From 1aa80a380b5107decc7cdc2ca15572fccaae0cfe Mon Sep 17 00:00:00 2001 From: Lucy Hochkamp Date: Thu, 4 Jan 2024 15:32:56 +0100 Subject: [PATCH] fix caddy --- hosts/picard/default.nix | 31 +++++++------------------------ secrets/desec.age | Bin 882 -> 878 bytes 2 files changed, 7 insertions(+), 24 deletions(-) diff --git a/hosts/picard/default.nix b/hosts/picard/default.nix index 156e1d74..1132f9c3 100644 --- a/hosts/picard/default.nix +++ b/hosts/picard/default.nix @@ -43,27 +43,7 @@ services.postgresql.package = pkgs.postgresql_13; - services.nginx.recommendedOptimisation = true; - - services.nginx.virtualHosts."xyno.space" = { - locations."/".proxyPass = "http://[::1]${config.services.xynoblog.listen}"; - locations."/gyakapyukawfyuokfgwtyutf.js".proxyPass = "http://127.0.0.1:${toString config.services.plausible.server.port}/js/plausible.outbound-links.js"; - locations."= /api/event" = { - proxyPass = "http://127.0.0.1:${toString config.services.plausible.server.port}/api/event"; - recommendedProxySettings = false; - extraConfig = '' - proxy_set_header Host stats.xyno.space; - proxy_buffering on; - proxy_http_version 1.1; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - ''; - }; - } // (lib.my.findOutTlsConfig "xyno.space" config); - - + systemd.services.caddy.serviceConfig.EnvironmentFile = config.age.secrets.desec.path; services.caddy = { enable = true; package = (pkgs.callPackage ./custom-caddy.nix { @@ -72,8 +52,8 @@ ]; vendorHash = lib.fakeSha256; }); - extraConfig = '' - acme_dns desec {TOKEN} + globalConfig = '' + acme_dns desec {$TOKEN} ''; virtualHosts."*.ragon.xyz".extraConfig = '' @8081 host 8081.ragon.xyz @@ -89,6 +69,9 @@ encode zstd gzip root /srv/www file_server browse + basicauth /* { + {$BAUSER} {$BAPASSWD} + } } @bw host bw.ragon.xyz handle @bw { @@ -219,7 +202,7 @@ cli.enable = true; user.enable = true; persist.enable = true; - persist.extraDirectories = [ "/var/lib/syncthing" "/var/lib/${config.services.xynoblog.stateDirectory}" ]; + persist.extraDirectories = [ "/srv/www" config.services.caddy.dataDir "/var/lib/syncthing" "/var/lib/${config.services.xynoblog.stateDirectory}" ]; services = { ssh.enable = true; diff --git a/secrets/desec.age b/secrets/desec.age index 1e2895f04a0da609800760b0915a269e98e80ea0..de5ac5f8cf8090e73497341c12c1f63245925cff 100644 GIT binary patch delta 789 zcmeyw_Kt0WPQ6i)qgzFyx0#=tS&(*>eyUSIky$}yMy7W`uuGO_W=UX#X`Y#xn|V;S z1(%OWQhK>%v3pofPIy#iMqsH$m}{DMfkjZbhnsd)u%lOIKx9d=i<4)*374*&LUD11 zZfc5=si~o*LTS23czC%&MSg0qVRmwrb3l%Nl7&I2yPLO3Nnm7oqya*K+pJOU@5WfZU1PD(E^D-7}VsWNp>(oS^r2?+JE z^hpc$DoAp4FE21Mif}aXwMYvp%Sq?*_3=y!ugLOD_APV@FmmxsuJS1|G$|^n@Cphx za7;_8jBpAo%F(whDJn;g0CPVdQ@?bDD1Wn%Aal=vApOJuuK;I9%X(KMZI9xDilp*< z-{4T~h+-pWeZTCaP*3M_E}x39oTRX zZGXp16AS-*E?r$+1)nOjj0jWXbU&}OqKIsl09Sugb0arrmjKgX%gE3q$23zL~Ry=Y2`pVD#0yh-6 zD_=Uil>WJG!VSgds4RoWZ&SsWu5b&Q)BCySz}qPgHM4cv1Y2IIu$Lwt36T+H75eQG zSGB!Wa&7pg_2uH)3xe4;)jd+Wu4Voz)YeQmq~JJYPO?Cq_?BCUygTR zIag*{x=&iAr)g1^N1<1SS+covNq}}}VWdZ>SEZqkVQ!IcQBh=4N|uqQ0hg|wLUD11 zZfc5=si~o*LTS23czC&jUvNO7b7*96WpR*EPH1pcmRp5cP+)9dfN_LDK~jj3u~&&tR7I7^ z#E;@(e*PBTZe{)@{#j)~rv51|Nj~NJCKmotmX(!R0sh`b`RNszt^tAGJ~`!F<;lhs z$>Hh2#*u#hX8vxz-VyqSQ56+YSy`t3K~?^t6=~`2iG|@InZ=Xi7$w4e%p)xQ6T{10 z%md7lB22<6jr{dXEK^)ff=dm9{EAcDd_uH+w6#6M!jieNq7wZJ3-ygmOT7!VEqpy3 z{hd6L%kl%=J(4nla*{nuvb}uLib|X-gM25SWfZUXP4cWt$_jA`jc{=?%gV?z@-wI~ zFfp}AE%bCQ2{L!~at(F$_Hp-#N-yUMbj|a$bTanI3#=$gE=*3z%*zZ5PKpRE2`>u_ zF$sxEat$?e&r8u1_xqGW%c zvT*%~@NA<v5j_RJtMfmSn@0q8#bf%Vd}3IZga1+Q;`Zd`3jShW@pZ(u0C`i>7@%#Pu(9#=+}` K)7?&aW&!|CuMRN)