From 14e731f40b91976976cc8b72f267bc90b0f07521 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 9 Apr 2022 00:23:17 +0200
Subject: vidhar: ...

---
 hosts/vidhar/default.nix            | 5 +++++
 hosts/vidhar/prometheus/default.nix | 2 ++
 2 files changed, 7 insertions(+)

(limited to 'hosts')

diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index 69ca1403..d8f9cdb4 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -131,6 +131,8 @@
 
         access_log syslog:server=unix:/dev/log main;
         error_log syslog:server=unix:/dev/log info;
+
+        client_body_temp_path /run/nginx-client-bodies;
       '';
       upstreams.grafana = {
         servers = { "unix:${config.services.grafana.socket}" = {}; };
@@ -175,6 +177,9 @@
       serviceConfig = {
         ExecReload = lib.mkForce "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
         LoadCredential = [ "selfsigned.key:${config.sops.secrets."selfsigned.key".path}" ];
+
+        RuntimeDirectory = lib.mkForce [ "nginx" "nginx-client-bodies" ];
+        RuntimeDirectoryMode = "0750";
       };
     };
 
diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix
index 4a666e95..8d7b0fe8 100644
--- a/hosts/vidhar/prometheus/default.nix
+++ b/hosts/vidhar/prometheus/default.nix
@@ -400,6 +400,8 @@ in {
           ssl_client_certificate ${./ca/ca.crt};
           ssl_trusted_certificate ${./ca/ca.crt};
           ssl_verify_client on;
+
+          client_max_body_size    0;
         '';
         locations."/" = {
           proxyPass = "http://prometheus/";
-- 
cgit v1.2.3