diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-11-07 22:43:26 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-11-07 22:43:26 +0100 |
commit | 5b3c59bf26ff8b9c38f3ca78451b42ad0014a585 (patch) | |
tree | 515f43dc3a8543f6ca2e7afdd565885e8903e7e6 /hosts | |
parent | c80473dbef4ca003642322e7243affe52eef4b06 (diff) | |
download | nixos-5b3c59bf26ff8b9c38f3ca78451b42ad0014a585.tar nixos-5b3c59bf26ff8b9c38f3ca78451b42ad0014a585.tar.gz nixos-5b3c59bf26ff8b9c38f3ca78451b42ad0014a585.tar.bz2 nixos-5b3c59bf26ff8b9c38f3ca78451b42ad0014a585.tar.xz nixos-5b3c59bf26ff8b9c38f3ca78451b42ad0014a585.zip |
...
Diffstat (limited to 'hosts')
-rw-r--r-- | hosts/surtr/http/webdav/default.nix | 54 | ||||
-rw-r--r-- | hosts/vidhar/default.nix | 16 |
2 files changed, 36 insertions, 34 deletions
diff --git a/hosts/surtr/http/webdav/default.nix b/hosts/surtr/http/webdav/default.nix index 5f2955bc..1da411d3 100644 --- a/hosts/surtr/http/webdav/default.nix +++ b/hosts/surtr/http/webdav/default.nix | |||
@@ -26,14 +26,14 @@ in { | |||
26 | account sufficient pam_unix.so quiet | 26 | account sufficient pam_unix.so quiet |
27 | ''; | 27 | ''; |
28 | users.groups."webdav" = {}; | 28 | users.groups."webdav" = {}; |
29 | 29 | ||
30 | services.nginx = { | 30 | services.nginx = { |
31 | upstreams."py-webdav" = { | 31 | # upstreams."py-webdav" = { |
32 | servers = { | 32 | # servers = { |
33 | "unix://${webdavSocket}" = {}; | 33 | # "unix://${webdavSocket}" = {}; |
34 | }; | 34 | # }; |
35 | }; | 35 | # }; |
36 | 36 | ||
37 | virtualHosts."webdav.141.li" = { | 37 | virtualHosts."webdav.141.li" = { |
38 | forceSSL = true; | 38 | forceSSL = true; |
39 | sslCertificate = "/run/credentials/nginx.service/webdav.141.li.pem"; | 39 | sslCertificate = "/run/credentials/nginx.service/webdav.141.li.pem"; |
@@ -41,19 +41,19 @@ in { | |||
41 | sslTrustedCertificate = "/run/credentials/nginx.service/webdav.141.li.chain.pem"; | 41 | sslTrustedCertificate = "/run/credentials/nginx.service/webdav.141.li.chain.pem"; |
42 | locations = { | 42 | locations = { |
43 | "/".extraConfig = '' | 43 | "/".extraConfig = '' |
44 | root /srv/files/$remote_user; | 44 | root /srv/files/$remote_user; |
45 | 45 | ||
46 | auth_pam "WebDAV"; | 46 | auth_pam "WebDAV"; |
47 | auth_pam_service_name "webdav"; | 47 | auth_pam_service_name "webdav"; |
48 | ''; | 48 | ''; |
49 | 49 | ||
50 | "/py/".extraConfig = '' | 50 | # "/py/".extraConfig = '' |
51 | rewrite ^/py(.*) $1 break; | 51 | # rewrite ^/py(.*) $1 break; |
52 | 52 | ||
53 | include ${config.services.nginx.package}/conf/uwsgi_params; | 53 | # include ${config.services.nginx.package}/conf/uwsgi_params; |
54 | uwsgi_param SCRIPT_NAME /py; | 54 | # uwsgi_param SCRIPT_NAME /py; |
55 | uwsgi_pass py-webdav; | 55 | # uwsgi_pass py-webdav; |
56 | ''; | 56 | # ''; |
57 | }; | 57 | }; |
58 | extraConfig = '' | 58 | extraConfig = '' |
59 | dav_methods PUT DELETE MKCOL COPY MOVE; | 59 | dav_methods PUT DELETE MKCOL COPY MOVE; |
@@ -83,18 +83,18 @@ in { | |||
83 | ]; | 83 | ]; |
84 | 84 | ||
85 | 85 | ||
86 | services.uwsgi.instance.vassals.webdav = { | 86 | # services.uwsgi.instance.vassals.webdav = { |
87 | type = "normal"; | 87 | # type = "normal"; |
88 | socket = webdavSocket; | 88 | # socket = webdavSocket; |
89 | listen = 1024; | 89 | # listen = 1024; |
90 | master = true; | 90 | # master = true; |
91 | vacuum = true; | 91 | # vacuum = true; |
92 | chown-socket = "${config.services.nginx.user}:${config.services.uwsgi.group}"; | 92 | # chown-socket = "${config.services.nginx.user}:${config.services.uwsgi.group}"; |
93 | 93 | ||
94 | plugins = ["python3"]; | 94 | # plugins = ["python3"]; |
95 | pythonPackages = self: [webdavApp]; | 95 | # pythonPackages = self: [webdavApp]; |
96 | module = "webdav"; | 96 | # module = "webdav"; |
97 | callable = "app"; | 97 | # callable = "app"; |
98 | }; | 98 | # }; |
99 | }; | 99 | }; |
100 | } | 100 | } |
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index e40342df..a5c60419 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix | |||
@@ -129,10 +129,10 @@ with lib; | |||
129 | client_body_temp_path /run/nginx-client-bodies; | 129 | client_body_temp_path /run/nginx-client-bodies; |
130 | ''; | 130 | ''; |
131 | upstreams.grafana = { | 131 | upstreams.grafana = { |
132 | servers = { "unix:${config.services.grafana.socket}" = {}; }; | 132 | servers = { "unix:${config.services.grafana.settings.server.socket}" = {}; }; |
133 | }; | 133 | }; |
134 | virtualHosts = { | 134 | virtualHosts = { |
135 | ${config.services.grafana.domain} = { | 135 | ${config.services.grafana.settings.server.domain} = { |
136 | forceSSL = true; | 136 | forceSSL = true; |
137 | sslCertificate = ./selfsigned.crt; | 137 | sslCertificate = ./selfsigned.crt; |
138 | sslCertificateKey = "/run/credentials/nginx.service/selfsigned.key"; | 138 | sslCertificateKey = "/run/credentials/nginx.service/selfsigned.key"; |
@@ -146,11 +146,13 @@ with lib; | |||
146 | users.users.nginx.extraGroups = ["grafana"]; | 146 | users.users.nginx.extraGroups = ["grafana"]; |
147 | services.grafana = { | 147 | services.grafana = { |
148 | enable = true; | 148 | enable = true; |
149 | analytics.reporting.enable = false; | 149 | settings = { |
150 | domain = "grafana.vidhar.yggdrasil"; | 150 | analytics.reporting_enabled = false; |
151 | security.adminPasswordFile = config.sops.secrets."grafana-admin-password".path; | 151 | server.protocol = "socket"; |
152 | security.secretKeyFile = config.sops.secrets."grafana-secret-key".path; | 152 | server.domain = "grafana.vidhar.yggdrasil"; |
153 | protocol = "socket"; | 153 | security.admin_password = "$__file{${config.sops.secrets."grafana-admin-password".path}}"; |
154 | security.secret_key = "$__file{${config.sops.secrets."grafana-secret-key".path}}"; | ||
155 | }; | ||
154 | }; | 156 | }; |
155 | sops.secrets."grafana-admin-password" = { | 157 | sops.secrets."grafana-admin-password" = { |
156 | format = "binary"; | 158 | format = "binary"; |