fruchti/hosts
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Compare commits

base: fruchti:d2daab08a111f2e8f24ba22732a5269200e87eab
Branches Tags
fruchti:prod
fruchti:jupyter_disable
...
compare: fruchti:f373ec2d15c843dfa23501bb2dff3b0f44a4c413
Branches Tags
fruchti:prod
fruchti:jupyter_disable

2 commits
d2daab08a1 ... f373ec2d15

Author SHA1 Message Date
fruchti f373ec2d15 Emitter: DNS-lookup BURP server, use more retries 2023-06-21 15:27:57 +02:00
fruchti e43c6450d9 Emitter: Fix warnings for 23.05 2023-06-21 15:27:22 +02:00
2 changed files with 11 additions and 9 deletions
Show stats Expand all files Collapse all files

4
hosts/Emitter.nix
View file

@ -5,7 +5,6 @@
]; ];
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda"; boot.loader.grub.device = "/dev/vda";
networking.hostName = "Emitter"; networking.hostName = "Emitter";
@ -98,6 +97,7 @@
cat > $out/sbin/burp <<-EOF cat > $out/sbin/burp <<-EOF
#!/${pkgs.bash}/bin/bash #!/${pkgs.bash}/bin/bash
set -e set -e
${pkgs.dig}/bin/nslookup rupert.gvfr.de
${pkgs.unixtools.ping}/bin/ping -c1 rupert.gvfr.de >/dev/null ${pkgs.unixtools.ping}/bin/ping -c1 rupert.gvfr.de >/dev/null
${pkgs.openssh}/bin/ssh -i /secrets/id_burp_remote -o IdentitiesOnly=yes -o ExitOnForwardFailure=yes -L 4971:localhost:4971 burp-remote@rupert.gvfr.de -f true ${pkgs.openssh}/bin/ssh -i /secrets/id_burp_remote -o IdentitiesOnly=yes -o ExitOnForwardFailure=yes -L 4971:localhost:4971 burp-remote@rupert.gvfr.de -f true
$out/sbin/burp-untunneled \$@ $out/sbin/burp-untunneled \$@
@ -121,7 +121,7 @@
services.statusEmail.enable = true; services.statusEmail.enable = true;
systemd.services.burp-client = let systemd.services.burp-client = let
retryDelay = 10 * 60; retryDelay = 10 * 60;
maxRetries = 3; maxRetries = 5;
in { in {
unitConfig = { unitConfig = {
OnFailure = "status-email@%n.service"; OnFailure = "status-email@%n.service";

16
hosts/gitea.nix
View file

@ -16,9 +16,6 @@ in
passwordFile = "/secrets/gitea_db_password"; passwordFile = "/secrets/gitea_db_password";
createDatabase = false; createDatabase = false;
}; };
domain = "${domain}";
rootUrl = "https://${domain}/";
httpPort = 3001;
repositoryRoot = "/data/git/repositories"; repositoryRoot = "/data/git/repositories";
lfs = { lfs = {
enable = true; enable = true;
@ -30,9 +27,9 @@ in
docutils # Provides rendering of ReStructured Text files docutils # Provides rendering of ReStructured Text files
pygments # Provides syntax highlighting pygments # Provides syntax highlighting
]); ]);
nbconvert = nbconvert = pkgs.python310.withPackages (ps: with ps; [
pkgs.python310.withPackages (ps: with ps; [
jupyter jupyter
ipykernel
nbconvert nbconvert
]); ]);
max_cached_jupyter_notebooks = 200; max_cached_jupyter_notebooks = 200;
@ -67,7 +64,12 @@ in
''; '';
in in
{ {
server.SSH_PORT = lib.head config.services.openssh.ports; server = {
SSH_PORT = lib.head config.services.openssh.ports;
ROOT_URL = "https://${domain}/";
HTTP_PORT = 3001;
DOMAIN = "${domain}";
};
service.DISABLE_REGISTRATION = true; service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true; session.COOKIE_SECURE = true;
"markup.restructuredtext" = { "markup.restructuredtext" = {
@ -79,7 +81,7 @@ in
"markup.jupyter" = { "markup.jupyter" = {
ENABLED = true; ENABLED = true;
FILE_EXTENSIONS = ".ipynb"; FILE_EXTENSIONS = ".ipynb";
#RENDER_COMMAND = "\"${nbconvert}/bin/jupyter nbconvert --stdout --to html --template basic \""; # RENDER_COMMAND = "\"${nbconvert}/bin/jupyter nbconvert --stdout --to html --template basic \"";
RENDER_COMMAND = "\"${cached_jupyter_preview} \""; RENDER_COMMAND = "\"${cached_jupyter_preview} \"";
IS_INPUT_FILE = true; IS_INPUT_FILE = true;
# RENDER_CONTENT_MODE = "iframe"; # RENDER_CONTENT_MODE = "iframe";