From 774d34d50bf3908dd1f209dbbd0de2093d5f5a08 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <cynerd@email.cz>
Date: Mon, 14 Aug 2023 10:16:21 +0200
Subject: nixos/lipwig: Fixes

---
 nixos/machine/lipwig.nix   | 25 ++++++++++++++++++-------
 nixos/machine/ridcully.nix |  4 ++--
 2 files changed, 20 insertions(+), 9 deletions(-)

(limited to 'nixos')

diff --git a/nixos/machine/lipwig.nix b/nixos/machine/lipwig.nix
index 23d0b7b..f235455 100644
--- a/nixos/machine/lipwig.nix
+++ b/nixos/machine/lipwig.nix
@@ -19,6 +19,11 @@ with lib; {
       fsType = "nfs";
     };
 
+    networking.firewall = {
+      allowedTCPPorts = [80 443];
+      allowedUDPPorts = [1194];
+    };
+
     # Web ######################################################################
     services.nginx = {
       enable = true;
@@ -26,9 +31,6 @@ with lib; {
         "cynerd.cz" = {
           forceSSL = true;
           enableACME = true;
-          serverAliases = [
-            "grafana.cynerd.cz"
-          ];
           locations = {
             "/".root = ../../web;
             "/radicale/" = {
@@ -43,10 +45,14 @@ with lib; {
         "git.cynerd.cz" = {
           forceSSL = true;
           useACMEHost = "cynerd.cz";
-          locations."/".extraConfig = ''
-            fastcgi_param DOCUMENT_ROOT ${pkgs.cgit}/cgit/;
-            fastcgi_param SCRIPT_NAME cgit;
+          root = "${pkgs.cgit}/cgit";
+          locations."/".tryFiles = "$uri @cgit";
+          locations."@cgit".extraConfig = ''
+            fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi;
             fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
+            fastcgi_param PATH_INFO    $uri;
+            fastcgi_param QUERY_STRING $args;
+            fastcgi_param HTTP_HOST    $server_name;
           '';
         };
         "grafana.cynerd.cz" = {
@@ -66,6 +72,10 @@ with lib; {
     security.acme = {
       acceptTerms = true;
       defaults.email = "cynerd+acme@email.cz";
+      certs."cynerd.cz".extraDomainNames = [
+        "git.cynerd.cz"
+        "grafana.cynerd.cz"
+      ];
     };
 
     # Git ######################################################################
@@ -85,7 +95,7 @@ with lib; {
     environment.etc."cgitrc".text = ''
       root-title=Cynerd's git repository
       root-desc=All my projects (at least those released to public)
-      logo=${../../web/wolf.svg}
+      #logo=cynerd.cz/wolf.svg
       virtual-root=/
 
       # Allow download of tar.gz, tar.bz2 and zip-files
@@ -119,6 +129,7 @@ with lib; {
     '';
 
     # CalDAV and CardDAV #######################################################
+    # TODO vdirsyncer needs CA
     services.radicale = {
       enable = true;
       rights.cynerd = {
diff --git a/nixos/machine/ridcully.nix b/nixos/machine/ridcully.nix
index a9e3a42..5814c0f 100644
--- a/nixos/machine/ridcully.nix
+++ b/nixos/machine/ridcully.nix
@@ -22,7 +22,7 @@ with lib; {
     services.hardware.openrgb.motherboard = "amd";
 
     cynerd.autounlock = {
-      "encroot" = "/dev/disk/by-uuid/c07e929a-6eac-4f99-accf-f7cb3431290c";
+      "encroot" = "/dev/disk/by-uuid/bc7d2ba4-6e04-4c49-b40c-3aecd1a86c71";
       "enchdd" = "/dev/disk/by-uuid/7fee3cda-efa0-47cd-8832-fdead9a7e6db";
     };
     fileSystems = {
@@ -37,7 +37,7 @@ with lib; {
         options = ["compress=lzo" "subvol=@home"];
       };
       "/boot" = {
-        device = "/dev/disk/by-uuid/C1A0-B7C9";
+        device = "/dev/disk/by-uuid/6DAD-3819";
         fsType = "vfat";
       };
 
-- 
cgit v1.2.3