vinzenz/nixos-configuration
0
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

anubis for blog

Browse source
This commit is contained in:
Vinzenz Schroeter 2025-09-06 20:34:58 +02:00
parent 88f192d38d
commit 2909c9001a
1 changed files with 41 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

49
hosts/hetzner-vpn2/nginx.nix
View file

@ -1,4 +1,8 @@
{ pkgs, inputs, ... }: { inputs, pkgs, ... }:
let
blog-domain-socket = "/run/nginx/blog.sock";
anubis-domain-socket = "/run/anubis/anubis-blog.sock";
in
{ {
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
@ -6,8 +10,16 @@
}; };
security.pam.services.nginx.setEnvironment = false; security.pam.services.nginx.setEnvironment = false;
systemd.services.nginx.serviceConfig = { systemd.services = {
SupplementaryGroups = [ "shadow" ]; nginx.serviceConfig = {
SupplementaryGroups = [
"shadow"
"anubis"
];
};
anubis-main.serviceConfig = {
SupplementaryGroups = [ "nginx" ];
};
}; };
services.nginx = { services.nginx = {
@ -58,13 +70,34 @@
"zerforschen.plus" = { "zerforschen.plus" = {
addSSL = true; addSSL = true;
enableACME = true; enableACME = true;
locations."/" = {
proxyPass = ("http://unix:" + anubis-domain-socket);
};
};
"vinzenz-lpt2-in-anubis" = {
root = inputs.zerforschen-plus.packages."${pkgs.system}".zerforschen-plus-content; root = inputs.zerforschen-plus.packages."${pkgs.system}".zerforschen-plus-content;
listen = [
{
addr = ("unix:" + blog-domain-socket);
}
];
}; };
}; };
};
networking.firewall.allowedTCPPorts = [ anubis = {
80 instances.main = {
443 enable = true;
]; settings = {
BIND = anubis-domain-socket;
TARGET = "unix://" + blog-domain-socket;
};
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
};
} }