2025-02-14 00:15:07 -05:00
4 changed files with 32 additions and 18 deletions
--- a/systems/artemision/configuration.nix
+++ b/systems/artemision/configuration.nix
@ -31,7 +31,7 @@
  };

  boot = {
-    #kernelPackages = lib.mkForce pkgs.linuxPackages_zen;
+    kernelPackages = lib.mkForce pkgs.linuxPackages_6_6;
    useSystemdBoot = true;
    default = true;
  };
--- a/systems/palatine-hill/attic/default.nix
+++ b/systems/palatine-hill/attic/default.nix
@ -18,8 +18,8 @@

      settings = {
        listen = "[::]:8183";
-        allowed-hosts = [ "attic.alicehuston.xyz" ];
-        api-endpoint = "https://attic.alicehuston.xyz/";
+        allowed-hosts = [ "attic.nayeonie.com" ];
+        api-endpoint = "https://attic.nayeonie.com/";
        compression.type = "none"; # let ZFS do the compressing
        database = {
          url = "postgres://atticd?host=/run/postgresql";
@ -32,7 +32,7 @@
          type = "s3";
          region = "us-east-1";
          bucket = "cache-nix-dot";
-          endpoint = "https://minio.alicehuston.xyz";
+          endpoint = "https://minio.nayeonie.com";
        };

        # Warning: If you change any of the values here, it will be
--- a/systems/palatine-hill/docker/haproxy.cfg
+++ b/systems/palatine-hill/docker/haproxy.cfg
@ -23,7 +23,7 @@ frontend stats # you can call this whatever you want
 frontend ContentSwitching
  bind *:80
 # bind *:443 ssl crt /etc/ssl/certs/cloudflare.pem
-  bind *:443 ssl crt /etc/ssl/certs/origin_ca_ecc_root_new.pem
+  bind *:443 ssl crt /etc/ssl/certs/origin_ca_ecc_root_new.pem crt /var/lib/acme/nayeonie.com/full.pem strict-sni
  mode  http
  option httplog

@ -31,26 +31,32 @@ frontend ContentSwitching
  # 16000000 seconds is a bit more than 6 months
  http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"

+  # Front-end acess control list
+  http-request return status 200 content-type text/plain lf-string "%[path,field(-1,/)].${ACCOUNT_THUMBPRINT}\n" if { path_beg '/.well-known/acme-challenge/' }
+
  # Front-end acess control list
  acl host_www hdr(host) -i www.alicehuston.xyz
  acl host_www hdr(host) -i alicehuston.xyz
 #  acl host_ldapui hdr(host) -i authui.alicehuston.xyz
  acl host_glances hdr(host) -i monit.alicehuston.xyz
  acl host_glances hdr(host) -i glances.alicehuston.xyz
-  acl host_foundry hdr(host) -i dnd.alicehuston.xyz
+  # acl host_foundry hdr(host) -i dnd.alicehuston.xyz
 #  acl host_netdata hdr(host) -i netdata.alicehuston.xyz
  #acl host_terraria hdr(host) -i terraria.alicehuston.xyz
  acl host_nextcloud hdr(host) -i nextcloud.alicehuston.xyz
  acl host_nextcloud hdr(host) -i nayeonie.com
  acl host_hydra hdr(host) -i hydra.alicehuston.xyz
-  acl host_nix_serve hdr(host) -i cache.alicehuston.xyz
  acl host_attic hdr(host) -i attic.alicehuston.xyz
-  acl host_nix_serve hdr(host) -i nixsrv.alicehuston.xyz
  acl host_minio hdr(host) -i minio.alicehuston.xyz
  acl host_minio_console hdr(host) -i minio-console.alicehuston.xyz
+  acl host_attic hdr(host) -i attic.nayeonie.com
+  acl host_minio hdr(host) -i minio.nayeonie.com
+  acl host_minio_console hdr(host) -i minio-console.nayeonie.com
  #acl host_nextcloud_vol hdr(host) -i nextcloud-vol.alicehuston.xyz
 #  acl host_collabora hdr(host) -i collabora.alicehuston.xyz
  acl host_prometheus hdr(host) -i prom.alicehuston.xyz
+  acl host_gitea hdr(host) -i git.alicehuston.xyz
+  acl host_gitea hdr(host) -i nayeonie.com
  # Backend-forwarding
  use_backend www_nodes if host_www
 #  use_backend ldapui_nodes if host_ldapui
@ -60,13 +66,13 @@ frontend ContentSwitching
 # use_backend terraria_nodes if host_terraria
  use_backend nextcloud_nodes if host_nextcloud
  use_backend hydra_nodes if host_hydra
-  use_backend nix_serve_nodes if host_nix_serve
  use_backend attic_nodes if host_attic
  #use_backend nextcloud_vol_nodes if host_nextcloud_vol
 #  use_backend collabora_nodes if host_collabora
  use_backend prometheus_nodes if host_prometheus
  use_backend minio_nodes if host_minio
  use_backend minio_console_nodes if host_minio_console
+  use_backend gitea_nodes if host_gitea

 #frontend ldap
 #  bind *:389
@ -136,10 +142,10 @@ backend minio_console_nodes
  mode http
  server server 192.168.76.2:8501

-backend foundry_nodes
-  timeout tunnel 50s
-  mode http
-  server server foundryvtt:30000
+# backend foundry_nodes
+#   timeout tunnel 50s
+#   mode http
+#   server server foundryvtt:30000

 #backend ldap_nodes
 #  mode tcp
@ -159,10 +165,6 @@ backend hydra_nodes
  mode http
  server server 192.168.76.2:3000

-backend nix_serve_nodes
-  mode http
-  server server 192.168.76.2:5000
-
 backend attic_nodes
  mode http
  server server 192.168.76.2:8183
@ -171,6 +173,10 @@ backend prometheus_nodes
  mode http
  server server 192.168.76.2:9001

+backend gitea_nodes
+  mode http
+  server server 192.168.76.2:6443
+
 #backend netdata_nodes
 #  mode http
 #  server server 192.168.76.2:19999
@ -180,6 +186,14 @@ backend prometheus_nodes
 #   server server foundry:30000
 #   acl host_www hdr(host) -i www.tmmworkshop.com

+frontend giteassh
+  mode tcp
+  bind :2222
+  default_backend giteassh_nodes
+
+backend giteassh_nodes
+   mode tcp
+   server s1 192.168.76.2:2223

 frontend minecraft
  mode tcp
--- a/utils/attic-push.bash
+++ b/utils/attic-push.bash
@ -7,7 +7,7 @@ set -e

 # retrieve all paths under 100M
 nix_paths=$(nix path-info --json --all --closure-size \
-  | jq 'map_values(.closureSize | select(. < 1e8)) | to_entries | sort_by(.value)' \
+  | jq 'map_values(.closureSize | select(. < 5e8)) | to_entries | sort_by(.value)' \
  | jq 'map(.key) | join("\n")' | sed -E -e 's/\\n/\n/g;s/^"//g;s/"$//g')

 readarray -t nix_path_array < <(echo "$nix_paths")