From ce1f39471d090d724d33732a6ea995213666dbf9 Mon Sep 17 00:00:00 2001 From: Ben Sima Date: Mon, 12 Jul 2021 09:51:28 -0400 Subject: Enable jupyter, consolidate ports, open bitcoind --- Biz/Cloud/Ports.nix | 25 ++++++++++++------ Biz/Cloud/Web.nix | 64 ++++++++++++++++++++++++++--------------------- Biz/Dev.nix | 2 +- Biz/Dev/Configuration.nix | 30 +++++++++------------- Biz/Users.nix | 2 +- 5 files changed, 67 insertions(+), 56 deletions(-) diff --git a/Biz/Cloud/Ports.nix b/Biz/Cloud/Ports.nix index 66016ec..435a0b6 100644 --- a/Biz/Cloud/Ports.nix +++ b/Biz/Cloud/Ports.nix @@ -1,13 +1,24 @@ { - ssh = 22; + bensIp = "199.26.245.64"; # not a port, but it's convenient + bitcoind = 8333; + dandel-rovbur = 8080; + delugeWeb = 8112; + devalloc = 8095; + et = 2022; + gemini = 1965; git = 9418; + hoogle = 8008; http = 80; + httpdev = { from = 8000; to = 8099; }; https = 443; - sabten = 8080; - hoogle = 8008; - gemini = 1965; - devalloc = 8095; - radicale = 5232; jellyfin = 8096; - dandel-rovbur = 8080; + jupyter = 4000; + mpd = 6600; + mpd-stream = 8097; + murmur = 64738; + radicale = 5232; + sabten = 8080; + ssh = 22; + tor = 143; + torrents = { from = 3000; to = 3099; }; } diff --git a/Biz/Cloud/Web.nix b/Biz/Cloud/Web.nix index fd28eee..5a14fb4 100644 --- a/Biz/Cloud/Web.nix +++ b/Biz/Cloud/Web.nix @@ -2,7 +2,6 @@ let rootDomain = config.networking.domain; - bensIp = "199.26.245.64"; ports = import ./Ports.nix; in { @@ -102,13 +101,13 @@ in }; "hoogle.${rootDomain}" = { - locations."/".proxyPass = "http://${bensIp}:${toString ports.hoogle}"; + locations."/".proxyPass = "http://${ports.bensIp}:${toString ports.hoogle}"; forceSSL = true; useACMEHost = rootDomain; }; "tv.${rootDomain}" = { - locations."/".proxyPass = "http://${bensIp}:${toString ports.jellyfin}"; + locations."/".proxyPass = "http://${ports.bensIp}:${toString ports.jellyfin}"; forceSSL = true; useACMEHost = rootDomain; }; @@ -120,13 +119,13 @@ in }; "devalloc.io" = { - locations."/".proxyPass = "http://${bensIp}:${toString ports.devalloc}"; + locations."/".proxyPass = "http://${ports.bensIp}:${toString ports.devalloc}"; forceSSL = true; useACMEHost = rootDomain; }; "dandel-rovbur.${rootDomain}" = { - locations."/".proxyPass = "http://${bensIp}:${toString ports.dandel-rovbur}"; + locations."/".proxyPass = "http://${ports.bensIp}:${toString ports.dandel-rovbur}"; forceSSL = true; useACMEHost = rootDomain; }; @@ -137,21 +136,25 @@ in useACMEHost = rootDomain; }; - # Jupyter is currently disabled on Biz.Dev - #"notebook.simatime.com".locations = { - # "/" = { - # proxyPass = "http://${bensIp}:3099"; - # proxyWebsockets = true; - # extraConfig = '' - # proxy_buffering off; - # proxy_read_timeout 86400; - # ''; - # }; - # "/(api/kernels/[^/]+/channels|terminals/websocket)/" = { - # proxyPass = "http://${bensIp}:3099"; - # proxyWebsockets = true; - # }; - #}; + "notebook.simatime.com" = { + forceSSL = true; + useACMEHost = rootDomain; + locations = { + "/" = { + proxyPass = "http://${ports.bensIp}:${toString ports.jupyter}"; + proxyWebsockets = true; + extraConfig = '' + proxy_buffering off; + proxy_read_timeout 86400; + ''; + }; + "/(api/kernels/[^/]+/channels|terminals/websocket)/" = { + proxyPass = "http://${ports.bensIp}:${toString ports.jupyter}"; + proxyWebsockets = true; + }; + }; + }; + "grocy.${rootDomain}" = { useACMEHost = rootDomain; forceSSL = true; @@ -162,14 +165,17 @@ in # This must contain all of the other domains we host security.acme.certs.${rootDomain}.extraDomainNames = [ - "bsima.me" "www.bsima.me" "tv.${rootDomain}" + "bsima.me" "www.bsima.me" "devalloc.io" - "matrix.${rootDomain}" - "chat.${rootDomain}" - "hoogle.${rootDomain}" - "dandel-rovbur.${rootDomain}" - "sabten.${rootDomain}" - "cal.${rootDomain}" - "grocy.${rootDomain}" - ];# + ] ++ map (sub: "${sub}.${rootDomain}") [ + "tv" + "matrix" + "chat" + "hoogle" + "dandel-rovbur" + "sabten" + "cal" + "notebook" + "grocy" + ]; } diff --git a/Biz/Dev.nix b/Biz/Dev.nix index 837ffaf..a0d742d 100644 --- a/Biz/Dev.nix +++ b/Biz/Dev.nix @@ -16,7 +16,7 @@ bild.os { networking.hostName = "lithium"; networking.domain = "dev.simatime.com"; services.devalloc = { - enable = true; + enable = false; port = 8095; package = bild.ghc ./Devalloc.hs; keep = "/var/devalloc/keep"; diff --git a/Biz/Dev/Configuration.nix b/Biz/Dev/Configuration.nix index ecc9a46..fcd55b7 100644 --- a/Biz/Dev/Configuration.nix +++ b/Biz/Dev/Configuration.nix @@ -1,19 +1,7 @@ { config, lib, pkgs, ... }: let - ports = { - murmur = 64738; - torrents = { from = 3000; to = 3099; }; - delugeWeb = 8112; - jellyfin = 8096; - httpdev = { from = 8000; to = 8099; }; - devallocHost = 8095; - hoogle = 8008; - mpd = 6600; - mpd-stream = 8097; - tor = 143; - et = 2022; - }; + ports = import ../Cloud/Ports.nix; in { networking = { nameservers = [ "1.1.1.1" "8.8.8.8" ]; @@ -33,6 +21,8 @@ in { ports.mpd-stream ports.tor ports.et + ports.bitcoind + ports.jupyter ]; allowedTCPPortRanges = [ ports.torrents @@ -220,10 +210,10 @@ in { }; jupyter = { - enable = false; - port = 3099; + enable = true; + port = ports.jupyter; ip = "*"; - password = "'sha1:4b14a407cabe:fbab8e5400f3f4f3ffbdb00e996190d6a84bf51e'"; + password = "'argon2:$argon2id$v=19$m=10240,t=10,p=8$nvQhgk+htbIYi961YYAf1w$ekpwiTT5L4+OAods0K7EDw'"; kernels = { python3 = let env = (pkgs.python3.withPackages (p: with p; [ @@ -239,8 +229,9 @@ in { "{connection_file}" ]; language = "python"; - #logo32 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-32x32.png"; - #logo64 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-64x64.png"; + # error: must be of type 'null or path' + #logo32 = "${env.sitePackages}/ipykernel/resources/logo-32x32.png"; + #logo64 = "${env.sitePackages}/ipykernel/resources/logo-64x64.png"; }; }; }; @@ -314,4 +305,7 @@ in { # servers. You should change this only after NixOS release notes say you # should. system.stateVersion = "20.09"; # Did you read the comment? + + # TODO: upstream this + users.users.jupyter.isSystemUser = true; } diff --git a/Biz/Users.nix b/Biz/Users.nix index 879e576..0e544f4 100644 --- a/Biz/Users.nix +++ b/Biz/Users.nix @@ -37,7 +37,7 @@ in { isNormalUser = true; home = "/home/ben"; openssh.authorizedKeys.keys = readKeys ./Keys/Ben.pub; - extraGroups = [ "wheel" "docker" ]; + extraGroups = [ "wheel" "docker" "bitcoind-mainnet" ]; hashedPassword = "$6$SGhdoRB6DhWe$elW8RQE1ebe8JKf1ALW8jGZTPCyn2rpq/0J8MV/A9y8qFMEhA.Z2eiexMgptohZAK5kcGOc6HIUgNzJqnDUvY."; }; -- cgit v1.2.3