Compare commits
No commits in common. "c42316b4f68f52b3968e431ccdf6f5b27ffb7866" and "feadbd010b9bdde81535309551766c3c96f0e994" have entirely different histories.
c42316b4f6
...
feadbd010b
4 changed files with 15 additions and 49 deletions
|
@ -10,13 +10,7 @@
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
services.openssh.settings.PermitRootLogin = lib.mkDefault "no";
|
services.openssh.settings.PermitRootLogin = lib.mkDefault "no";
|
||||||
|
|
||||||
services.fail2ban = {
|
services.fail2ban.enable = true;
|
||||||
enable = true;
|
|
||||||
maxretry = 5;
|
|
||||||
ignoreIP = [
|
|
||||||
"neptune.site.deuxfleurs.fr"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
# Activate nix flakes.
|
# Activate nix flakes.
|
||||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||||
|
|
|
@ -13,7 +13,6 @@ in
|
||||||
./gitolite.nix
|
./gitolite.nix
|
||||||
./letsencrypt.nix
|
./letsencrypt.nix
|
||||||
./srv.nix
|
./srv.nix
|
||||||
./weechat-relay.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
# Use the GRUB 2 boot loader.
|
# Use the GRUB 2 boot loader.
|
||||||
|
|
|
@ -1,8 +1,5 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
let
|
|
||||||
up_dir = /srv/up;
|
|
||||||
in
|
|
||||||
{
|
{
|
||||||
services.nginx.enable = true;
|
services.nginx.enable = true;
|
||||||
|
|
||||||
|
@ -10,29 +7,25 @@ in
|
||||||
# in /home. So we need to use a different location.
|
# in /home. So we need to use a different location.
|
||||||
users.users."up" = {
|
users.users."up" = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
home = up_dir;
|
home = /srv/up;
|
||||||
# group = config.services.nginx.group;
|
group = config.services.nginx.group;
|
||||||
group = "nginx";
|
createHome = true;
|
||||||
# Unsure why this is broken, but couldn't make things work without
|
homeMode = "750";
|
||||||
# creating the directory by hand.
|
|
||||||
# createHome = true;
|
|
||||||
# homeMode = "750";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts."srv.isomorphis.me" = {
|
services.nginx.virtualHosts."srv.isomorphis.me" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
root = up_dir;
|
root = config.users.users."up".home;
|
||||||
locations ={
|
locations."/" = {
|
||||||
"/" = {
|
extraConfig = ''
|
||||||
extraConfig = "autoindex on;";
|
autoindex on;
|
||||||
};
|
'';
|
||||||
"/.ssh" = {
|
|
||||||
return = "403";
|
|
||||||
};
|
|
||||||
"/i/" = {
|
|
||||||
extraConfig = "autoindex off;";
|
|
||||||
};
|
};
|
||||||
|
locations."/i/" = {
|
||||||
|
extraConfig = ''
|
||||||
|
autoindex off;
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
|
@ -1,20 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
let
|
|
||||||
mkProxy = port: {
|
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
locations."/" = {
|
|
||||||
proxyPass = "http://localhost:" + builtins.toString port + "/weechat";
|
|
||||||
proxyWebsockets = true;
|
|
||||||
extraConfig = ''
|
|
||||||
proxy_read_timeout 604800; # Prevent idle disconnects
|
|
||||||
proxy_set_header X-Real-IP $remote_addr; # Let WeeChat see the client's IP
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in
|
|
||||||
{
|
|
||||||
services.nginx.enable = true;
|
|
||||||
services.nginx.virtualHosts."relayjq.isomorphis.me" = mkProxy 9001;
|
|
||||||
}
|
|
Loading…
Reference in a new issue