From 28441393eb1fe79e00d7c110b51462cd699f6862 Mon Sep 17 00:00:00 2001 From: Adrian Kummerlaender Date: Thu, 10 Jun 2021 18:36:24 +0200 Subject: Fix nginx, cgit config --- host/software/server/git.nix | 8 ++++---- host/software/server/mail.nix | 2 +- host/software/server/website.nix | 14 ++++++++------ 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/host/software/server/git.nix b/host/software/server/git.nix index 209a318..2781911 100644 --- a/host/software/server/git.nix +++ b/host/software/server/git.nix @@ -3,8 +3,8 @@ { services.uwsgi = { enable = true; - user = "nginx"; - group = "nginx"; + user = "public"; + group = "users"; plugins = [ "cgi" ]; instance = { @@ -33,7 +33,7 @@ ''; }; - users.extraUsers.nginx.extraGroups = [ "git" ]; + users.extraUsers.public.extraGroups = [ "git" ]; services.nginx.virtualHosts."code.kummerlaender.eu" = { addSSL = true; @@ -64,7 +64,7 @@ }; script = '' mkdir /run/cgit - chown -R nginx:nginx /run/cgit + chown -R public:users /run/cgit ''; }; diff --git a/host/software/server/mail.nix b/host/software/server/mail.nix index 34ebc82..37c007b 100644 --- a/host/software/server/mail.nix +++ b/host/software/server/mail.nix @@ -2,7 +2,7 @@ { imports = let - release = "nixos-20.09"; + release = "nixos-21.05"; in [ (builtins.fetchTarball { url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz"; diff --git a/host/software/server/website.nix b/host/software/server/website.nix index a5f65fb..00473df 100644 --- a/host/software/server/website.nix +++ b/host/software/server/website.nix @@ -7,6 +7,8 @@ shell = pkgs.fish; }; + services.nginx.user = "public"; + systemd.services.nginx.serviceConfig.ProtectHome = false; # `public` generates websites using their custom derivations via `nix-build` @@ -27,11 +29,11 @@ ''; }; - proxy = target: { - proxyPass = target; + proxy = server: target: { + proxyPass = server; extraConfig = '' expires off; - proxy_set_header Host code.kummerlaender.eu; + return ${target}; ''; }; in { @@ -47,9 +49,9 @@ "pkgs.kummerlaender.eu" = default { "/".root = "/home/public/pkgs/result"; - "/nixexprs.tar.gz" = proxy "http://code.kummerlaender.eu/pkgs/snapshot/master.tar.gz"; - "/nixexprs.tar.xz" = proxy "http://code.kummerlaender.eu/pkgs/snapshot/master.tar.xz"; - "/nixexprs.tar.bz2" = proxy "http://code.kummerlaender.eu/pkgs/snapshot/master.tar.bz2"; + "/nixexprs.tar.gz" = proxy "http://code.kummerlaender.eu" "http://code.kummerlaender.eu/pkgs/snapshot/master.tar.gz"; + "/nixexprs.tar.xz" = proxy "http://code.kummerlaender.eu" "http://code.kummerlaender.eu/pkgs/snapshot/master.tar.xz"; + "/nixexprs.tar.bz2" = proxy "http://code.kummerlaender.eu" "http://code.kummerlaender.eu/pkgs/snapshot/master.tar.bz2"; }; "literatelb.org" = let -- cgit v1.2.3