summaryrefslogtreecommitdiff
path: root/hosts
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-11-07 22:43:26 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2022-11-07 22:43:26 +0100
commit5b3c59bf26ff8b9c38f3ca78451b42ad0014a585 (patch)
tree515f43dc3a8543f6ca2e7afdd565885e8903e7e6 /hosts
parentc80473dbef4ca003642322e7243affe52eef4b06 (diff)
downloadnixos-5b3c59bf26ff8b9c38f3ca78451b42ad0014a585.tar
nixos-5b3c59bf26ff8b9c38f3ca78451b42ad0014a585.tar.gz
nixos-5b3c59bf26ff8b9c38f3ca78451b42ad0014a585.tar.bz2
nixos-5b3c59bf26ff8b9c38f3ca78451b42ad0014a585.tar.xz
nixos-5b3c59bf26ff8b9c38f3ca78451b42ad0014a585.zip
...
Diffstat (limited to 'hosts')
-rw-r--r--hosts/surtr/http/webdav/default.nix54
-rw-r--r--hosts/vidhar/default.nix16
2 files changed, 36 insertions, 34 deletions
diff --git a/hosts/surtr/http/webdav/default.nix b/hosts/surtr/http/webdav/default.nix
index 5f2955bc..1da411d3 100644
--- a/hosts/surtr/http/webdav/default.nix
+++ b/hosts/surtr/http/webdav/default.nix
@@ -26,14 +26,14 @@ in {
26 account sufficient pam_unix.so quiet 26 account sufficient pam_unix.so quiet
27 ''; 27 '';
28 users.groups."webdav" = {}; 28 users.groups."webdav" = {};
29 29
30 services.nginx = { 30 services.nginx = {
31 upstreams."py-webdav" = { 31 # upstreams."py-webdav" = {
32 servers = { 32 # servers = {
33 "unix://${webdavSocket}" = {}; 33 # "unix://${webdavSocket}" = {};
34 }; 34 # };
35 }; 35 # };
36 36
37 virtualHosts."webdav.141.li" = { 37 virtualHosts."webdav.141.li" = {
38 forceSSL = true; 38 forceSSL = true;
39 sslCertificate = "/run/credentials/nginx.service/webdav.141.li.pem"; 39 sslCertificate = "/run/credentials/nginx.service/webdav.141.li.pem";
@@ -41,19 +41,19 @@ in {
41 sslTrustedCertificate = "/run/credentials/nginx.service/webdav.141.li.chain.pem"; 41 sslTrustedCertificate = "/run/credentials/nginx.service/webdav.141.li.chain.pem";
42 locations = { 42 locations = {
43 "/".extraConfig = '' 43 "/".extraConfig = ''
44 root /srv/files/$remote_user; 44 root /srv/files/$remote_user;
45 45
46 auth_pam "WebDAV"; 46 auth_pam "WebDAV";
47 auth_pam_service_name "webdav"; 47 auth_pam_service_name "webdav";
48 ''; 48 '';
49 49
50 "/py/".extraConfig = '' 50 # "/py/".extraConfig = ''
51 rewrite ^/py(.*) $1 break; 51 # rewrite ^/py(.*) $1 break;
52 52
53 include ${config.services.nginx.package}/conf/uwsgi_params; 53 # include ${config.services.nginx.package}/conf/uwsgi_params;
54 uwsgi_param SCRIPT_NAME /py; 54 # uwsgi_param SCRIPT_NAME /py;
55 uwsgi_pass py-webdav; 55 # uwsgi_pass py-webdav;
56 ''; 56 # '';
57 }; 57 };
58 extraConfig = '' 58 extraConfig = ''
59 dav_methods PUT DELETE MKCOL COPY MOVE; 59 dav_methods PUT DELETE MKCOL COPY MOVE;
@@ -83,18 +83,18 @@ in {
83 ]; 83 ];
84 84
85 85
86 services.uwsgi.instance.vassals.webdav = { 86 # services.uwsgi.instance.vassals.webdav = {
87 type = "normal"; 87 # type = "normal";
88 socket = webdavSocket; 88 # socket = webdavSocket;
89 listen = 1024; 89 # listen = 1024;
90 master = true; 90 # master = true;
91 vacuum = true; 91 # vacuum = true;
92 chown-socket = "${config.services.nginx.user}:${config.services.uwsgi.group}"; 92 # chown-socket = "${config.services.nginx.user}:${config.services.uwsgi.group}";
93 93
94 plugins = ["python3"]; 94 # plugins = ["python3"];
95 pythonPackages = self: [webdavApp]; 95 # pythonPackages = self: [webdavApp];
96 module = "webdav"; 96 # module = "webdav";
97 callable = "app"; 97 # callable = "app";
98 }; 98 # };
99 }; 99 };
100} 100}
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index e40342df..a5c60419 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -129,10 +129,10 @@ with lib;
129 client_body_temp_path /run/nginx-client-bodies; 129 client_body_temp_path /run/nginx-client-bodies;
130 ''; 130 '';
131 upstreams.grafana = { 131 upstreams.grafana = {
132 servers = { "unix:${config.services.grafana.socket}" = {}; }; 132 servers = { "unix:${config.services.grafana.settings.server.socket}" = {}; };
133 }; 133 };
134 virtualHosts = { 134 virtualHosts = {
135 ${config.services.grafana.domain} = { 135 ${config.services.grafana.settings.server.domain} = {
136 forceSSL = true; 136 forceSSL = true;
137 sslCertificate = ./selfsigned.crt; 137 sslCertificate = ./selfsigned.crt;
138 sslCertificateKey = "/run/credentials/nginx.service/selfsigned.key"; 138 sslCertificateKey = "/run/credentials/nginx.service/selfsigned.key";
@@ -146,11 +146,13 @@ with lib;
146 users.users.nginx.extraGroups = ["grafana"]; 146 users.users.nginx.extraGroups = ["grafana"];
147 services.grafana = { 147 services.grafana = {
148 enable = true; 148 enable = true;
149 analytics.reporting.enable = false; 149 settings = {
150 domain = "grafana.vidhar.yggdrasil"; 150 analytics.reporting_enabled = false;
151 security.adminPasswordFile = config.sops.secrets."grafana-admin-password".path; 151 server.protocol = "socket";
152 security.secretKeyFile = config.sops.secrets."grafana-secret-key".path; 152 server.domain = "grafana.vidhar.yggdrasil";
153 protocol = "socket"; 153 security.admin_password = "$__file{${config.sops.secrets."grafana-admin-password".path}}";
154 security.secret_key = "$__file{${config.sops.secrets."grafana-secret-key".path}}";
155 };
154 }; 156 };
155 sops.secrets."grafana-admin-password" = { 157 sops.secrets."grafana-admin-password" = {
156 format = "binary"; 158 format = "binary";