palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

get rid of sslh

Browse source
This commit is contained in:
Ingolf Wagner 2021-11-23 07:32:21 +01:00
parent 08a9f9c59c
commit 487780733c
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
6 changed files with 160 additions and 150 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
nixos/configs/pepe/configuration.nix
View file

@ -50,8 +50,8 @@
configuration.fireqos = { configuration.fireqos = {
enable = true; enable = true;
interface = "wlp3s0"; interface = "wlp3s0";
input = 5000; input = 80000;
output = 1200; output = 2500;
balance = false; balance = false;
}; };

289
nixos/configs/sputnik/nginx.nix
View file

@ -32,9 +32,9 @@ in
{ {
networking.firewall.allowedTCPPorts = networking.firewall.allowedTCPPorts =
[ 80 443 4443 config.services.taskserver.listenPort ]; [ 80 443 2222 config.services.taskserver.listenPort ];
networking.firewall.allowedUDPPorts = networking.firewall.allowedUDPPorts =
[ 80 443 4443 config.services.taskserver.listenPort ]; [ 80 443 2222 config.services.taskserver.listenPort ];
services.nginx = { services.nginx = {
enable = true; enable = true;
@ -42,18 +42,18 @@ in
virtualHosts = { virtualHosts = {
"bitwarden.ingolf-wagner.de" = { "bitwarden.ingolf-wagner.de" = {
listen = [ #listen = [
{ # {
addr = "0.0.0.0"; # addr = "0.0.0.0";
port = 4443; # port = 4443;
ssl = true; # ssl = true;
} # }
{ # {
addr = "0.0.0.0"; # addr = "0.0.0.0";
port = 80; # port = 80;
ssl = false; # ssl = false;
} # }
]; #];
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@ -66,18 +66,18 @@ in
"git.ingolf-wagner.de" = { "git.ingolf-wagner.de" = {
listen = [ #listen = [
{ # {
addr = "0.0.0.0"; # addr = "0.0.0.0";
port = 4443; # port = 4443;
ssl = true; # ssl = true;
} # }
{ # {
addr = "0.0.0.0"; # addr = "0.0.0.0";
port = 80; # port = 80;
ssl = false; # ssl = false;
} # }
]; #];
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
extraConfig = error.extraConfig; extraConfig = error.extraConfig;
@ -118,55 +118,55 @@ in
} // error.locations; } // error.locations;
}; };
"grocy.ingolf-wagner.de" = { #"grocy.ingolf-wagner.de" = {
listen = [ # listen = [
{ # {
addr = "0.0.0.0"; # addr = "0.0.0.0";
port = 4443; # port = 4443;
ssl = true; # ssl = true;
} # }
{ # {
addr = "0.0.0.0"; # addr = "0.0.0.0";
port = 80; # port = 80;
ssl = false; # ssl = false;
} # }
]; # ];
}; #};
"paste.ingolf-wagner.de" = { #"paste.ingolf-wagner.de" = {
listen = [ # #listen = [
{ # # {
addr = "0.0.0.0"; # # addr = "0.0.0.0";
port = 4443; # # port = 4443;
ssl = true; # # ssl = true;
} # # }
{ # # {
addr = "0.0.0.0"; # # addr = "0.0.0.0";
port = 80; # # port = 80;
ssl = false; # # ssl = false;
} # # }
]; # #];
forceSSL = true; # forceSSL = true;
enableACME = true; # enableACME = true;
extraConfig = error.extraConfig; # extraConfig = error.extraConfig;
locations = { # locations = {
"/" = { proxyPass = "http://workhorse.private:8000"; }; # "/" = { proxyPass = "http://workhorse.private:8000"; };
} // error.locations; # } // error.locations;
}; #};
"travel.ingolf-wagner.de" = { "travel.ingolf-wagner.de" = {
listen = [ #listen = [
{ # {
addr = "0.0.0.0"; # addr = "0.0.0.0";
port = 4443; # port = 4443;
ssl = true; # ssl = true;
} # }
{ # {
addr = "0.0.0.0"; # addr = "0.0.0.0";
port = 80; # port = 80;
ssl = false; # ssl = false;
} # }
]; #];
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
extraConfig = error.extraConfig; extraConfig = error.extraConfig;
@ -183,18 +183,18 @@ in
}; };
"tech.ingolf-wagner.de" = { "tech.ingolf-wagner.de" = {
listen = [ #listen = [
{ # {
addr = "0.0.0.0"; # addr = "0.0.0.0";
port = 4443; # port = 4443;
ssl = true; # ssl = true;
} # }
{ # {
addr = "0.0.0.0"; # addr = "0.0.0.0";
port = 80; # port = 80;
ssl = false; # ssl = false;
} # }
]; #];
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
extraConfig = error.extraConfig; extraConfig = error.extraConfig;
@ -211,18 +211,18 @@ in
}; };
"preview.tech.ingolf-wagner.de" = { "preview.tech.ingolf-wagner.de" = {
listen = [ #listen = [
{ # {
addr = "0.0.0.0"; # addr = "0.0.0.0";
port = 4443; # port = 4443;
ssl = true; # ssl = true;
} # }
{ # {
addr = "0.0.0.0"; # addr = "0.0.0.0";
port = 80; # port = 80;
ssl = false; # ssl = false;
} # }
]; #];
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
extraConfig = error.extraConfig; extraConfig = error.extraConfig;
@ -240,18 +240,18 @@ in
}; };
"terranix.org" = { "terranix.org" = {
listen = [ #listen = [
{ # {
addr = "0.0.0.0"; # addr = "0.0.0.0";
port = 4443; # port = 4443;
ssl = true; # ssl = true;
} # }
{ # {
addr = "0.0.0.0"; # addr = "0.0.0.0";
port = 80; # port = 80;
ssl = false; # ssl = false;
} # }
]; #];
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
extraConfig = error.extraConfig; extraConfig = error.extraConfig;
@ -296,18 +296,18 @@ in
#}; #};
"nextcloud.ingolf-wagner.de" = { "nextcloud.ingolf-wagner.de" = {
listen = [ #listen = [
{ # {
addr = "0.0.0.0"; # addr = "0.0.0.0";
port = 4443; # port = 4443;
ssl = true; # ssl = true;
} # }
{ # {
addr = "0.0.0.0"; # addr = "0.0.0.0";
port = 80; # port = 80;
ssl = false; # ssl = false;
} # }
]; #];
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
extraConfig = error.extraConfig; extraConfig = error.extraConfig;
@ -356,18 +356,18 @@ in
}; };
"gaykraft.com" = { "gaykraft.com" = {
listen = [ #listen = [
{ # {
addr = "0.0.0.0"; # addr = "0.0.0.0";
port = 4443; # port = 4443;
ssl = true; # ssl = true;
} # }
{ # {
addr = "0.0.0.0"; # addr = "0.0.0.0";
port = 80; # port = 80;
ssl = false; # ssl = false;
} # }
]; #];
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
extraConfig = error.extraConfig; extraConfig = error.extraConfig;
@ -380,7 +380,7 @@ in
}; };
services.sslh = { services.sslh = {
enable = true; enable = false;
listenAddresses = [ "0.0.0.0" ]; listenAddresses = [ "0.0.0.0" ];
port = 443; port = 443;
verbose = true; verbose = true;
@ -430,13 +430,13 @@ in
''; '';
}; };
systemd.services."socat-proxy" = { #systemd.services."socat-proxy" = {
wantedBy = [ "sslh.service" "multi-user.target" ]; # wantedBy = [ "sslh.service" "multi-user.target" ];
after = [ "sslh.service" ]; # after = [ "sslh.service" ];
script = '' # script = ''
${pkgs.socat}/bin/socat TCP-LISTEN:2222,fork TCP:workhorse.private:2222 # ${pkgs.socat}/bin/socat TCP-LISTEN:2222,fork TCP:workhorse.private:2222
''; # '';
}; #};
systemd.services."socat-taskd" = { systemd.services."socat-taskd" = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@ -447,4 +447,13 @@ in
''; '';
}; };
systemd.services."socat-gogs-ssh" = {
wantedBy = [ "multi-user.target" ];
script =
let port = "2222";
in ''
${pkgs.socat}/bin/socat TCP-LISTEN:${port},fork TCP:workhorse.private:${port}
'';
};
} }

3
nixos/configs/sterni/packages.nix
View file

@ -56,11 +56,12 @@ in
#tor-browser-bundle-bin #tor-browser-bundle-bin
#(tor-browser-bundle-bin.overrideAttrs (old: rec { #(tor-browser-bundle-bin.overrideAttrs (old: rec {
# version = "10.0.15"; # version = "11.0.1";
# name = "tor-browser-bundle-${version}"; # name = "tor-browser-bundle-${version}";
# src = pkgs.fetchurl { # src = pkgs.fetchurl {
# url = # url =
# "https://dist.torproject.org/torbrowser/10.0.15/tor-browser-linux64-10.0.15_en-US.tar.xz"; # "https://dist.torproject.org/torbrowser/10.0.15/tor-browser-linux64-10.0.15_en-US.tar.xz";
# "https://dist.torproject.org/torbrowser/11.0.1/tor-browser-linux64-11.0.1_en-US.tar.xz";
# sha256 = "1ah69jmfgik063f9gkvyv9d4k706pqihmzc4k7cc95zyd17v8wrs"; # sha256 = "1ah69jmfgik063f9gkvyv9d4k706pqihmzc4k7cc95zyd17v8wrs";
# }; # };
#})) #}))

2
nixos/configs/workhorse/gogs.nix
View file

@ -60,7 +60,7 @@ in
SHOW_REGISTRATION_BUTTON = false SHOW_REGISTRATION_BUTTON = false
[server] [server]
SSH_DOMAIN = "git.ingolf-wagner.de" SSH_DOMAIN = "git.ingolf-wagner.de"
SSH_PORT = 443 SSH_PORT = 2222
START_SSH_SERVER = true START_SSH_SERVER = true
SSH_LISTEN_PORT = 2222 SSH_LISTEN_PORT = 2222

6
nixos/configs/workhorse/jenkins.nix
View file

@ -186,14 +186,14 @@ in
"git@github.com:mrVanDalo/tech.ingolf-wagner.de.git") "git@github.com:mrVanDalo/tech.ingolf-wagner.de.git")
(sync-to-github "sync-LineageOS-build" (sync-to-github "sync-LineageOS-build"
"ssh://gogs@git.ingolf-wagner.de:443/palo/LineagoOS-build.git" "ssh://gogs@git.ingolf-wagner.de:2222/palo/LineagoOS-build.git"
"git@github.com:mrVanDalo/LineagoOS-build.git") "git@github.com:mrVanDalo/LineagoOS-build.git")
(sync-to-github "sync-http-errors" (sync-to-github "sync-http-errors"
"ssh://gogs@git.ingolf-wagner.de:443/palo/http-errors.git" "ssh://gogs@git.ingolf-wagner.de:2222/palo/http-errors.git"
"git@github.com:mrVanDalo/http-errors.git") "git@github.com:mrVanDalo/http-errors.git")
(sync-to-github "sync-light-control" (sync-to-github "sync-light-control"
"ssh://gogs@git.ingolf-wagner.de:443/palo/light-control.git" "ssh://gogs@git.ingolf-wagner.de:2222/palo/light-control.git"
"git@github.com:mrVanDalo/light-control.git") "git@github.com:mrVanDalo/light-control.git")
]; ];

6
nixos/flake.lock
View file

@ -291,11 +291,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1636604662, "lastModified": 1637608833,
"narHash": "sha256-HdkguhBYEKIinCK6B14sqNFtveQYJUuChfiGLF2q7fU=", "narHash": "sha256-mjbNI3AKFA8O/kjUlzP0t3e9oI5SmU5/49aHPcwssZw=",
"owner": "mrVanDalo", "owner": "mrVanDalo",
"repo": "grocy-scanner", "repo": "grocy-scanner",
"rev": "0e4ebe0fadfab71b18287f75371caa93f1c29876", "rev": "7ae77b0881a993e0a91623341327f15e40564e48",
"type": "github" "type": "github"
}, },
"original": { "original": {