get rid of sslh

This commit is contained in:
Ingolf Wagner 2021-11-23 07:32:21 +01:00
parent 08a9f9c59c
commit 487780733c
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
6 changed files with 160 additions and 150 deletions

View file

@ -50,8 +50,8 @@
configuration.fireqos = {
enable = true;
interface = "wlp3s0";
input = 5000;
output = 1200;
input = 80000;
output = 2500;
balance = false;
};

View file

@ -32,9 +32,9 @@ in
{
networking.firewall.allowedTCPPorts =
[ 80 443 4443 config.services.taskserver.listenPort ];
[ 80 443 2222 config.services.taskserver.listenPort ];
networking.firewall.allowedUDPPorts =
[ 80 443 4443 config.services.taskserver.listenPort ];
[ 80 443 2222 config.services.taskserver.listenPort ];
services.nginx = {
enable = true;
@ -42,18 +42,18 @@ in
virtualHosts = {
"bitwarden.ingolf-wagner.de" = {
listen = [
{
addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
];
#listen = [
# {
# addr = "0.0.0.0";
# port = 4443;
# ssl = true;
# }
# {
# addr = "0.0.0.0";
# port = 80;
# ssl = false;
# }
#];
forceSSL = true;
enableACME = true;
@ -66,18 +66,18 @@ in
"git.ingolf-wagner.de" = {
listen = [
{
addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
];
#listen = [
# {
# addr = "0.0.0.0";
# port = 4443;
# ssl = true;
# }
# {
# addr = "0.0.0.0";
# port = 80;
# ssl = false;
# }
#];
forceSSL = true;
enableACME = true;
extraConfig = error.extraConfig;
@ -118,55 +118,55 @@ in
} // error.locations;
};
"grocy.ingolf-wagner.de" = {
listen = [
{
addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
];
};
#"grocy.ingolf-wagner.de" = {
# listen = [
# {
# addr = "0.0.0.0";
# port = 4443;
# ssl = true;
# }
# {
# addr = "0.0.0.0";
# port = 80;
# ssl = false;
# }
# ];
#};
"paste.ingolf-wagner.de" = {
listen = [
{
addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
];
forceSSL = true;
enableACME = true;
extraConfig = error.extraConfig;
locations = {
"/" = { proxyPass = "http://workhorse.private:8000"; };
} // error.locations;
};
#"paste.ingolf-wagner.de" = {
# #listen = [
# # {
# # addr = "0.0.0.0";
# # port = 4443;
# # ssl = true;
# # }
# # {
# # addr = "0.0.0.0";
# # port = 80;
# # ssl = false;
# # }
# #];
# forceSSL = true;
# enableACME = true;
# extraConfig = error.extraConfig;
# locations = {
# "/" = { proxyPass = "http://workhorse.private:8000"; };
# } // error.locations;
#};
"travel.ingolf-wagner.de" = {
listen = [
{
addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
];
#listen = [
# {
# addr = "0.0.0.0";
# port = 4443;
# ssl = true;
# }
# {
# addr = "0.0.0.0";
# port = 80;
# ssl = false;
# }
#];
forceSSL = true;
enableACME = true;
extraConfig = error.extraConfig;
@ -183,18 +183,18 @@ in
};
"tech.ingolf-wagner.de" = {
listen = [
{
addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
];
#listen = [
# {
# addr = "0.0.0.0";
# port = 4443;
# ssl = true;
# }
# {
# addr = "0.0.0.0";
# port = 80;
# ssl = false;
# }
#];
forceSSL = true;
enableACME = true;
extraConfig = error.extraConfig;
@ -211,18 +211,18 @@ in
};
"preview.tech.ingolf-wagner.de" = {
listen = [
{
addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
];
#listen = [
# {
# addr = "0.0.0.0";
# port = 4443;
# ssl = true;
# }
# {
# addr = "0.0.0.0";
# port = 80;
# ssl = false;
# }
#];
forceSSL = true;
enableACME = true;
extraConfig = error.extraConfig;
@ -240,18 +240,18 @@ in
};
"terranix.org" = {
listen = [
{
addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
];
#listen = [
# {
# addr = "0.0.0.0";
# port = 4443;
# ssl = true;
# }
# {
# addr = "0.0.0.0";
# port = 80;
# ssl = false;
# }
#];
forceSSL = true;
enableACME = true;
extraConfig = error.extraConfig;
@ -296,18 +296,18 @@ in
#};
"nextcloud.ingolf-wagner.de" = {
listen = [
{
addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
];
#listen = [
# {
# addr = "0.0.0.0";
# port = 4443;
# ssl = true;
# }
# {
# addr = "0.0.0.0";
# port = 80;
# ssl = false;
# }
#];
forceSSL = true;
enableACME = true;
extraConfig = error.extraConfig;
@ -356,18 +356,18 @@ in
};
"gaykraft.com" = {
listen = [
{
addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
];
#listen = [
# {
# addr = "0.0.0.0";
# port = 4443;
# ssl = true;
# }
# {
# addr = "0.0.0.0";
# port = 80;
# ssl = false;
# }
#];
forceSSL = true;
enableACME = true;
extraConfig = error.extraConfig;
@ -380,7 +380,7 @@ in
};
services.sslh = {
enable = true;
enable = false;
listenAddresses = [ "0.0.0.0" ];
port = 443;
verbose = true;
@ -430,13 +430,13 @@ in
'';
};
systemd.services."socat-proxy" = {
wantedBy = [ "sslh.service" "multi-user.target" ];
after = [ "sslh.service" ];
script = ''
${pkgs.socat}/bin/socat TCP-LISTEN:2222,fork TCP:workhorse.private:2222
'';
};
#systemd.services."socat-proxy" = {
# wantedBy = [ "sslh.service" "multi-user.target" ];
# after = [ "sslh.service" ];
# script = ''
# ${pkgs.socat}/bin/socat TCP-LISTEN:2222,fork TCP:workhorse.private:2222
# '';
#};
systemd.services."socat-taskd" = {
wantedBy = [ "multi-user.target" ];
@ -447,4 +447,13 @@ in
'';
};
systemd.services."socat-gogs-ssh" = {
wantedBy = [ "multi-user.target" ];
script =
let port = "2222";
in ''
${pkgs.socat}/bin/socat TCP-LISTEN:${port},fork TCP:workhorse.private:${port}
'';
};
}

View file

@ -56,11 +56,12 @@ in
#tor-browser-bundle-bin
#(tor-browser-bundle-bin.overrideAttrs (old: rec {
# version = "10.0.15";
# version = "11.0.1";
# name = "tor-browser-bundle-${version}";
# src = pkgs.fetchurl {
# url =
# "https://dist.torproject.org/torbrowser/10.0.15/tor-browser-linux64-10.0.15_en-US.tar.xz";
# "https://dist.torproject.org/torbrowser/11.0.1/tor-browser-linux64-11.0.1_en-US.tar.xz";
# sha256 = "1ah69jmfgik063f9gkvyv9d4k706pqihmzc4k7cc95zyd17v8wrs";
# };
#}))

View file

@ -60,7 +60,7 @@ in
SHOW_REGISTRATION_BUTTON = false
[server]
SSH_DOMAIN = "git.ingolf-wagner.de"
SSH_PORT = 443
SSH_PORT = 2222
START_SSH_SERVER = true
SSH_LISTEN_PORT = 2222

View file

@ -186,14 +186,14 @@ in
"git@github.com:mrVanDalo/tech.ingolf-wagner.de.git")
(sync-to-github "sync-LineageOS-build"
"ssh://gogs@git.ingolf-wagner.de:443/palo/LineagoOS-build.git"
"ssh://gogs@git.ingolf-wagner.de:2222/palo/LineagoOS-build.git"
"git@github.com:mrVanDalo/LineagoOS-build.git")
(sync-to-github "sync-http-errors"
"ssh://gogs@git.ingolf-wagner.de:443/palo/http-errors.git"
"ssh://gogs@git.ingolf-wagner.de:2222/palo/http-errors.git"
"git@github.com:mrVanDalo/http-errors.git")
(sync-to-github "sync-light-control"
"ssh://gogs@git.ingolf-wagner.de:443/palo/light-control.git"
"ssh://gogs@git.ingolf-wagner.de:2222/palo/light-control.git"
"git@github.com:mrVanDalo/light-control.git")
];

View file

@ -291,11 +291,11 @@
]
},
"locked": {
"lastModified": 1636604662,
"narHash": "sha256-HdkguhBYEKIinCK6B14sqNFtveQYJUuChfiGLF2q7fU=",
"lastModified": 1637608833,
"narHash": "sha256-mjbNI3AKFA8O/kjUlzP0t3e9oI5SmU5/49aHPcwssZw=",
"owner": "mrVanDalo",
"repo": "grocy-scanner",
"rev": "0e4ebe0fadfab71b18287f75371caa93f1c29876",
"rev": "7ae77b0881a993e0a91623341327f15e40564e48",
"type": "github"
},
"original": {