aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--flake.lock8
-rw-r--r--nixos/machine/lipwig.nix25
-rw-r--r--nixos/machine/ridcully.nix4
-rw-r--r--tools/common.sh2
4 files changed, 25 insertions, 14 deletions
diff --git a/flake.lock b/flake.lock
index dc7ae55..9ba3a05 100644
--- a/flake.lock
+++ b/flake.lock
@@ -467,11 +467,11 @@
},
"personal-secret": {
"locked": {
- "lastModified": 1684151176,
- "narHash": "sha256-/CB3pt0unInO43ls6pjc3ybDZ81M1nltD5K9nkm22e0=",
+ "lastModified": 1691953425,
+ "narHash": "sha256-m0EhjY9hzaFV2R6FRzctyHYKU9YM441m3oJMNgfnxY8=",
"ref": "refs/heads/master",
- "rev": "2b68422efe4706047705c955c0f67d13fbd39651",
- "revCount": 74,
+ "rev": "3b5bcfa3242f341fe0f9ff79116ae520647c5682",
+ "revCount": 76,
"type": "git",
"url": "ssh://git@cynerd.cz/nixos-personal-secret"
},
diff --git a/nixos/machine/lipwig.nix b/nixos/machine/lipwig.nix
index 23d0b7b..f235455 100644
--- a/nixos/machine/lipwig.nix
+++ b/nixos/machine/lipwig.nix
@@ -19,6 +19,11 @@ with lib; {
fsType = "nfs";
};
+ networking.firewall = {
+ allowedTCPPorts = [80 443];
+ allowedUDPPorts = [1194];
+ };
+
# Web ######################################################################
services.nginx = {
enable = true;
@@ -26,9 +31,6 @@ with lib; {
"cynerd.cz" = {
forceSSL = true;
enableACME = true;
- serverAliases = [
- "grafana.cynerd.cz"
- ];
locations = {
"/".root = ../../web;
"/radicale/" = {
@@ -43,10 +45,14 @@ with lib; {
"git.cynerd.cz" = {
forceSSL = true;
useACMEHost = "cynerd.cz";
- locations."/".extraConfig = ''
- fastcgi_param DOCUMENT_ROOT ${pkgs.cgit}/cgit/;
- fastcgi_param SCRIPT_NAME cgit;
+ root = "${pkgs.cgit}/cgit";
+ locations."/".tryFiles = "$uri @cgit";
+ locations."@cgit".extraConfig = ''
+ fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi;
fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
+ fastcgi_param PATH_INFO $uri;
+ fastcgi_param QUERY_STRING $args;
+ fastcgi_param HTTP_HOST $server_name;
'';
};
"grafana.cynerd.cz" = {
@@ -66,6 +72,10 @@ with lib; {
security.acme = {
acceptTerms = true;
defaults.email = "cynerd+acme@email.cz";
+ certs."cynerd.cz".extraDomainNames = [
+ "git.cynerd.cz"
+ "grafana.cynerd.cz"
+ ];
};
# Git ######################################################################
@@ -85,7 +95,7 @@ with lib; {
environment.etc."cgitrc".text = ''
root-title=Cynerd's git repository
root-desc=All my projects (at least those released to public)
- logo=${../../web/wolf.svg}
+ #logo=cynerd.cz/wolf.svg
virtual-root=/
# Allow download of tar.gz, tar.bz2 and zip-files
@@ -119,6 +129,7 @@ with lib; {
'';
# CalDAV and CardDAV #######################################################
+ # TODO vdirsyncer needs CA
services.radicale = {
enable = true;
rights.cynerd = {
diff --git a/nixos/machine/ridcully.nix b/nixos/machine/ridcully.nix
index a9e3a42..5814c0f 100644
--- a/nixos/machine/ridcully.nix
+++ b/nixos/machine/ridcully.nix
@@ -22,7 +22,7 @@ with lib; {
services.hardware.openrgb.motherboard = "amd";
cynerd.autounlock = {
- "encroot" = "/dev/disk/by-uuid/c07e929a-6eac-4f99-accf-f7cb3431290c";
+ "encroot" = "/dev/disk/by-uuid/bc7d2ba4-6e04-4c49-b40c-3aecd1a86c71";
"enchdd" = "/dev/disk/by-uuid/7fee3cda-efa0-47cd-8832-fdead9a7e6db";
};
fileSystems = {
@@ -37,7 +37,7 @@ with lib; {
options = ["compress=lzo" "subvol=@home"];
};
"/boot" = {
- device = "/dev/disk/by-uuid/C1A0-B7C9";
+ device = "/dev/disk/by-uuid/6DAD-3819";
fsType = "vfat";
};
diff --git a/tools/common.sh b/tools/common.sh
index fc4d99e..dddb196 100644
--- a/tools/common.sh
+++ b/tools/common.sh
@@ -33,7 +33,7 @@ warning() {
# Convert hostname to the SSH destination
sshdest() {
if [ "$1" = "lipwig" ]; then
- echo "newlipwig"
+ echo "cynerd.cz"
elif [ "$1" = "binky" ]; then
echo "binky.vpn"
else