Compare commits
No commits in common. "c42316b4f68f52b3968e431ccdf6f5b27ffb7866" and "feadbd010b9bdde81535309551766c3c96f0e994" have entirely different histories.
c42316b4f6
...
feadbd010b
4 changed files with 15 additions and 49 deletions
|
|
@ -10,13 +10,7 @@
|
|||
services.openssh.enable = true;
|
||||
services.openssh.settings.PermitRootLogin = lib.mkDefault "no";
|
||||
|
||||
services.fail2ban = {
|
||||
enable = true;
|
||||
maxretry = 5;
|
||||
ignoreIP = [
|
||||
"neptune.site.deuxfleurs.fr"
|
||||
];
|
||||
};
|
||||
services.fail2ban.enable = true;
|
||||
|
||||
# Activate nix flakes.
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@ in
|
|||
./gitolite.nix
|
||||
./letsencrypt.nix
|
||||
./srv.nix
|
||||
./weechat-relay.nix
|
||||
];
|
||||
|
||||
# Use the GRUB 2 boot loader.
|
||||
|
|
|
|||
|
|
@ -1,8 +1,5 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
up_dir = /srv/up;
|
||||
in
|
||||
{
|
||||
services.nginx.enable = true;
|
||||
|
||||
|
|
@ -10,29 +7,25 @@ in
|
|||
# in /home. So we need to use a different location.
|
||||
users.users."up" = {
|
||||
isNormalUser = true;
|
||||
home = up_dir;
|
||||
# group = config.services.nginx.group;
|
||||
group = "nginx";
|
||||
# Unsure why this is broken, but couldn't make things work without
|
||||
# creating the directory by hand.
|
||||
# createHome = true;
|
||||
# homeMode = "750";
|
||||
home = /srv/up;
|
||||
group = config.services.nginx.group;
|
||||
createHome = true;
|
||||
homeMode = "750";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."srv.isomorphis.me" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
root = up_dir;
|
||||
locations ={
|
||||
"/" = {
|
||||
extraConfig = "autoindex on;";
|
||||
};
|
||||
"/.ssh" = {
|
||||
return = "403";
|
||||
};
|
||||
"/i/" = {
|
||||
extraConfig = "autoindex off;";
|
||||
root = config.users.users."up".home;
|
||||
locations."/" = {
|
||||
extraConfig = ''
|
||||
autoindex on;
|
||||
'';
|
||||
};
|
||||
locations."/i/" = {
|
||||
extraConfig = ''
|
||||
autoindex off;
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
mkProxy = port: {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:" + builtins.toString port + "/weechat";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
proxy_read_timeout 604800; # Prevent idle disconnects
|
||||
proxy_set_header X-Real-IP $remote_addr; # Let WeeChat see the client's IP
|
||||
'';
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
services.nginx.enable = true;
|
||||
services.nginx.virtualHosts."relayjq.isomorphis.me" = mkProxy 9001;
|
||||
}
|
||||
Loading…
Reference in a new issue