diff --git a/nixos/configs/pepe/configuration.nix b/nixos/configs/pepe/configuration.nix index e42678f..62b72ea 100644 --- a/nixos/configs/pepe/configuration.nix +++ b/nixos/configs/pepe/configuration.nix @@ -50,8 +50,8 @@ configuration.fireqos = { enable = true; interface = "wlp3s0"; - input = 5000; - output = 1200; + input = 80000; + output = 2500; balance = false; }; diff --git a/nixos/configs/sputnik/nginx.nix b/nixos/configs/sputnik/nginx.nix index 542440c..490fea7 100644 --- a/nixos/configs/sputnik/nginx.nix +++ b/nixos/configs/sputnik/nginx.nix @@ -32,9 +32,9 @@ in { networking.firewall.allowedTCPPorts = - [ 80 443 4443 config.services.taskserver.listenPort ]; + [ 80 443 2222 config.services.taskserver.listenPort ]; networking.firewall.allowedUDPPorts = - [ 80 443 4443 config.services.taskserver.listenPort ]; + [ 80 443 2222 config.services.taskserver.listenPort ]; services.nginx = { enable = true; @@ -42,18 +42,18 @@ in virtualHosts = { "bitwarden.ingolf-wagner.de" = { - listen = [ - { - addr = "0.0.0.0"; - port = 4443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 80; - ssl = false; - } - ]; + #listen = [ + # { + # addr = "0.0.0.0"; + # port = 4443; + # ssl = true; + # } + # { + # addr = "0.0.0.0"; + # port = 80; + # ssl = false; + # } + #]; forceSSL = true; enableACME = true; @@ -66,18 +66,18 @@ in "git.ingolf-wagner.de" = { - listen = [ - { - addr = "0.0.0.0"; - port = 4443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 80; - ssl = false; - } - ]; + #listen = [ + # { + # addr = "0.0.0.0"; + # port = 4443; + # ssl = true; + # } + # { + # addr = "0.0.0.0"; + # port = 80; + # ssl = false; + # } + #]; forceSSL = true; enableACME = true; extraConfig = error.extraConfig; @@ -118,55 +118,55 @@ in } // error.locations; }; - "grocy.ingolf-wagner.de" = { - listen = [ - { - addr = "0.0.0.0"; - port = 4443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 80; - ssl = false; - } - ]; - }; + #"grocy.ingolf-wagner.de" = { + # listen = [ + # { + # addr = "0.0.0.0"; + # port = 4443; + # ssl = true; + # } + # { + # addr = "0.0.0.0"; + # port = 80; + # ssl = false; + # } + # ]; + #}; - "paste.ingolf-wagner.de" = { - listen = [ - { - addr = "0.0.0.0"; - port = 4443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 80; - ssl = false; - } - ]; - forceSSL = true; - enableACME = true; - extraConfig = error.extraConfig; - locations = { - "/" = { proxyPass = "http://workhorse.private:8000"; }; - } // error.locations; - }; + #"paste.ingolf-wagner.de" = { + # #listen = [ + # # { + # # addr = "0.0.0.0"; + # # port = 4443; + # # ssl = true; + # # } + # # { + # # addr = "0.0.0.0"; + # # port = 80; + # # ssl = false; + # # } + # #]; + # forceSSL = true; + # enableACME = true; + # extraConfig = error.extraConfig; + # locations = { + # "/" = { proxyPass = "http://workhorse.private:8000"; }; + # } // error.locations; + #}; "travel.ingolf-wagner.de" = { - listen = [ - { - addr = "0.0.0.0"; - port = 4443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 80; - ssl = false; - } - ]; + #listen = [ + # { + # addr = "0.0.0.0"; + # port = 4443; + # ssl = true; + # } + # { + # addr = "0.0.0.0"; + # port = 80; + # ssl = false; + # } + #]; forceSSL = true; enableACME = true; extraConfig = error.extraConfig; @@ -183,18 +183,18 @@ in }; "tech.ingolf-wagner.de" = { - listen = [ - { - addr = "0.0.0.0"; - port = 4443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 80; - ssl = false; - } - ]; + #listen = [ + # { + # addr = "0.0.0.0"; + # port = 4443; + # ssl = true; + # } + # { + # addr = "0.0.0.0"; + # port = 80; + # ssl = false; + # } + #]; forceSSL = true; enableACME = true; extraConfig = error.extraConfig; @@ -211,18 +211,18 @@ in }; "preview.tech.ingolf-wagner.de" = { - listen = [ - { - addr = "0.0.0.0"; - port = 4443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 80; - ssl = false; - } - ]; + #listen = [ + # { + # addr = "0.0.0.0"; + # port = 4443; + # ssl = true; + # } + # { + # addr = "0.0.0.0"; + # port = 80; + # ssl = false; + # } + #]; forceSSL = true; enableACME = true; extraConfig = error.extraConfig; @@ -240,18 +240,18 @@ in }; "terranix.org" = { - listen = [ - { - addr = "0.0.0.0"; - port = 4443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 80; - ssl = false; - } - ]; + #listen = [ + # { + # addr = "0.0.0.0"; + # port = 4443; + # ssl = true; + # } + # { + # addr = "0.0.0.0"; + # port = 80; + # ssl = false; + # } + #]; forceSSL = true; enableACME = true; extraConfig = error.extraConfig; @@ -296,18 +296,18 @@ in #}; "nextcloud.ingolf-wagner.de" = { - listen = [ - { - addr = "0.0.0.0"; - port = 4443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 80; - ssl = false; - } - ]; + #listen = [ + # { + # addr = "0.0.0.0"; + # port = 4443; + # ssl = true; + # } + # { + # addr = "0.0.0.0"; + # port = 80; + # ssl = false; + # } + #]; forceSSL = true; enableACME = true; extraConfig = error.extraConfig; @@ -356,18 +356,18 @@ in }; "gaykraft.com" = { - listen = [ - { - addr = "0.0.0.0"; - port = 4443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 80; - ssl = false; - } - ]; + #listen = [ + # { + # addr = "0.0.0.0"; + # port = 4443; + # ssl = true; + # } + # { + # addr = "0.0.0.0"; + # port = 80; + # ssl = false; + # } + #]; forceSSL = true; enableACME = true; extraConfig = error.extraConfig; @@ -380,7 +380,7 @@ in }; services.sslh = { - enable = true; + enable = false; listenAddresses = [ "0.0.0.0" ]; port = 443; verbose = true; @@ -430,13 +430,13 @@ in ''; }; - systemd.services."socat-proxy" = { - wantedBy = [ "sslh.service" "multi-user.target" ]; - after = [ "sslh.service" ]; - script = '' - ${pkgs.socat}/bin/socat TCP-LISTEN:2222,fork TCP:workhorse.private:2222 - ''; - }; + #systemd.services."socat-proxy" = { + # wantedBy = [ "sslh.service" "multi-user.target" ]; + # after = [ "sslh.service" ]; + # script = '' + # ${pkgs.socat}/bin/socat TCP-LISTEN:2222,fork TCP:workhorse.private:2222 + # ''; + #}; systemd.services."socat-taskd" = { wantedBy = [ "multi-user.target" ]; @@ -447,4 +447,13 @@ in ''; }; + systemd.services."socat-gogs-ssh" = { + wantedBy = [ "multi-user.target" ]; + script = + let port = "2222"; + in '' + ${pkgs.socat}/bin/socat TCP-LISTEN:${port},fork TCP:workhorse.private:${port} + ''; + }; + } diff --git a/nixos/configs/sterni/packages.nix b/nixos/configs/sterni/packages.nix index 6697a0a..f0ed195 100644 --- a/nixos/configs/sterni/packages.nix +++ b/nixos/configs/sterni/packages.nix @@ -56,11 +56,12 @@ in #tor-browser-bundle-bin #(tor-browser-bundle-bin.overrideAttrs (old: rec { - # version = "10.0.15"; + # version = "11.0.1"; # name = "tor-browser-bundle-${version}"; # src = pkgs.fetchurl { # url = # "https://dist.torproject.org/torbrowser/10.0.15/tor-browser-linux64-10.0.15_en-US.tar.xz"; + # "https://dist.torproject.org/torbrowser/11.0.1/tor-browser-linux64-11.0.1_en-US.tar.xz"; # sha256 = "1ah69jmfgik063f9gkvyv9d4k706pqihmzc4k7cc95zyd17v8wrs"; # }; #})) diff --git a/nixos/configs/workhorse/gogs.nix b/nixos/configs/workhorse/gogs.nix index 1fd48d4..258ceea 100644 --- a/nixos/configs/workhorse/gogs.nix +++ b/nixos/configs/workhorse/gogs.nix @@ -60,7 +60,7 @@ in SHOW_REGISTRATION_BUTTON = false [server] SSH_DOMAIN = "git.ingolf-wagner.de" - SSH_PORT = 443 + SSH_PORT = 2222 START_SSH_SERVER = true SSH_LISTEN_PORT = 2222 diff --git a/nixos/configs/workhorse/jenkins.nix b/nixos/configs/workhorse/jenkins.nix index de10033..1f277d6 100644 --- a/nixos/configs/workhorse/jenkins.nix +++ b/nixos/configs/workhorse/jenkins.nix @@ -186,14 +186,14 @@ in "git@github.com:mrVanDalo/tech.ingolf-wagner.de.git") (sync-to-github "sync-LineageOS-build" - "ssh://gogs@git.ingolf-wagner.de:443/palo/LineagoOS-build.git" + "ssh://gogs@git.ingolf-wagner.de:2222/palo/LineagoOS-build.git" "git@github.com:mrVanDalo/LineagoOS-build.git") (sync-to-github "sync-http-errors" - "ssh://gogs@git.ingolf-wagner.de:443/palo/http-errors.git" + "ssh://gogs@git.ingolf-wagner.de:2222/palo/http-errors.git" "git@github.com:mrVanDalo/http-errors.git") (sync-to-github "sync-light-control" - "ssh://gogs@git.ingolf-wagner.de:443/palo/light-control.git" + "ssh://gogs@git.ingolf-wagner.de:2222/palo/light-control.git" "git@github.com:mrVanDalo/light-control.git") ]; diff --git a/nixos/flake.lock b/nixos/flake.lock index 4e7902d..7f45ecd 100644 --- a/nixos/flake.lock +++ b/nixos/flake.lock @@ -291,11 +291,11 @@ ] }, "locked": { - "lastModified": 1636604662, - "narHash": "sha256-HdkguhBYEKIinCK6B14sqNFtveQYJUuChfiGLF2q7fU=", + "lastModified": 1637608833, + "narHash": "sha256-mjbNI3AKFA8O/kjUlzP0t3e9oI5SmU5/49aHPcwssZw=", "owner": "mrVanDalo", "repo": "grocy-scanner", - "rev": "0e4ebe0fadfab71b18287f75371caa93f1c29876", + "rev": "7ae77b0881a993e0a91623341327f15e40564e48", "type": "github" }, "original": {