima.com"; + + # forward old addresses to new domain + "ben@bsima.me" = "ben@bensima.com"; + "ben@simatime.com" = "ben@bensima.com"; }; loginAccounts = { - "ben@simatime.com" = { + "ben@bensima.com" = { hashedPasswordFile = "/home/ben/hashed-mail-password"; aliases = [ - # my default email + # my old emails + "ben@simatime.com" "ben@bsima.me" - # admin stuff - "postmaster@simatime.com" - "abuse@simatime.com" + # admin stuff, necessary i think? + "postmaster@bensima.com" + "abuse@bensima.com" ]; - catchAll = ["simatime.com" "bsima.me"]; + catchAll = ["bensima.com" "simatime.com" "bsima.me"]; quota = "10G"; }; - "dev@simatime.com" = { + "dev@bensima.com" = { hashedPasswordFile = "/home/ben/hashed-mail-password"; - aliases = ["dev@bsima.me"]; + aliases = ["dev@simatime.com" "dev@bsima.me"]; quota = "10G"; }; - "nick@simatime.com" = { - hashedPassword = "$6$31P/Mg8k8Pezy1e$Fn1tDyssf.1EgxmLYFsQpSq6RP4wbEvP/UlBlXQhyKA9FnmFtJteXsbJM1naa8Kyylo8vZM9zmeoSthHS1slA1"; - aliases = ["nicolai@simatime.com"]; - quota = "1G"; - }; - "monica@simatime.com" = { + "monica@bensima.com" = { hashedPasswordFile = "/home/ben/hashed-mail-password"; quota = "1G"; }; @@ -70,7 +70,7 @@ Known issues: pattern = "/^From:.*perfora\\.net/"; action = "REJECT Domain perfora.net is blocked"; } - + # Block novastells.com.es domain { pattern = "/^Received:.*novastells\\.com\\.es/"; @@ -88,7 +88,7 @@ Known issues: pattern = "/^Sender:.*novastells\\.com\\.es/"; action = "REJECT Domain novastells.com.es is blocked"; } - + # Block optaltechtld.com domain { pattern = "/^Received:.*optaltechtld\\.com/"; diff --git a/Omni/Cloud/Monica.nix b/Omni/Cloud/Monica.nix index 0d6ca65..39a5ce1 100644 --- a/Omni/Cloud/Monica.nix +++ b/Omni/Cloud/Monica.nix @@ -2,7 +2,7 @@ rootDomain = config.networking.domain; in { services.monica = { - enable = true; + enable = false; hostname = "monica.${rootDomain}"; appKeyFile = "/run/keys/monica-appkey"; database = { @@ -21,7 +21,7 @@ in { host = "localhost"; port = 25; # Standard SMTP port fromName = "Monica CRM"; - from = "monica@simatime.com"; + from = "monica@bensima.com"; encryption = null; # No encryption for local mail server }; }; diff --git a/Omni/Cloud/NostrRelay.nix b/Omni/Cloud/NostrRelay.nix index 1bcf99b..00401a4 100644 --- a/Omni/Cloud/NostrRelay.nix +++ b/Omni/Cloud/NostrRelay.nix @@ -8,8 +8,8 @@ # https://git.sr.ht/~gheartsfield/nostr-rs-relay/tree/master/config.toml cfg = pkgs.writeText "config.toml" '' [info] - name = "simatime" - relay_url = "wss://nostr.simatime.com" + name = "bensima" + relay_url = "wss://nostr.bensima.com" description = "yet another nostr relay" [database] diff --git a/Omni/Cloud/Web.nix b/Omni/Cloud/Web.nix index 79886c3..b87da38 100644 --- a/Omni/Cloud/Web.nix +++ b/Omni/Cloud/Web.nix @@ -1,5 +1,6 @@ -{config, ...}: let - rootDomain = config.networking.domain; +{...}: let + # rootDomain = config.networking.domain; + rootDomain = "bensima.com"; ports = import ./Ports.nix; in { imports = [./Gmnisrv.nix]; @@ -86,7 +87,7 @@ in { ":tls" = {store = "/var/lib/gmnisrv";}; "bsima.me" = {"root" = "/var/web/ben";}; "${rootDomain}" = { - "root" = "/var/web/simatime.com"; + "root" = "/var/web/ben"; "cgi" = "on"; }; }; @@ -116,20 +117,29 @@ in { serverName = rootDomain; forceSSL = true; enableACME = true; + serverAliases = [ + "www.simatime.com" + "simatime.com" + "www.bsima.me" + "bsima.me" + "mail.bensima.com" + ]; locations = { # nostr nip-5 verification - "/.well-known/nostr.json".return = "200 '${ - builtins.toJSON { - names.bensima = "2fa4b9ba71b6dab17c4723745bb7850dfdafcb6ae1a8642f76f9c64fa5f43436"; - } - }'"; + #"/.well-known/nostr.json".return = "200 '${ + # builtins.toJSON { + # names.bensima = "2fa4b9ba71b6dab17c4723745bb7850dfdafcb6ae1a8642f76f9c64fa5f43436"; + # } + #}'"; "/" = { - root = "/var/web/simatime.com"; + root = "/var/web/ben"; + index = "index.html index.htm"; extraConfig = '' autoindex on; ''; }; - # serve /~$USER paths + # serve /~$USER paths, yeah i'm the only user, but whatever this + # trick might be useful someday "~ ^/~(.+?)(/.*)?$" = { alias = "/var/web/$1$2"; index = "index.html index.htm"; @@ -140,26 +150,6 @@ in { }; }; - "bensima.com" = { - locations."/" = { - root = "/var/web/ben"; - index = "index.html index.htm"; - extraConfig = '' - autoindex on; - ''; - }; - serverAliases = [ - "www.bensima.com" - "www.bsima.me" - "bsima.me" - ]; - forceSSL = true; - useACMEHost = rootDomain; - }; - - # Monica virtual host configuration is handled by the Monica service - # Don't add a manual entry here to avoid conflicts - "hoogle.${rootDomain}" = { locations."/".proxyPass = "http://${ports.bensIp}:${toString ports.hoogle}"; forceSSL = true; @@ -184,22 +174,6 @@ in { ''; }; - "reddit.${rootDomain}" = { - locations."/".proxyPass = "http://localhost:${toString ports.libreddit}"; - forceSSL = true; - useACMEHost = rootDomain; - }; - "www.reddit.${rootDomain}" = { - forceSSL = true; - useACMEHost = rootDomain; - globalRedirect = "reddit.${rootDomain}"; - }; - "old.reddit.${rootDomain}" = { - forceSSL = true; - useACMEHost = rootDomain; - globalRedirect = "reddit.${rootDomain}"; - }; - "youtube.${rootDomain}" = { locations."/".proxyPass = "http://localhost:${toString ports.invidious}"; forceSSL = true; @@ -216,27 +190,6 @@ in { globalRedirect = "youtube.${rootDomain}"; }; - "dandel-rovbur.${rootDomain}" = { - locations."/".proxyPass = "http://${ports.bensIp}:${toString ports.dandel-rovbur}"; - forceSSL = true; - useACMEHost = rootDomain; - }; - - "sabten.${rootDomain}" = { - locations."/".proxyPass = "http://localhost:${toString ports.sabten}"; - forceSSL = true; - useACMEHost = rootDomain; - }; - - "sd.${rootDomain}" = { - forceSSL = true; - useACMEHost = rootDomain; - locations."/" = { - proxyPass = "http://${ports.bensIp}:${toString ports.stableDiffusion}"; - proxyWebsockets = true; - }; - }; - "music.${rootDomain}" = { forceSSL = true; useACMEHost = rootDomain; @@ -257,7 +210,7 @@ in { }; }; - "notebook.${rootDomain}" = { + "jupyter.${rootDomain}" = { forceSSL = true; useACMEHost = rootDomain; locations = { @@ -283,21 +236,12 @@ in { group = "nginx"; # This must contain all of the other domains we host extraDomainNames = - ["bensima.com" "www.bensima.com" "bsima.me" "www.bsima.me"] + ["simatime.com" "www.simatime.com" "bsima.me" "www.bsima.me"] ++ map (sub: "${sub}.${rootDomain}") [ - "music" "tv" "hoogle" - "dandel-rovbur" - "sabten" "cal" - "notebook" - "nostr" - "youtube" - "www.youtube" - "m.youtube" - "sd" - "gerrit" + "jupyter" "git" "monica" # xmpp stuff diff --git a/Omni/Cloud/Znc.nix b/Omni/Cloud/Znc.nix index 5b927bc..036a14f 100644 --- a/Omni/Cloud/Znc.nix +++ b/Omni/Cloud/Znc.nix @@ -15,7 +15,7 @@ N.B.: generate znc passwords with 'nix-shell -p znc --command "znc --makepass"' useLegacyConfig = false; config = { LoadModule = ["adminlog"]; - Motd = "welcome to znc.simatime.com"; + Motd = "welcome to znc.bensima.com"; User.bsima = { Admin = true; Nick = "bsima"; diff --git a/Omni/Cloud/post-receive.sh b/Omni/Cloud/post-receive.sh index 179fbd0..8df799f 100755 --- a/Omni/Cloud/post-receive.sh +++ b/Omni/Cloud/post-receive.sh @@ -6,11 +6,11 @@ # properly, so we have to manually deploy this like so: # # scp Omni/Cloud/post-receive \ -# root@simatime.com:/srv/git/.gitolite/hooks/common/post-receive +# root@bensima.com:/srv/git/.gitolite/hooks/common/post-receive # # One time only: # -# ssh root@simatime.com "sudo -u git gitolite setup -ho" +# ssh root@bensima.com "sudo -u git gitolite setup -ho" # # Also on first-time setup, might need to manually check the permissions are # correct on $webroot/archive or wherever else. @@ -22,13 +22,13 @@ do then repo=$(basename "$PWD" | sed 's/.git//g') branch=$(git rev-parse --symbolic --abbrev-ref "$refname") - webroot="/srv/www/simatime.com/" + webroot="/srv/www/bensima.com/" outdir="$webroot/archive/$repo/$branch" mkdir -p "$outdir" - echo " making: https://simatime.com/archive/$repo/$branch/$newrev.tar.gz" + echo " making: https://git.bensima.com/archive/$repo/$branch/$newrev.tar.gz" git archive "$branch" --prefix "$repo-$branch/" --format tar \ | gzip > "$outdir/$newrev.tar.gz" - echo " making: https://simatime.com/archive/$repo/$branch/$newrev.sha256" + echo " making: https://git.bensima.com/archive/$repo/$branch/$newrev.sha256" hash=$(nix-prefetch-url --unpack file://"$outdir"/"$newrev".tar.gz 2>/dev/null) echo "$hash" > "$outdir/$newrev.sha256" echo " commit: $newrev" |