diff options
author | TheArcaneBrony <myrainbowdash949@gmail.com> | 2023-04-02 17:19:21 +0200 |
---|---|---|
committer | Rory& <root@rory.gay> | 2024-06-05 15:49:39 +0200 |
commit | 01a85d3728d3063823d052f696b2880605022be4 (patch) | |
tree | 021da227f9fce4552e2815d3dcfc3fbd2fcd95ea | |
parent | Improve SSH config (diff) | |
download | Spacebar-Open-Infrastructure-01a85d3728d3063823d052f696b2880605022be4.tar.xz |
Set up secrets domain
-rwxr-xr-x | host/Spacebar-nginx/configuration.nix | 3 | ||||
-rw-r--r-- | host/Spacebar-nginx/hosts/spacebar.local/secrets.nix | 17 | ||||
-rwxr-xr-x | modules/base.nix | 2 |
3 files changed, 21 insertions, 1 deletions
diff --git a/host/Spacebar-nginx/configuration.nix b/host/Spacebar-nginx/configuration.nix index 21da3b4..b54a392 100755 --- a/host/Spacebar-nginx/configuration.nix +++ b/host/Spacebar-nginx/configuration.nix @@ -26,6 +26,9 @@ recommendedTlsSettings = true; virtualHosts = { "mail.spacebar.chat" = import ./hosts/spacebar.chat/mail.nix; + + #local only + "secrets.spacebar.local" = import ./hosts/spacebar.local/secrets.nix { inherit lib config; }; }; }; }; diff --git a/host/Spacebar-nginx/hosts/spacebar.local/secrets.nix b/host/Spacebar-nginx/hosts/spacebar.local/secrets.nix new file mode 100644 index 0000000..d52d481 --- /dev/null +++ b/host/Spacebar-nginx/hosts/spacebar.local/secrets.nix @@ -0,0 +1,17 @@ +{ lib, config }: { + root = "/data/nginx/secrets"; + #use ip from ens18 + listenAddresses = [ + (lib.head config.networking.interfaces.ens18.ipv4.addresses).address + ]; + locations = { + "/" = { + extraConfig = + "autoindex on;" + + "allow 192.168.1.0/24;" + + "allow 127.0.0.1;" + + "deny all;" + ; + }; + }; +} diff --git a/modules/base.nix b/modules/base.nix index c9657e4..9bfc097 100755 --- a/modules/base.nix +++ b/modules/base.nix @@ -71,7 +71,7 @@ sudo = { wheelNeedsPassword = false; execWheelOnly = true; - } + }; polkit.enable = true; }; |