...

author: Gregor Kleen <gkleen@yggdrasil.li> 2022-11-07 22:43:26 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2022-11-07 22:43:26 +0100
commit: 5b3c59bf26ff8b9c38f3ca78451b42ad0014a585 (patch)
tree: 515f43dc3a8543f6ca2e7afdd565885e8903e7e6 /hosts
parent: c80473dbef4ca003642322e7243affe52eef4b06 (diff)
download: nixos-5b3c59bf26ff8b9c38f3ca78451b42ad0014a585.tar
nixos-5b3c59bf26ff8b9c38f3ca78451b42ad0014a585.tar.gz
nixos-5b3c59bf26ff8b9c38f3ca78451b42ad0014a585.tar.bz2
nixos-5b3c59bf26ff8b9c38f3ca78451b42ad0014a585.tar.xz
nixos-5b3c59bf26ff8b9c38f3ca78451b42ad0014a585.zip
2 files changed, 36 insertions, 34 deletions
diff --git a/hosts/surtr/http/webdav/default.nix b/hosts/surtr/http/webdav/default.nix
index 5f2955bc..1da411d3 100644
--- a/hosts/surtr/http/webdav/default.nix
+++ b/hosts/surtr/http/webdav/default.nix
@@ -26,14 +26,14 @@ in {
      account sufficient pam_unix.so quiet
    '';
    users.groups."webdav" = {};
-    
    services.nginx = {
-      upstreams."py-webdav" = {
+      # upstreams."py-webdav" = {
-        servers = {
+      #   servers = {
-          "unix://${webdavSocket}" = {};
+      #     "unix://${webdavSocket}" = {};
-        };
+      #   };
-      };
+      # };
-      
      virtualHosts."webdav.141.li" = {
        forceSSL = true;
        sslCertificate = "/run/credentials/nginx.service/webdav.141.li.pem";
@@ -41,19 +41,19 @@ in {
        sslTrustedCertificate = "/run/credentials/nginx.service/webdav.141.li.chain.pem";
        locations = {
          "/".extraConfig = ''
-            root /srv/files/$remote_user;            
+            root /srv/files/$remote_user;
            auth_pam "WebDAV";
            auth_pam_service_name "webdav";
          '';
-          "/py/".extraConfig = ''
+          # "/py/".extraConfig = ''
-            rewrite ^/py(.*) $1 break;
+          #   rewrite ^/py(.*) $1 break;
-            include ${config.services.nginx.package}/conf/uwsgi_params;
+          #   include ${config.services.nginx.package}/conf/uwsgi_params;
-            uwsgi_param SCRIPT_NAME /py;
+          #   uwsgi_param SCRIPT_NAME /py;
-            uwsgi_pass py-webdav;
+          #   uwsgi_pass py-webdav;
-          '';
+          # '';
        };
        extraConfig = ''
          dav_methods     PUT DELETE MKCOL COPY MOVE;
@@ -83,18 +83,18 @@ in {
    ];
-    services.uwsgi.instance.vassals.webdav = {
+    # services.uwsgi.instance.vassals.webdav = {
-      type = "normal";
+    #   type = "normal";
-      socket = webdavSocket;
+    #   socket = webdavSocket;
-      listen = 1024;
+    #   listen = 1024;
-      master = true;
+    #   master = true;
-      vacuum = true;
+    #   vacuum = true;
-      chown-socket = "${config.services.nginx.user}:${config.services.uwsgi.group}";
+    #   chown-socket = "${config.services.nginx.user}:${config.services.uwsgi.group}";
-      
-      plugins = ["python3"];
+    #   plugins = ["python3"];
-      pythonPackages = self: [webdavApp];
+    #   pythonPackages = self: [webdavApp];
-      module = "webdav";
+    #   module = "webdav";
-      callable = "app";
+    #   callable = "app";
-    };
+    # };
  };
 }
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index e40342df..a5c60419 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -129,10 +129,10 @@ with lib;
        client_body_temp_path /run/nginx-client-bodies;
      '';
      upstreams.grafana = {
-        servers = { "unix:${config.services.grafana.socket}" = {}; };
+        servers = { "unix:${config.services.grafana.settings.server.socket}" = {}; };
      };
      virtualHosts = {
-        ${config.services.grafana.domain} = {
+        ${config.services.grafana.settings.server.domain} = {
          forceSSL = true;
          sslCertificate = ./selfsigned.crt;
          sslCertificateKey = "/run/credentials/nginx.service/selfsigned.key";
@@ -146,11 +146,13 @@ with lib;
    users.users.nginx.extraGroups = ["grafana"];
    services.grafana = {
      enable = true;
-      analytics.reporting.enable = false;
+      settings = {
-      domain = "grafana.vidhar.yggdrasil";
+        analytics.reporting_enabled = false;
-      security.adminPasswordFile = config.sops.secrets."grafana-admin-password".path;
+        server.protocol = "socket";
-      security.secretKeyFile = config.sops.secrets."grafana-secret-key".path;
+        server.domain = "grafana.vidhar.yggdrasil";
-      protocol = "socket";
+        security.admin_password = "$__file{${config.sops.secrets."grafana-admin-password".path}}";
+        security.secret_key = "$__file{${config.sops.secrets."grafana-secret-key".path}}";
+      };
    };
    sops.secrets."grafana-admin-password" = {
      format = "binary";
author	Gregor Kleen <gkleen@yggdrasil.li>	2022-11-07 22:43:26 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2022-11-07 22:43:26 +0100
commit	5b3c59bf26ff8b9c38f3ca78451b42ad0014a585 (patch)
tree	515f43dc3a8543f6ca2e7afdd565885e8903e7e6 /hosts
parent	c80473dbef4ca003642322e7243affe52eef4b06 (diff)
download	nixos-5b3c59bf26ff8b9c38f3ca78451b42ad0014a585.tar nixos-5b3c59bf26ff8b9c38f3ca78451b42ad0014a585.tar.gz nixos-5b3c59bf26ff8b9c38f3ca78451b42ad0014a585.tar.bz2 nixos-5b3c59bf26ff8b9c38f3ca78451b42ad0014a585.tar.xz nixos-5b3c59bf26ff8b9c38f3ca78451b42ad0014a585.zip

diff --git a/hosts/surtr/http/webdav/default.nix b/hosts/surtr/http/webdav/default.nix index 5f2955bc..1da411d3 100644 --- a/hosts/surtr/http/webdav/default.nix +++ b/hosts/surtr/http/webdav/default.nix
@@ -26,14 +26,14 @@ in {
26	account sufficient pam_unix.so quiet	26	account sufficient pam_unix.so quiet
27	'';	27	'';
28	users.groups."webdav" = {};	28	users.groups."webdav" = {};
29		29
30	services.nginx = {	30	services.nginx = {
31	upstreams."py-webdav" = {	31	# upstreams."py-webdav" = {
32	servers = {	32	# servers = {
33	"unix://${webdavSocket}" = {};	33	# "unix://${webdavSocket}" = {};
34	};	34	# };
35	};	35	# };
36		36
37	virtualHosts."webdav.141.li" = {	37	virtualHosts."webdav.141.li" = {
38	forceSSL = true;	38	forceSSL = true;
39	sslCertificate = "/run/credentials/nginx.service/webdav.141.li.pem";	39	sslCertificate = "/run/credentials/nginx.service/webdav.141.li.pem";
@@ -41,19 +41,19 @@ in {
41	sslTrustedCertificate = "/run/credentials/nginx.service/webdav.141.li.chain.pem";	41	sslTrustedCertificate = "/run/credentials/nginx.service/webdav.141.li.chain.pem";
42	locations = {	42	locations = {
43	"/".extraConfig = ''	43	"/".extraConfig = ''
44	root /srv/files/$remote_user;	44	root /srv/files/$remote_user;
45		45
46	auth_pam "WebDAV";	46	auth_pam "WebDAV";
47	auth_pam_service_name "webdav";	47	auth_pam_service_name "webdav";
48	'';	48	'';
49		49
50	"/py/".extraConfig = ''	50	# "/py/".extraConfig = ''
51	rewrite ^/py(.*) $1 break;	51	# rewrite ^/py(.*) $1 break;
52		52
53	include ${config.services.nginx.package}/conf/uwsgi_params;	53	# include ${config.services.nginx.package}/conf/uwsgi_params;
54	uwsgi_param SCRIPT_NAME /py;	54	# uwsgi_param SCRIPT_NAME /py;
55	uwsgi_pass py-webdav;	55	# uwsgi_pass py-webdav;
56	'';	56	# '';
57	};	57	};
58	extraConfig = ''	58	extraConfig = ''
59	dav_methods PUT DELETE MKCOL COPY MOVE;	59	dav_methods PUT DELETE MKCOL COPY MOVE;
@@ -83,18 +83,18 @@ in {
83	];	83	];
84		84
85		85
86	services.uwsgi.instance.vassals.webdav = {	86	# services.uwsgi.instance.vassals.webdav = {
87	type = "normal";	87	# type = "normal";
88	socket = webdavSocket;	88	# socket = webdavSocket;
89	listen = 1024;	89	# listen = 1024;
90	master = true;	90	# master = true;
91	vacuum = true;	91	# vacuum = true;
92	chown-socket = "${config.services.nginx.user}:${config.services.uwsgi.group}";	92	# chown-socket = "${config.services.nginx.user}:${config.services.uwsgi.group}";
93		93
94	plugins = ["python3"];	94	# plugins = ["python3"];
95	pythonPackages = self: [webdavApp];	95	# pythonPackages = self: [webdavApp];
96	module = "webdav";	96	# module = "webdav";
97	callable = "app";	97	# callable = "app";
98	};	98	# };
99	};	99	};
100	}	100	}


diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index e40342df..a5c60419 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix
@@ -129,10 +129,10 @@ with lib;
129	client_body_temp_path /run/nginx-client-bodies;	129	client_body_temp_path /run/nginx-client-bodies;
130	'';	130	'';
131	upstreams.grafana = {	131	upstreams.grafana = {
132	servers = { "unix:${config.services.grafana.socket}" = {}; };	132	servers = { "unix:${config.services.grafana.settings.server.socket}" = {}; };
133	};	133	};
134	virtualHosts = {	134	virtualHosts = {
135	${config.services.grafana.domain} = {	135	${config.services.grafana.settings.server.domain} = {
136	forceSSL = true;	136	forceSSL = true;
137	sslCertificate = ./selfsigned.crt;	137	sslCertificate = ./selfsigned.crt;
138	sslCertificateKey = "/run/credentials/nginx.service/selfsigned.key";	138	sslCertificateKey = "/run/credentials/nginx.service/selfsigned.key";
@@ -146,11 +146,13 @@ with lib;
146	users.users.nginx.extraGroups = ["grafana"];	146	users.users.nginx.extraGroups = ["grafana"];
147	services.grafana = {	147	services.grafana = {
148	enable = true;	148	enable = true;
149	analytics.reporting.enable = false;	149	settings = {
150	domain = "grafana.vidhar.yggdrasil";	150	analytics.reporting_enabled = false;
151	security.adminPasswordFile = config.sops.secrets."grafana-admin-password".path;	151	server.protocol = "socket";
152	security.secretKeyFile = config.sops.secrets."grafana-secret-key".path;	152	server.domain = "grafana.vidhar.yggdrasil";
153	protocol = "socket";	153	security.admin_password = "$__file{${config.sops.secrets."grafana-admin-password".path}}";
		154	security.secret_key = "$__file{${config.sops.secrets."grafana-secret-key".path}}";
		155	};
154	};	156	};
155	sops.secrets."grafana-admin-password" = {	157	sops.secrets."grafana-admin-password" = {
156	format = "binary";	158	format = "binary";