From a17791658a40133560c0958e8f080cdf6aba08fb Mon Sep 17 00:00:00 2001 From: Simon Bruder Date: Tue, 14 Nov 2023 16:12:48 +0100 Subject: [PATCH] catering WIP --- machines/catering/configuration.nix | 123 +++++++++++++++++++ machines/catering/hardware-configuration.nix | 54 ++++++++ machines/default.nix | 5 + 3 files changed, 182 insertions(+) create mode 100644 machines/catering/configuration.nix create mode 100644 machines/catering/hardware-configuration.nix diff --git a/machines/catering/configuration.nix b/machines/catering/configuration.nix new file mode 100644 index 0000000..9b28560 --- /dev/null +++ b/machines/catering/configuration.nix @@ -0,0 +1,123 @@ +# SPDX-FileCopyrightText: 2023-2024 Simon Bruder +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +{ config, pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ../../modules + ]; + + sbruder = { + nginx.hardening.enable = true; + full = false; + }; + + networking.hostName = "catering"; + + system.stateVersion = "23.05"; + + services.nginx = { + enable = true; + + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + virtualHosts = { + "catering.salespointframework.org" = { + enableACME = true; + forceSSL = true; + + locations = { + "/" = { + proxyPass = "http://localhost:8080"; + extraConfig = '' + sub_filter '' ''; + sub_filter_once on; + ''; + }; + "= /dev.js".alias = pkgs.writeText "dev.js" '' + addEventListener("load", event => { + document.querySelector("footer").appendChild((() => { + let el = document.createElement("p") + el.classList.add("text-center", "fw-bold") + el.innerText = "Alle Angebot sind fiktiv!" + return el + })()) + + if (localStorage.getItem("devAck") !== "true") { + if (confirm("Alle hier präsentierten Angebote sind fiktiv, es können keine rechtsverbindlichen Verträge geschlossen werden. Mit dem Fortfahren bestätigen Sie, dies verstanden zu haben.")) { + localStorage.setItem("devAck", "true") + } else { + location = "about:blank" + } + } + }) + ''; + }; + }; + + "www.mampf.shop" = { + forceSSL = true; + enableACME = true; + globalRedirect = "catering.salespointframework.org"; + }; + + "mampf.shop" = { + forceSSL = true; + enableACME = true; + globalRedirect = "catering.salespointframework.org"; + }; + + "presi.catering.salespointframework.org" = { + enableACME = true; + forceSSL = true; + + root = "/var/www/presi.catering.salespointframework.org"; + + locations."/".tryFiles = "/main.pdf =404"; + }; + }; + }; + + systemd.tmpfiles.rules = [ + "d /var/www/presi.catering.salespointframework.org 0755 catering catering - -" + ]; + + users.users.catering = { + isSystemUser = true; + group = "catering"; + useDefaultShell = true; + home = "/var/lib/catering"; + createHome = true; + + openssh.authorizedKeys.keys = config.sbruder.pubkeys.trustedKeys; + }; + users.groups.catering = { }; + + sbruder.static-webserver.vhosts = { + "salespointframework.org" = { + redirects = [ "www.salespointframework.org" "salespointframe.work" "www.salespointframe.work" ]; + user = { + name = "salespoint"; + keys = config.sbruder.pubkeys.trustedKeys; + }; + }; + "verkaufspunktrahmenwerk.de" = { + redirects = [ "www.verkaufspunktrahmenwerk.de" "verkaufspuntrahmenwerk.de" "www.verkaufspuntrahmenwerk.de" ]; + user = { + name = "verkaufspunkt"; + keys = config.sbruder.pubkeys.trustedKeys; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; +} diff --git a/machines/catering/hardware-configuration.nix b/machines/catering/hardware-configuration.nix new file mode 100644 index 0000000..e3b1a84 --- /dev/null +++ b/machines/catering/hardware-configuration.nix @@ -0,0 +1,54 @@ +# SPDX-FileCopyrightText: 2023-2024 Simon Bruder +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + sbruder.machine.isVm = true; + + boot = { + initrd = { + availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" "sr_mod" ]; + }; + loader = { + grub.enable = false; + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/c39bdb61-2e4c-464b-8c4c-bb6bb7f342a2"; + fsType = "btrfs"; + options = [ "compress=zstd" ]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/D976-BBAF"; + fsType = "vfat"; + }; + }; + + networking.useDHCP = false; + networking.usePredictableInterfaceNames = false; + systemd.network = { + enable = true; + networks = { + eth0 = { + name = "eth0"; + DHCP = "yes"; + domains = [ "salespointframework.org" ]; + address = [ "2a01:4f9:c011:9c01::1/64" ]; + gateway = [ "fe80::1" ]; + }; + }; + }; + + # no smart on qemu disk + services.smartd.enable = false; +} diff --git a/machines/default.nix b/machines/default.nix index 34641e0..3e33657 100644 --- a/machines/default.nix +++ b/machines/default.nix @@ -76,4 +76,9 @@ in targetHost = "yuzuru.sbruder.de"; }; + catering = { + system = "aarch64-linux"; + + targetHost = "catering.salespointframework.org"; + }; }