diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2024-08-17 15:24:06 +0200 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2024-08-17 15:24:06 +0200 |
| commit | 01e8a4dd21c98dadc2ddc698412c2ea51566b43e (patch) | |
| tree | 34ff4233fa01e99d3f5d9e63ff7755417e8ffa2a /hosts/surtr/http | |
| parent | d8e86bb2f97b5479f45acf86a2fe591dbc4d0d9f (diff) | |
| download | nixos-01e8a4dd21c98dadc2ddc698412c2ea51566b43e.tar nixos-01e8a4dd21c98dadc2ddc698412c2ea51566b43e.tar.gz nixos-01e8a4dd21c98dadc2ddc698412c2ea51566b43e.tar.bz2 nixos-01e8a4dd21c98dadc2ddc698412c2ea51566b43e.tar.xz nixos-01e8a4dd21c98dadc2ddc698412c2ea51566b43e.zip | |
...
Diffstat (limited to 'hosts/surtr/http')
| -rw-r--r-- | hosts/surtr/http/default.nix | 3 | ||||
| -rw-r--r-- | hosts/surtr/http/webdav/default.nix | 11 |
2 files changed, 2 insertions, 12 deletions
diff --git a/hosts/surtr/http/default.nix b/hosts/surtr/http/default.nix index c70eb8f8..f3a7154e 100644 --- a/hosts/surtr/http/default.nix +++ b/hosts/surtr/http/default.nix | |||
| @@ -8,7 +8,7 @@ | |||
| 8 | services.nginx = { | 8 | services.nginx = { |
| 9 | enable = true; | 9 | enable = true; |
| 10 | package = pkgs.nginxQuic; | 10 | package = pkgs.nginxQuic; |
| 11 | recommendedGzipSettings = true; | 11 | recommendedGzipSettings = false; |
| 12 | recommendedProxySettings = true; | 12 | recommendedProxySettings = true; |
| 13 | recommendedTlsSettings = true; | 13 | recommendedTlsSettings = true; |
| 14 | sslDhparam = config.security.dhparams.params.nginx.path; | 14 | sslDhparam = config.security.dhparams.params.nginx.path; |
| @@ -35,7 +35,6 @@ | |||
| 35 | systemd.services.nginx = { | 35 | systemd.services.nginx = { |
| 36 | preStart = lib.mkForce config.services.nginx.preStart; | 36 | preStart = lib.mkForce config.services.nginx.preStart; |
| 37 | serviceConfig = { | 37 | serviceConfig = { |
| 38 | SupplementaryGroups = [ "shadow" ]; | ||
| 39 | ExecReload = lib.mkForce "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; | 38 | ExecReload = lib.mkForce "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; |
| 40 | RuntimeDirectory = lib.mkForce [ "nginx" "nginx-client-bodies" "nginx-proxy-bodies" ]; | 39 | RuntimeDirectory = lib.mkForce [ "nginx" "nginx-client-bodies" "nginx-proxy-bodies" ]; |
| 41 | RuntimeDirectoryMode = "0750"; | 40 | RuntimeDirectoryMode = "0750"; |
diff --git a/hosts/surtr/http/webdav/default.nix b/hosts/surtr/http/webdav/default.nix index f94935ee..24bc5866 100644 --- a/hosts/surtr/http/webdav/default.nix +++ b/hosts/surtr/http/webdav/default.nix | |||
| @@ -20,13 +20,6 @@ let | |||
| 20 | }; | 20 | }; |
| 21 | in { | 21 | in { |
| 22 | config = { | 22 | config = { |
| 23 | security.pam.services."webdav".text = '' | ||
| 24 | auth requisite pam_succeed_if.so user ingroup webdav quiet_success | ||
| 25 | auth required pam_unix.so likeauth nullok nodelay quiet | ||
| 26 | account sufficient pam_unix.so quiet | ||
| 27 | ''; | ||
| 28 | users.groups."webdav" = {}; | ||
| 29 | |||
| 30 | services.nginx = { | 23 | services.nginx = { |
| 31 | # upstreams."py-webdav" = { | 24 | # upstreams."py-webdav" = { |
| 32 | # servers = { | 25 | # servers = { |
| @@ -44,9 +37,6 @@ in { | |||
| 44 | locations = { | 37 | locations = { |
| 45 | "/".extraConfig = '' | 38 | "/".extraConfig = '' |
| 46 | root /srv/files/$remote_user; | 39 | root /srv/files/$remote_user; |
| 47 | |||
| 48 | auth_pam "WebDAV"; | ||
| 49 | auth_pam_service_name "webdav"; | ||
| 50 | ''; | 40 | ''; |
| 51 | 41 | ||
| 52 | # "/py/".extraConfig = '' | 42 | # "/py/".extraConfig = '' |
| @@ -68,6 +58,7 @@ in { | |||
| 68 | 58 | ||
| 69 | add_header Strict-Transport-Security "max-age=63072000" always; | 59 | add_header Strict-Transport-Security "max-age=63072000" always; |
| 70 | ''; | 60 | ''; |
| 61 | basicAuthFile = pkgs.writeText "htpasswd" (concatMapStringsSep "\n" (user: "${user}:${config.users.users.${user}.hashedPassword}") ["gkleen"]); | ||
| 71 | }; | 62 | }; |
| 72 | }; | 63 | }; |
| 73 | security.acme.rfc2136Domains."webdav.141.li" = { | 64 | security.acme.rfc2136Domains."webdav.141.li" = { |