From 774d34d50bf3908dd1f209dbbd0de2093d5f5a08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Mon, 14 Aug 2023 10:16:21 +0200 Subject: nixos/lipwig: Fixes --- nixos/machine/lipwig.nix | 25 ++++++++++++++++++------- nixos/machine/ridcully.nix | 4 ++-- 2 files changed, 20 insertions(+), 9 deletions(-) (limited to 'nixos') diff --git a/nixos/machine/lipwig.nix b/nixos/machine/lipwig.nix index 23d0b7b..f235455 100644 --- a/nixos/machine/lipwig.nix +++ b/nixos/machine/lipwig.nix @@ -19,6 +19,11 @@ with lib; { fsType = "nfs"; }; + networking.firewall = { + allowedTCPPorts = [80 443]; + allowedUDPPorts = [1194]; + }; + # Web ###################################################################### services.nginx = { enable = true; @@ -26,9 +31,6 @@ with lib; { "cynerd.cz" = { forceSSL = true; enableACME = true; - serverAliases = [ - "grafana.cynerd.cz" - ]; locations = { "/".root = ../../web; "/radicale/" = { @@ -43,10 +45,14 @@ with lib; { "git.cynerd.cz" = { forceSSL = true; useACMEHost = "cynerd.cz"; - locations."/".extraConfig = '' - fastcgi_param DOCUMENT_ROOT ${pkgs.cgit}/cgit/; - fastcgi_param SCRIPT_NAME cgit; + root = "${pkgs.cgit}/cgit"; + locations."/".tryFiles = "$uri @cgit"; + locations."@cgit".extraConfig = '' + fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi; fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; ''; }; "grafana.cynerd.cz" = { @@ -66,6 +72,10 @@ with lib; { security.acme = { acceptTerms = true; defaults.email = "cynerd+acme@email.cz"; + certs."cynerd.cz".extraDomainNames = [ + "git.cynerd.cz" + "grafana.cynerd.cz" + ]; }; # Git ###################################################################### @@ -85,7 +95,7 @@ with lib; { environment.etc."cgitrc".text = '' root-title=Cynerd's git repository root-desc=All my projects (at least those released to public) - logo=${../../web/wolf.svg} + #logo=cynerd.cz/wolf.svg virtual-root=/ # Allow download of tar.gz, tar.bz2 and zip-files @@ -119,6 +129,7 @@ with lib; { ''; # CalDAV and CardDAV ####################################################### + # TODO vdirsyncer needs CA services.radicale = { enable = true; rights.cynerd = { diff --git a/nixos/machine/ridcully.nix b/nixos/machine/ridcully.nix index a9e3a42..5814c0f 100644 --- a/nixos/machine/ridcully.nix +++ b/nixos/machine/ridcully.nix @@ -22,7 +22,7 @@ with lib; { services.hardware.openrgb.motherboard = "amd"; cynerd.autounlock = { - "encroot" = "/dev/disk/by-uuid/c07e929a-6eac-4f99-accf-f7cb3431290c"; + "encroot" = "/dev/disk/by-uuid/bc7d2ba4-6e04-4c49-b40c-3aecd1a86c71"; "enchdd" = "/dev/disk/by-uuid/7fee3cda-efa0-47cd-8832-fdead9a7e6db"; }; fileSystems = { @@ -37,7 +37,7 @@ with lib; { options = ["compress=lzo" "subvol=@home"]; }; "/boot" = { - device = "/dev/disk/by-uuid/C1A0-B7C9"; + device = "/dev/disk/by-uuid/6DAD-3819"; fsType = "vfat"; }; -- cgit v1.2.3