clean up nginx config

2025-09-15 20:28:15 +02:00 · 2025-09-15 20:28:15 +02:00 · 7a17930dd4
commit 7a17930dd4
parent 6754eed1d8
1 changed files with 18 additions and 63 deletions
--- a/nixosConfigurations/hetzner-vpn2/nginx.nix
+++ b/nixosConfigurations/hetzner-vpn2/nginx.nix
@ -9,82 +9,37 @@ in
    defaults.email = "acme@zerforschen.plus";
  };

-  security.pam.services.nginx.setEnvironment = false;
  systemd.services = {
-    nginx.serviceConfig = {
-      SupplementaryGroups = [
-        "shadow"
-        "anubis"
-      ];
-    };
-    anubis-main.serviceConfig = {
-      SupplementaryGroups = [ "nginx" ];
-    };
+    nginx.serviceConfig.SupplementaryGroups = [ "anubis" ];
+    anubis-main.serviceConfig.SupplementaryGroups = [ "nginx" ];
  };

  services = {
    nginx = {
      enable = true;
-      additionalModules = [ pkgs.nginxModules.pam ];
-
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
      recommendedGzipSettings = true;
      recommendedOptimisation = true;

-      virtualHosts =
-        #let
-        #  servicesDomain = "services.zerforschen.plus";
-        #  mkServiceConfig =
-        #    { host, port }:
-        #    {
-        #      addSSL = true;
-        #      enableACME = true;
-        #      locations."/" = {
-        #        proxyPass = "http://${host}:${toString port}/";
-        #        extraConfig = ''
-        #          # bind to tailscale ip
-        #          proxy_bind 100.88.118.60;
-        #          # pam auth
-        #          limit_except OPTIONS {
-        #            auth_pam  "Password Required";
-        #            auth_pam_service_name "nginx";
-        #          }
-        #        '';
-        #      };
-        #    };
-        #  pc2 = "vinzenz-pc2.donkey-pentatonic.ts.net";
-        #in
-        {
-          #"code.${servicesDomain}" = lib.mkMerge [
-          #  (mkServiceConfig {
-          #    host = pc2;
-          #    port = 8542;
-          #  })
-          #  { locations."/".proxyWebsockets = true; }
-          #];
-          #"view.${servicesDomain}" = mkServiceConfig {
-          #  host = pc2;
-          #  port = 1313;
-          #};
-
-          "zerforschen.plus" = {
-            addSSL = true;
-            enableACME = true;
-            locations."/" = {
-              proxyPass = "http://unix:" + anubis-domain-socket;
-            };
-          };
-
-          "blog-in-anubis" = {
-            root = pkgs.zerforschen-plus-content;
-            listen = [
-              {
-                addr = "unix:" + blog-domain-socket;
-              }
-            ];
+      virtualHosts = {
+        "zerforschen.plus" = {
+          addSSL = true;
+          enableACME = true;
+          locations."/" = {
+            proxyPass = "http://unix:" + anubis-domain-socket;
          };
        };
+
+        "blog-in-anubis" = {
+          root = pkgs.zerforschen-plus-content;
+          listen = [
+            {
+              addr = "unix:" + blog-domain-socket;
+            }
+          ];
+        };
+      };
    };

    anubis.instances.main = {