fix: warnings
This commit is contained in:
Philipp Hochkamp
parent
220c5614ca
commit
bfb1842988
4 changed files with 8 additions and 9 deletions
|
|
@ -13,14 +13,14 @@ in
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
services.grafana = {
|
services.grafana = {
|
||||||
enable = true;
|
enable = true;
|
||||||
domain = "${cfg.domainPrefix}.${domain}";
|
settings.server.domain = "${cfg.domainPrefix}.${domain}";
|
||||||
rootUrl = "https://${cfg.domainPrefix}.${domain}/";
|
settings.server.root_url = "https://${cfg.domainPrefix}.${domain}/";
|
||||||
};
|
};
|
||||||
services.nginx.virtualHosts."${cfg.domainPrefix}.${domain}" = {
|
services.nginx.virtualHosts."${cfg.domainPrefix}.${domain}" = {
|
||||||
useACMEHost = "${domain}";
|
useACMEHost = "${domain}";
|
||||||
addSSL = true;
|
addSSL = true;
|
||||||
locations = {
|
locations = {
|
||||||
"/".proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
|
"/".proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
|
||||||
"/".proxyWebsockets = true;
|
"/".proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -6,9 +6,9 @@ in
|
||||||
{
|
{
|
||||||
options.ragon.services.ssh.enable = lib.mkEnableOption "Enables sshd";
|
options.ragon.services.ssh.enable = lib.mkEnableOption "Enables sshd";
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
services.openssh.permitRootLogin = "without-password";
|
services.openssh.settings.PermitRootLogin = "without-password";
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
services.openssh.passwordAuthentication = false;
|
services.openssh.settings.PasswordAuthentication = false;
|
||||||
users.users.root.openssh.authorizedKeys.keys = pubkeys.ragon.user;
|
users.users.root.openssh.authorizedKeys.keys = pubkeys.ragon.user;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
environment.systemPackages = [ inputs.agenix.defaultPackage.${pkgs.system} ];
|
environment.systemPackages = [ inputs.agenix.packages.${pkgs.system}.default ];
|
||||||
# Set passwords
|
# Set passwords
|
||||||
users.users.root.passwordFile = config.age.secrets.rootPasswd.path;
|
users.users.root.passwordFile = config.age.secrets.rootPasswd.path;
|
||||||
age.identityPaths =
|
age.identityPaths =
|
||||||
|
|
|
||||||
|
|
@ -11,9 +11,8 @@ in
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
security.sudo.execWheelOnly = true;
|
security.sudo.execWheelOnly = true;
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
passwordAuthentication = false;
|
settings.PasswordAuthentication = false;
|
||||||
allowSFTP = true; # just use rsync, lol
|
settings.KbdInteractiveAuthentication = false;
|
||||||
kbdInteractiveAuthentication = false;
|
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
AllowTcpForwarding yes
|
AllowTcpForwarding yes
|
||||||
X11Forwarding no
|
X11Forwarding no
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue