SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-03-22 21:19:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: SebastianStork:def00d7a52978de33212dbdfe4d56ff3fa3a28b4
Branches Tags
SebastianStork:main
SebastianStork:dependabot/github_actions/cachix/cachix-action-17
SebastianStork:deploy
SebastianStork:deployed/srv-core
SebastianStork:deployed/vps-ns
SebastianStork:deployed/vps-www
SebastianStork:testing-srv-core
..
compare: SebastianStork:7a429c5177440a38b79433a89e460df79b37a980
Branches Tags
SebastianStork:dependabot/github_actions/cachix/cachix-action-17
SebastianStork:deploy
SebastianStork:deployed/srv-core
SebastianStork:deployed/vps-ns
SebastianStork:deployed/vps-www
SebastianStork:main
SebastianStork:testing-srv-core

No commits in common. "def00d7a52978de33212dbdfe4d56ff3fa3a28b4" and "7a429c5177440a38b79433a89e460df79b37a980" have entirely different histories.
def00d7a52 ... 7a429c5177

3 changed files with 8 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

18
modules/nixos/services/caddy.nix
View file

@ -13,12 +13,6 @@ let
publicHostsExist = virtualHosts |> lib.any (vHost: (!self.lib.isPrivateDomain vHost.domain)); publicHostsExist = virtualHosts |> lib.any (vHost: (!self.lib.isPrivateDomain vHost.domain));
privateHostsExist = virtualHosts |> lib.any (vHost: self.lib.isPrivateDomain vHost.domain); privateHostsExist = virtualHosts |> lib.any (vHost: self.lib.isPrivateDomain vHost.domain);
privateDomains =
virtualHosts
|> lib.filter (vHost: self.lib.isPrivateDomain vHost.domain)
|> lib.map (vHost: vHost.domain)
|> lib.unique;
mkVirtualHost = mkVirtualHost =
{ {
domain, domain,
@ -144,7 +138,11 @@ in
reloadServices = [ "caddy.service" ]; reloadServices = [ "caddy.service" ];
}; };
certs = privateDomains |> lib.map (domain: lib.nameValuePair domain { }) |> lib.listToAttrs; certs =
virtualHosts
|> lib.filter (host: self.lib.isPrivateDomain host.domain)
|> lib.map (host: lib.nameValuePair host.domain { })
|> lib.listToAttrs;
}; };
services.nebula.networks.mesh.firewall.inbound = [ services.nebula.networks.mesh.firewall.inbound = [
@ -162,11 +160,7 @@ in
systemd.services.caddy = { systemd.services.caddy = {
requires = [ netCfg.overlay.systemdUnit ]; requires = [ netCfg.overlay.systemdUnit ];
wants = privateDomains |> lib.map (domain: "acme-${domain}.service"); after = [ netCfg.overlay.systemdUnit ];
after = [
netCfg.overlay.systemdUnit
]
++ (privateDomains |> lib.map (domain: "acme-${domain}.service"));
}; };
custom.persistence.directories = [ "/var/lib/acme" ]; custom.persistence.directories = [ "/var/lib/acme" ];

2
modules/nixos/web-services/glance.nix
View file

@ -17,7 +17,7 @@ let
|> lib.map (host: { |> lib.map (host: {
type = "monitor"; type = "monitor";
cache = "1m"; cache = "1m";
title = "${host.config.networking.hostName} Services"; title = host.config.networking.hostName;
sites = sites =
host.config.custom.meta.sites host.config.custom.meta.sites
|> lib.attrValues |> lib.attrValues

11
modules/nixos/web-services/scrutiny.nix
View file

@ -34,16 +34,7 @@ in
}; };
}; };
systemd.services.scrutiny = { systemd.services.scrutiny.enableStrictShellChecks = false;
enableStrictShellChecks = false;
serviceConfig = {
DynamicUser = lib.mkForce false;
ProtectSystem = "strict";
ProtectHome = "read-only";
PrivateTmp = true;
RemoveIPC = true;
};
};
custom = { custom = {
services.caddy.virtualHosts.${cfg.domain}.port = cfg.port; services.caddy.virtualHosts.${cfg.domain}.port = cfg.port;