diff options
-rw-r--r-- | flake.lock | 8 | ||||
-rw-r--r-- | nixos/machine/lipwig.nix | 25 | ||||
-rw-r--r-- | nixos/machine/ridcully.nix | 4 | ||||
-rw-r--r-- | tools/common.sh | 2 |
4 files changed, 25 insertions, 14 deletions
@@ -467,11 +467,11 @@ }, "personal-secret": { "locked": { - "lastModified": 1684151176, - "narHash": "sha256-/CB3pt0unInO43ls6pjc3ybDZ81M1nltD5K9nkm22e0=", + "lastModified": 1691953425, + "narHash": "sha256-m0EhjY9hzaFV2R6FRzctyHYKU9YM441m3oJMNgfnxY8=", "ref": "refs/heads/master", - "rev": "2b68422efe4706047705c955c0f67d13fbd39651", - "revCount": 74, + "rev": "3b5bcfa3242f341fe0f9ff79116ae520647c5682", + "revCount": 76, "type": "git", "url": "ssh://git@cynerd.cz/nixos-personal-secret" }, diff --git a/nixos/machine/lipwig.nix b/nixos/machine/lipwig.nix index 23d0b7b..f235455 100644 --- a/nixos/machine/lipwig.nix +++ b/nixos/machine/lipwig.nix @@ -19,6 +19,11 @@ with lib; { fsType = "nfs"; }; + networking.firewall = { + allowedTCPPorts = [80 443]; + allowedUDPPorts = [1194]; + }; + # Web ###################################################################### services.nginx = { enable = true; @@ -26,9 +31,6 @@ with lib; { "cynerd.cz" = { forceSSL = true; enableACME = true; - serverAliases = [ - "grafana.cynerd.cz" - ]; locations = { "/".root = ../../web; "/radicale/" = { @@ -43,10 +45,14 @@ with lib; { "git.cynerd.cz" = { forceSSL = true; useACMEHost = "cynerd.cz"; - locations."/".extraConfig = '' - fastcgi_param DOCUMENT_ROOT ${pkgs.cgit}/cgit/; - fastcgi_param SCRIPT_NAME cgit; + root = "${pkgs.cgit}/cgit"; + locations."/".tryFiles = "$uri @cgit"; + locations."@cgit".extraConfig = '' + fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi; fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; ''; }; "grafana.cynerd.cz" = { @@ -66,6 +72,10 @@ with lib; { security.acme = { acceptTerms = true; defaults.email = "cynerd+acme@email.cz"; + certs."cynerd.cz".extraDomainNames = [ + "git.cynerd.cz" + "grafana.cynerd.cz" + ]; }; # Git ###################################################################### @@ -85,7 +95,7 @@ with lib; { environment.etc."cgitrc".text = '' root-title=Cynerd's git repository root-desc=All my projects (at least those released to public) - logo=${../../web/wolf.svg} + #logo=cynerd.cz/wolf.svg virtual-root=/ # Allow download of tar.gz, tar.bz2 and zip-files @@ -119,6 +129,7 @@ with lib; { ''; # CalDAV and CardDAV ####################################################### + # TODO vdirsyncer needs CA services.radicale = { enable = true; rights.cynerd = { diff --git a/nixos/machine/ridcully.nix b/nixos/machine/ridcully.nix index a9e3a42..5814c0f 100644 --- a/nixos/machine/ridcully.nix +++ b/nixos/machine/ridcully.nix @@ -22,7 +22,7 @@ with lib; { services.hardware.openrgb.motherboard = "amd"; cynerd.autounlock = { - "encroot" = "/dev/disk/by-uuid/c07e929a-6eac-4f99-accf-f7cb3431290c"; + "encroot" = "/dev/disk/by-uuid/bc7d2ba4-6e04-4c49-b40c-3aecd1a86c71"; "enchdd" = "/dev/disk/by-uuid/7fee3cda-efa0-47cd-8832-fdead9a7e6db"; }; fileSystems = { @@ -37,7 +37,7 @@ with lib; { options = ["compress=lzo" "subvol=@home"]; }; "/boot" = { - device = "/dev/disk/by-uuid/C1A0-B7C9"; + device = "/dev/disk/by-uuid/6DAD-3819"; fsType = "vfat"; }; diff --git a/tools/common.sh b/tools/common.sh index fc4d99e..dddb196 100644 --- a/tools/common.sh +++ b/tools/common.sh @@ -33,7 +33,7 @@ warning() { # Convert hostname to the SSH destination sshdest() { if [ "$1" = "lipwig" ]; then - echo "newlipwig" + echo "cynerd.cz" elif [ "$1" = "binky" ]; then echo "binky.vpn" else |