From bc5f851d3f42d69f91caea0fdbe9f34070e1286c Mon Sep 17 00:00:00 2001 From: Till Date: Sun, 27 Apr 2025 18:29:51 +0200 Subject: [PATCH] more server stuff --- flake.nix | 2 ++ system/web-server/fundkorb-button.nix | 13 ++++++++++ system/web-server/mail.nix | 10 +++++--- system/web-server/outline.nix | 15 ++++++------ system/web-server/radicale.nix | 34 +++++++++++++++++++++++++++ 5 files changed, 63 insertions(+), 11 deletions(-) create mode 100644 system/web-server/fundkorb-button.nix create mode 100644 system/web-server/radicale.nix diff --git a/flake.nix b/flake.nix index 1783e0b..432cf3d 100644 --- a/flake.nix +++ b/flake.nix @@ -75,10 +75,12 @@ ./system/hardware/arielle.nix ./system ./system/web-server + ./system/web-server/radicale.nix ./system/web-server/outline.nix ./system/web-server/jenkins.nix ./system/web-server/mail.nix ./system/web-server/ksh-map.nix + ./system/web-server/fundkorb-button.nix ]; }; diff --git a/system/web-server/fundkorb-button.nix b/system/web-server/fundkorb-button.nix new file mode 100644 index 0000000..42c96ec --- /dev/null +++ b/system/web-server/fundkorb-button.nix @@ -0,0 +1,13 @@ +{ config, pkgs, ... }: + +{ + services.nginx.virtualHosts."fundkorb.ktiu.net" = { + addSSL = true; + enableACME = true; + root = "/var/www/fundkorb-button/html"; + location."/" = { + basicAuth = "Fundkorb build trigger"; + basicAuthFile = "/var/www/fundkorb-button/.htpasswd"; + }; + }; +} diff --git a/system/web-server/mail.nix b/system/web-server/mail.nix index 38ce4a7..2a195dd 100644 --- a/system/web-server/mail.nix +++ b/system/web-server/mail.nix @@ -32,10 +32,13 @@ in { enable = true; virtualHosts = { "ktiu.net" = { - addSSL = true; + forceSSL = true; enableACME = true; locations."/" = { - return = "418 'Ich bin eine Teekanne.'"; + return = "200 'This domain used for e-mail hosting only.'"; + extraConfig = '' + add_header Content-Type text/plain; + ''; }; }; "${config.networking.fqdn}" = { @@ -45,7 +48,8 @@ in { root = "/var/lib/acme/.challenges"; }; locations."/" = { - return = "301 http://${config.networking.domain}"; + # return = "301 http://${config.networking.domain}"; + return = "404"; }; }; }; diff --git a/system/web-server/outline.nix b/system/web-server/outline.nix index e675119..8d96afa 100644 --- a/system/web-server/outline.nix +++ b/system/web-server/outline.nix @@ -2,18 +2,17 @@ { - # services.outline = { - # enable = true; - # storage.storageType = "local"; - # smtp = { - # host = "localhost"; - # }; - # }; + services.outline = { + enable = true; + storage.storageType = "local"; + # smtp = { + # host = "localhost"; + # }; + }; services.nginx.virtualHosts."outline.ktiu.net" = { addSSL = true; enableACME = true; - # root = "/var/www/myhost.org"; locations."/" = { proxyPass = "http://127.0.0.1:3000"; extraConfig = diff --git a/system/web-server/radicale.nix b/system/web-server/radicale.nix new file mode 100644 index 0000000..a176c12 --- /dev/null +++ b/system/web-server/radicale.nix @@ -0,0 +1,34 @@ +{ config, pkgs, ... }: + +{ + services.nginx.virtualHosts."kalender.ktiu.net" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:5232/"; + extraConfig = '' + proxy_set_header X-Script-Name /; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Authorization; + ''; + }; + }; + + services.radicale = { + enable = true; + settings = { + server = { + hosts = [ "0.0.0.0:5232" "[::]:5232" ]; + }; + auth = { + type = "htpasswd"; + htpasswd_filename = "/etc/radicale/users"; + htpasswd_encryption = "bcrypt"; + }; + storage = { + filesystem_folder = "/var/lib/radicale/collections"; + }; + }; + }; + +}