From 5b3c59bf26ff8b9c38f3ca78451b42ad0014a585 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 7 Nov 2022 22:43:26 +0100 Subject: ... --- hosts/surtr/http/webdav/default.nix | 54 ++++++++++++++++++------------------- hosts/vidhar/default.nix | 16 ++++++----- 2 files changed, 36 insertions(+), 34 deletions(-) (limited to 'hosts') diff --git a/hosts/surtr/http/webdav/default.nix b/hosts/surtr/http/webdav/default.nix index 5f2955bc..1da411d3 100644 --- a/hosts/surtr/http/webdav/default.nix +++ b/hosts/surtr/http/webdav/default.nix @@ -26,14 +26,14 @@ in { account sufficient pam_unix.so quiet ''; users.groups."webdav" = {}; - + services.nginx = { - upstreams."py-webdav" = { - servers = { - "unix://${webdavSocket}" = {}; - }; - }; - + # upstreams."py-webdav" = { + # servers = { + # "unix://${webdavSocket}" = {}; + # }; + # }; + virtualHosts."webdav.141.li" = { forceSSL = true; sslCertificate = "/run/credentials/nginx.service/webdav.141.li.pem"; @@ -41,19 +41,19 @@ in { sslTrustedCertificate = "/run/credentials/nginx.service/webdav.141.li.chain.pem"; locations = { "/".extraConfig = '' - root /srv/files/$remote_user; + root /srv/files/$remote_user; auth_pam "WebDAV"; auth_pam_service_name "webdav"; ''; - "/py/".extraConfig = '' - rewrite ^/py(.*) $1 break; + # "/py/".extraConfig = '' + # rewrite ^/py(.*) $1 break; - include ${config.services.nginx.package}/conf/uwsgi_params; - uwsgi_param SCRIPT_NAME /py; - uwsgi_pass py-webdav; - ''; + # include ${config.services.nginx.package}/conf/uwsgi_params; + # uwsgi_param SCRIPT_NAME /py; + # uwsgi_pass py-webdav; + # ''; }; extraConfig = '' dav_methods PUT DELETE MKCOL COPY MOVE; @@ -83,18 +83,18 @@ in { ]; - services.uwsgi.instance.vassals.webdav = { - type = "normal"; - socket = webdavSocket; - listen = 1024; - master = true; - vacuum = true; - chown-socket = "${config.services.nginx.user}:${config.services.uwsgi.group}"; - - plugins = ["python3"]; - pythonPackages = self: [webdavApp]; - module = "webdav"; - callable = "app"; - }; + # services.uwsgi.instance.vassals.webdav = { + # type = "normal"; + # socket = webdavSocket; + # listen = 1024; + # master = true; + # vacuum = true; + # chown-socket = "${config.services.nginx.user}:${config.services.uwsgi.group}"; + + # plugins = ["python3"]; + # pythonPackages = self: [webdavApp]; + # module = "webdav"; + # callable = "app"; + # }; }; } diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index e40342df..a5c60419 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix @@ -129,10 +129,10 @@ with lib; client_body_temp_path /run/nginx-client-bodies; ''; upstreams.grafana = { - servers = { "unix:${config.services.grafana.socket}" = {}; }; + servers = { "unix:${config.services.grafana.settings.server.socket}" = {}; }; }; virtualHosts = { - ${config.services.grafana.domain} = { + ${config.services.grafana.settings.server.domain} = { forceSSL = true; sslCertificate = ./selfsigned.crt; sslCertificateKey = "/run/credentials/nginx.service/selfsigned.key"; @@ -146,11 +146,13 @@ with lib; users.users.nginx.extraGroups = ["grafana"]; services.grafana = { enable = true; - analytics.reporting.enable = false; - domain = "grafana.vidhar.yggdrasil"; - security.adminPasswordFile = config.sops.secrets."grafana-admin-password".path; - security.secretKeyFile = config.sops.secrets."grafana-secret-key".path; - protocol = "socket"; + settings = { + analytics.reporting_enabled = false; + server.protocol = "socket"; + server.domain = "grafana.vidhar.yggdrasil"; + security.admin_password = "$__file{${config.sops.secrets."grafana-admin-password".path}}"; + security.secret_key = "$__file{${config.sops.secrets."grafana-secret-key".path}}"; + }; }; sops.secrets."grafana-admin-password" = { format = "binary"; -- cgit v1.2.3