diff --git a/hosts/thegeneralist-central/dns.nix b/hosts/thegeneralist-central/dns.nix index c7a0952..303f4c2 100644 --- a/hosts/thegeneralist-central/dns.nix +++ b/hosts/thegeneralist-central/dns.nix @@ -13,7 +13,6 @@ let ) IN NS ns.thegeneralist01.com. ns IN A 100.86.129.23 - @ IN A 100.86.129.23 ${lib.concatStringsSep "\n" (lib.map (sub: "${sub} IN A 100.86.129.23") subdomains)} ''; diff --git a/hosts/thegeneralist-central/forgejo/default.nix b/hosts/thegeneralist-central/forgejo/default.nix index fd196d0..4b62cb5 100644 --- a/hosts/thegeneralist-central/forgejo/default.nix +++ b/hosts/thegeneralist-central/forgejo/default.nix @@ -10,10 +10,6 @@ in imports = [ ../../../modules/postgresql.nix ]; age.secrets.forgejoRunnerToken.file = ./forgejo-runner-token.age; - age.secrets.forgejoFamilySiteDeployToken.file = ./forgejo-family-site-deploy-token.age; - age.secrets.forgejoFamilySiteDeployToken.owner = "gitea-runner"; - age.secrets.forgejoFamilySiteDeployToken.group = "gitea-runner"; - age.secrets.forgejoFamilySiteDeployToken.mode = "0400"; services.forgejo = { enable = true; @@ -158,15 +154,7 @@ in systemd.tmpfiles.rules = [ "d /var/lib/gitea-runner 0755 gitea-runner gitea-runner -" "d /var/lib/gitea-runner/central 0755 gitea-runner gitea-runner -" - # Allow gitea-runner (in group users) to write to the blog repo's .git dir. - "d /home/thegeneralist/blog 2770 thegeneralist users -" - "Z /home/thegeneralist/blog/.git - thegeneralist users -" ]; - system.activationScripts.blogGitPerms.text = '' - ${pkgs.coreutils}/bin/chmod -R g+rwX /home/thegeneralist/blog/.git/objects - ${pkgs.acl}/bin/setfacl -R -m g:users:rwx -m d:g:users:rwx /home/thegeneralist/blog/.git/objects - ''; - networking.firewall.allowedTCPPorts = [ 2222 ]; } diff --git a/hosts/thegeneralist-central/site.nix b/hosts/thegeneralist-central/site.nix index fbac9ac..fafa6b0 100644 --- a/hosts/thegeneralist-central/site.nix +++ b/hosts/thegeneralist-central/site.nix @@ -1,13 +1,4 @@ { config, pkgs, ... }: -let - domain = "thegeneralist01.com"; - family_domain = builtins.getEnv "FAMILY_DOMAIN"; - - ssl = { - quic = true; - useACMEHost = domain; - }; -in { imports = [ ./acme @@ -32,56 +23,7 @@ in statusPage = true; validateConfigFile = true; - virtualHosts."${domain}" = ssl // { - root = "/var/www/${domain}"; - locations."/".tryFiles = "$uri $uri.html $uri/ $uri/index.html =404"; - - extraConfig = '' - if ($http_x_forwarded_proto = "http") { - return 301 https://${domain}$request_uri; - } - - location ~* \.(html|css|js|jpg|jpeg|png|gif|svg|ico|woff2?)$ { - expires 1d; - add_header Cache-Control "public"; - } - - error_page 404 /404.html; - ''; - }; - - virtualHosts."www.${domain}" = ssl // { - locations."/".return = "306 https://${domain}$request_uri"; - }; - - virtualHosts."${family_domain}" = { - root = "/var/www/${family_domain}/dist"; - locations."/".tryFiles = "$uri $uri/index.html $uri.html =404"; - - extraConfig = '' - absolute_redirect off; - - location ~* \.(html|css|js|jpg|jpeg|png|gif|svg|ico)$ { - expires 1d; - add_header Cache-Control "public"; - } - - location ~* \.(ttf|woff2?)$ { - expires 1y; - add_header Cache-Control "public, immutable"; - } - - error_page 404 /404.html; - ''; - }; - - virtualHosts."www.${family_domain}" = { - locations."/".return = "306 https://${family_domain}$request_uri"; - }; - - # virtualHosts._ = ssl // { - # locations."/".return = "307 https://${domain}/404"; - # }; + # Domain-specific virtual hosts live in the service modules below. }; # Cloudflare @@ -89,7 +31,6 @@ in age.secrets.cftcert.file = ./cert.pem.age; age.secrets.cftcredentials.file = ./credentials.age; - age.secrets.cftcredentials_personal.file = ./credentials_personal.age; services.cloudflared = { enable = true; @@ -98,8 +39,6 @@ in tunnels = { "site" = { ingress = { - "thegeneralist01.com" = "http://localhost:80"; - "www.thegeneralist01.com" = "http://localhost:80"; "cache.thegeneralist01.com" = "http://localhost:80"; "git.thegeneralist01.com" = "http://localhost:3000"; }; @@ -108,16 +47,6 @@ in credentialsFile = config.age.secrets.cftcredentials.path; certificateFile = config.age.secrets.cftcert.path; }; - "personal" = { - ingress = { - "${family_domain}" = "http://localhost:80"; - "www.${family_domain}" = "http://localhost:80"; - }; - default = "http_status:404"; - - credentialsFile = config.age.secrets.cftcredentials_personal.path; - certificateFile = config.age.secrets.cftcert.path; - }; }; }; } diff --git a/modules/common/shell/default.nix b/modules/common/shell/default.nix index 80bd437..6b0e720 100644 --- a/modules/common/shell/default.nix +++ b/modules/common/shell/default.nix @@ -179,10 +179,12 @@ in nuExecCondition = if config.isDarwin then '' - [[ $- == *i* ]] && [ -z "$skip" ] && [ -t 1 ] + [[ $- == *i* ]] && [ -z "$skip" ] && [ -t 0 ] && [ -t 1 ] '' else - ''[ -z "$INTELLIJ_ENVIRONMENT_READER" ] && [ -z "$skip" ] && [ -z "$SSH_TTY" ]''; + '' + [[ $- == *i* ]] && [ -z "$INTELLIJ_ENVIRONMENT_READER" ] && [ -z "$skip" ] && [ -z "$SSH_TTY" ] && [ -t 0 ] && [ -t 1 ] + ''; in { programs.fish = { diff --git a/secrets.nix b/secrets.nix index c8ca474..5287776 100644 --- a/secrets.nix +++ b/secrets.nix @@ -8,13 +8,9 @@ in "hosts/thegeneralist-central/acme/acmeEnvironment.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/cert.pem.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/credentials.age".publicKeys = [ thegeneralist ]; - "hosts/thegeneralist-central/credentials_personal.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/cache/key.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/password.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/forgejo/forgejo-runner-token.age".publicKeys = [ thegeneralist ]; - "hosts/thegeneralist-central/forgejo/forgejo-family-site-deploy-token.age".publicKeys = [ - thegeneralist - ]; "hosts/thegeneralist-central/readlater-bot-token.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/readlater-bot-sync-token.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/readlater-bot-user-id.age".publicKeys = [ thegeneralist ];