Compare commits

..

No commits in common. "c42316b4f68f52b3968e431ccdf6f5b27ffb7866" and "feadbd010b9bdde81535309551766c3c96f0e994" have entirely different histories.

4 changed files with 15 additions and 49 deletions

View file

@ -10,13 +10,7 @@
services.openssh.enable = true; services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = lib.mkDefault "no"; services.openssh.settings.PermitRootLogin = lib.mkDefault "no";
services.fail2ban = { services.fail2ban.enable = true;
enable = true;
maxretry = 5;
ignoreIP = [
"neptune.site.deuxfleurs.fr"
];
};
# Activate nix flakes. # Activate nix flakes.
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ];

View file

@ -13,7 +13,6 @@ in
./gitolite.nix ./gitolite.nix
./letsencrypt.nix ./letsencrypt.nix
./srv.nix ./srv.nix
./weechat-relay.nix
]; ];
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.

View file

@ -1,8 +1,5 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let
up_dir = /srv/up;
in
{ {
services.nginx.enable = true; services.nginx.enable = true;
@ -10,29 +7,25 @@ in
# in /home. So we need to use a different location. # in /home. So we need to use a different location.
users.users."up" = { users.users."up" = {
isNormalUser = true; isNormalUser = true;
home = up_dir; home = /srv/up;
# group = config.services.nginx.group; group = config.services.nginx.group;
group = "nginx"; createHome = true;
# Unsure why this is broken, but couldn't make things work without homeMode = "750";
# creating the directory by hand.
# createHome = true;
# homeMode = "750";
}; };
services.nginx.virtualHosts."srv.isomorphis.me" = { services.nginx.virtualHosts."srv.isomorphis.me" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
root = up_dir; root = config.users.users."up".home;
locations ={ locations."/" = {
"/" = { extraConfig = ''
extraConfig = "autoindex on;"; autoindex on;
}; '';
"/.ssh" = {
return = "403";
};
"/i/" = {
extraConfig = "autoindex off;";
}; };
locations."/i/" = {
extraConfig = ''
autoindex off;
'';
}; };
}; };
} }

View file

@ -1,20 +0,0 @@
{ config, lib, pkgs, ... }:
let
mkProxy = port: {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:" + builtins.toString port + "/weechat";
proxyWebsockets = true;
extraConfig = ''
proxy_read_timeout 604800; # Prevent idle disconnects
proxy_set_header X-Real-IP $remote_addr; # Let WeeChat see the client's IP
'';
};
};
in
{
services.nginx.enable = true;
services.nginx.virtualHosts."relayjq.isomorphis.me" = mkProxy 9001;
}