From 877da5918f7b10c143b1a17091fc08ac14580240 Mon Sep 17 00:00:00 2001 From: revol-xut Date: Tue, 18 Oct 2022 10:51:05 +0200 Subject: [PATCH] removed some config from streaming setup --- hosts/quitte/wireguard_server.nix | 24 ++++++++++++++++++++++++ modules/stream.nix | 22 +++++++--------------- secrets/durian.yaml | 5 +++-- 3 files changed, 34 insertions(+), 17 deletions(-) create mode 100644 hosts/quitte/wireguard_server.nix diff --git a/hosts/quitte/wireguard_server.nix b/hosts/quitte/wireguard_server.nix new file mode 100644 index 0000000..7a4f113 --- /dev/null +++ b/hosts/quitte/wireguard_server.nix @@ -0,0 +1,24 @@ +{ config, ... }: + +{ + boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + + networking.wg-quick.interfaces = { + wg-dvb = { + # pubkey: 8iQQSCI14dObcrMw0/rZJxfvpOAhy3CU+haJq2nyIzc= + address = [ "10.13.37.1/32" ]; + privateKeyFile = config.sops.secrets.wg-seckey.path; + listenPort = 51820; + peers = [ + { + # Tassilo + publicKey = "vgo3le9xrFsIbbDZsAhQZpIlX+TuWjfEyUcwkoqUl2Y="; + allowedIPs = [ "10.13.37.2/32" ]; + persistentKeepalive = 25; + } + ]; + }; + }; +} + + diff --git a/modules/stream.nix b/modules/stream.nix index 37ff6cb..64ec181 100644 --- a/modules/stream.nix +++ b/modules/stream.nix @@ -9,14 +9,6 @@ in { services = { nginx = { virtualHosts = { - "stream-frontend.quitte.tassilo-tanneberger.de" = { - enableACME = true; - forceSSL = true; - locations."/" = { - root = "${../content/ese-stream/files/website}/"; - proxyWebsockets = true; - }; - }; "stream.ifsr.de" = { enableACME = true; forceSSL = true; @@ -28,13 +20,13 @@ in { }; }; }; - streamConfig = '' - server { - listen 1935; - proxy_pass [::1]:1935; - proxy_buffer_size 32k; - } - ''; + #streamConfig = '' + # server { + # listen 1935; + # proxy_pass [::1]:1935; + # proxy_buffer_size 32k; + #} + #''; }; owncast = { enable = true; diff --git a/secrets/durian.yaml b/secrets/durian.yaml index cf1e6be..2ee03a7 100644 --- a/secrets/durian.yaml +++ b/secrets/durian.yaml @@ -1,6 +1,7 @@ postgres_keycloak: ENC[AES256_GCM,data:Vi0NLjpYDvFGIYYL/VPdgOqAS51KXQynBFlBjK64elU=,iv:JY65V7b8zWSX4aNEK5pD7iyxnqIr8jexcG3pIBNbmvg=,tag:auDyPClH1VbWbFoWWK5E9w==,type:str] postgres_hedgedoc: ENC[AES256_GCM,data:VCoWXZbNGWfmorTNZRFWkDUp0B5JMmsA+bJFVrUREj0=,iv:fnSs3FOgmFn5/BqKTODpwIq023ZRMF8s/JiDyf2ZqkE=,tag:oit5sHf6QffhYYi/WJk5SQ==,type:str] hedgedoc_session_secret: ENC[AES256_GCM,data:uz7KggZqeZ2eqiCnOcnYh2I1p5BBXTQbC8PUhB2kM2U=,iv:aJDHKCPkccCT/OF6AGZMfRESNmoV9muGHbuCUfLQhH8=,tag:uEVXylpE8MSebqRr+4mQOw==,type:str] +wg-seckey: ENC[AES256_GCM,data:NHk6E5uu3CshC/0//LoGk6iCGKWbx49wVVkjoMqF19gc7MhdHAn9aJD+0Zc=,iv:N3PuU7+QSW9aD0ZhTI7CmMI3drLIzO7XaW3mgEDp/sk=,tag:fxH4eRIboy9O15oul7JOTw==,type:str] mediawiki: postgres: ENC[AES256_GCM,data:XRfUc2PRMJcoILAnm5MWr2Cg5u4e/IhGMUnz/oIQSzY=,iv:8U+qlD1SQzxUyD/6QK4SdwRCDyMODK/lP0IDrLlcQ4U=,tag:2spNMj9dY2wWilOusq24yQ==,type:str] initial_admin: ENC[AES256_GCM,data:iET5rz9rygx49NDBjKwqAlRgpeS+jq5iM5zmjnoKcyk=,iv:11iDbCrpzjCdyAB22R8NknJ6vzcpVZXCXB3iWsGWXw0=,tag:1RCyg1ysOWaXKdqqdHqRrw==,type:str] @@ -20,8 +21,8 @@ sops: bzNnbFZnZnZiY0xsbVlvUStBblBMWGcK7HSz9iFQiH0BJ3etF09opJreBoBtiBZ0 L74EBGuEV4+dNWqY3QwAASmDYJJ8ocQMuAgctjsgstKBKUeOrkhDRg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-09-06T18:05:20Z" - mac: ENC[AES256_GCM,data:bP3jhxhVuGI1/vAnLDHWRPULUr37NtibK9oGNn8F3sbDkOMR7uMfUzjOxIPABNjwyDU7MttISG71In2PPUK1Z42IOjEH7NBY7vOs498rDojQSf33ndVDqmhs4qOeCD9QtTS6lp4c1YrpKsQt6Ga8uP0pXEqkzegJvD5DFdsQMLE=,iv:bXskhJX52/s8S1Bdppp6PTBvLbKCG46usM+jfAGkUJ0=,tag:dJv6tFtshy4ZiJ5lqsog/Q==,type:str] + lastmodified: "2022-10-01T12:32:58Z" + mac: ENC[AES256_GCM,data:s0Fj8NhTEer1evxhlXU1sAuzZjHvw+tHFJdwRCrzc5ux/JQUjGGVzEH3fbdIX41PXEhKVi64J3EJCmLfPhXOrY7idGtEyzDOfny+mswbdo6tfAn/P+G+uNw96qXh3Msq+SwDnzWuhjPYfoXX9Ku5m9rYS/qodq+huKrxV6pfu8Q=,iv:0YBxmSC5CiPO2xk65sKP8+itp3xTjQRq0t845XFpGF0=,tag:F58Iz3cteXRNpj+Jtnnoqw==,type:str] pgp: - created_at: "2022-08-16T13:01:34Z" enc: |