summaryrefslogtreecommitdiff
path: root/Biz
diff options
context:
space:
mode:
Diffstat (limited to 'Biz')
-rw-r--r--Biz/Cloud/Ports.nix25
-rw-r--r--Biz/Cloud/Web.nix64
-rw-r--r--Biz/Dev.nix2
-rw-r--r--Biz/Dev/Configuration.nix30
-rw-r--r--Biz/Users.nix2
5 files changed, 67 insertions, 56 deletions
diff --git a/Biz/Cloud/Ports.nix b/Biz/Cloud/Ports.nix
index 66016ec..435a0b6 100644
--- a/Biz/Cloud/Ports.nix
+++ b/Biz/Cloud/Ports.nix
@@ -1,13 +1,24 @@
{
- ssh = 22;
+ bensIp = "199.26.245.64"; # not a port, but it's convenient
+ bitcoind = 8333;
+ dandel-rovbur = 8080;
+ delugeWeb = 8112;
+ devalloc = 8095;
+ et = 2022;
+ gemini = 1965;
git = 9418;
+ hoogle = 8008;
http = 80;
+ httpdev = { from = 8000; to = 8099; };
https = 443;
- sabten = 8080;
- hoogle = 8008;
- gemini = 1965;
- devalloc = 8095;
- radicale = 5232;
jellyfin = 8096;
- dandel-rovbur = 8080;
+ jupyter = 4000;
+ mpd = 6600;
+ mpd-stream = 8097;
+ murmur = 64738;
+ radicale = 5232;
+ sabten = 8080;
+ ssh = 22;
+ tor = 143;
+ torrents = { from = 3000; to = 3099; };
}
diff --git a/Biz/Cloud/Web.nix b/Biz/Cloud/Web.nix
index fd28eee..5a14fb4 100644
--- a/Biz/Cloud/Web.nix
+++ b/Biz/Cloud/Web.nix
@@ -2,7 +2,6 @@
let
rootDomain = config.networking.domain;
- bensIp = "199.26.245.64";
ports = import ./Ports.nix;
in
{
@@ -102,13 +101,13 @@ in
};
"hoogle.${rootDomain}" = {
- locations."/".proxyPass = "http://${bensIp}:${toString ports.hoogle}";
+ locations."/".proxyPass = "http://${ports.bensIp}:${toString ports.hoogle}";
forceSSL = true;
useACMEHost = rootDomain;
};
"tv.${rootDomain}" = {
- locations."/".proxyPass = "http://${bensIp}:${toString ports.jellyfin}";
+ locations."/".proxyPass = "http://${ports.bensIp}:${toString ports.jellyfin}";
forceSSL = true;
useACMEHost = rootDomain;
};
@@ -120,13 +119,13 @@ in
};
"devalloc.io" = {
- locations."/".proxyPass = "http://${bensIp}:${toString ports.devalloc}";
+ locations."/".proxyPass = "http://${ports.bensIp}:${toString ports.devalloc}";
forceSSL = true;
useACMEHost = rootDomain;
};
"dandel-rovbur.${rootDomain}" = {
- locations."/".proxyPass = "http://${bensIp}:${toString ports.dandel-rovbur}";
+ locations."/".proxyPass = "http://${ports.bensIp}:${toString ports.dandel-rovbur}";
forceSSL = true;
useACMEHost = rootDomain;
};
@@ -137,21 +136,25 @@ in
useACMEHost = rootDomain;
};
- # Jupyter is currently disabled on Biz.Dev
- #"notebook.simatime.com".locations = {
- # "/" = {
- # proxyPass = "http://${bensIp}:3099";
- # proxyWebsockets = true;
- # extraConfig = ''
- # proxy_buffering off;
- # proxy_read_timeout 86400;
- # '';
- # };
- # "/(api/kernels/[^/]+/channels|terminals/websocket)/" = {
- # proxyPass = "http://${bensIp}:3099";
- # proxyWebsockets = true;
- # };
- #};
+ "notebook.simatime.com" = {
+ forceSSL = true;
+ useACMEHost = rootDomain;
+ locations = {
+ "/" = {
+ proxyPass = "http://${ports.bensIp}:${toString ports.jupyter}";
+ proxyWebsockets = true;
+ extraConfig = ''
+ proxy_buffering off;
+ proxy_read_timeout 86400;
+ '';
+ };
+ "/(api/kernels/[^/]+/channels|terminals/websocket)/" = {
+ proxyPass = "http://${ports.bensIp}:${toString ports.jupyter}";
+ proxyWebsockets = true;
+ };
+ };
+ };
+
"grocy.${rootDomain}" = {
useACMEHost = rootDomain;
forceSSL = true;
@@ -162,14 +165,17 @@ in
# This must contain all of the other domains we host
security.acme.certs.${rootDomain}.extraDomainNames = [
- "bsima.me" "www.bsima.me" "tv.${rootDomain}"
+ "bsima.me" "www.bsima.me"
"devalloc.io"
- "matrix.${rootDomain}"
- "chat.${rootDomain}"
- "hoogle.${rootDomain}"
- "dandel-rovbur.${rootDomain}"
- "sabten.${rootDomain}"
- "cal.${rootDomain}"
- "grocy.${rootDomain}"
- ];#
+ ] ++ map (sub: "${sub}.${rootDomain}") [
+ "tv"
+ "matrix"
+ "chat"
+ "hoogle"
+ "dandel-rovbur"
+ "sabten"
+ "cal"
+ "notebook"
+ "grocy"
+ ];
}
diff --git a/Biz/Dev.nix b/Biz/Dev.nix
index 837ffaf..a0d742d 100644
--- a/Biz/Dev.nix
+++ b/Biz/Dev.nix
@@ -16,7 +16,7 @@ bild.os {
networking.hostName = "lithium";
networking.domain = "dev.simatime.com";
services.devalloc = {
- enable = true;
+ enable = false;
port = 8095;
package = bild.ghc ./Devalloc.hs;
keep = "/var/devalloc/keep";
diff --git a/Biz/Dev/Configuration.nix b/Biz/Dev/Configuration.nix
index ecc9a46..fcd55b7 100644
--- a/Biz/Dev/Configuration.nix
+++ b/Biz/Dev/Configuration.nix
@@ -1,19 +1,7 @@
{ config, lib, pkgs, ... }:
let
- ports = {
- murmur = 64738;
- torrents = { from = 3000; to = 3099; };
- delugeWeb = 8112;
- jellyfin = 8096;
- httpdev = { from = 8000; to = 8099; };
- devallocHost = 8095;
- hoogle = 8008;
- mpd = 6600;
- mpd-stream = 8097;
- tor = 143;
- et = 2022;
- };
+ ports = import ../Cloud/Ports.nix;
in {
networking = {
nameservers = [ "1.1.1.1" "8.8.8.8" ];
@@ -33,6 +21,8 @@ in {
ports.mpd-stream
ports.tor
ports.et
+ ports.bitcoind
+ ports.jupyter
];
allowedTCPPortRanges = [
ports.torrents
@@ -220,10 +210,10 @@ in {
};
jupyter = {
- enable = false;
- port = 3099;
+ enable = true;
+ port = ports.jupyter;
ip = "*";
- password = "'sha1:4b14a407cabe:fbab8e5400f3f4f3ffbdb00e996190d6a84bf51e'";
+ password = "'argon2:$argon2id$v=19$m=10240,t=10,p=8$nvQhgk+htbIYi961YYAf1w$ekpwiTT5L4+OAods0K7EDw'";
kernels = {
python3 = let
env = (pkgs.python3.withPackages (p: with p; [
@@ -239,8 +229,9 @@ in {
"{connection_file}"
];
language = "python";
- #logo32 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-32x32.png";
- #logo64 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-64x64.png";
+ # error: must be of type 'null or path'
+ #logo32 = "${env.sitePackages}/ipykernel/resources/logo-32x32.png";
+ #logo64 = "${env.sitePackages}/ipykernel/resources/logo-64x64.png";
};
};
};
@@ -314,4 +305,7 @@ in {
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "20.09"; # Did you read the comment?
+
+ # TODO: upstream this
+ users.users.jupyter.isSystemUser = true;
}
diff --git a/Biz/Users.nix b/Biz/Users.nix
index 879e576..0e544f4 100644
--- a/Biz/Users.nix
+++ b/Biz/Users.nix
@@ -37,7 +37,7 @@ in {
isNormalUser = true;
home = "/home/ben";
openssh.authorizedKeys.keys = readKeys ./Keys/Ben.pub;
- extraGroups = [ "wheel" "docker" ];
+ extraGroups = [ "wheel" "docker" "bitcoind-mainnet" ];
hashedPassword =
"$6$SGhdoRB6DhWe$elW8RQE1ebe8JKf1ALW8jGZTPCyn2rpq/0J8MV/A9y8qFMEhA.Z2eiexMgptohZAK5kcGOc6HIUgNzJqnDUvY.";
};