vinzenz/nixos-configuration
0
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

clean up nginx config

Browse source
This commit is contained in:
Vinzenz Schroeter 2025-09-15 20:28:15 +02:00
parent 6754eed1d8
commit b646261dd5
1 changed files with 18 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

49
nixosConfigurations/hetzner-vpn2/nginx.nix
View file

@ -9,17 +9,9 @@ in
defaults.email = "acme@zerforschen.plus"; defaults.email = "acme@zerforschen.plus";
}; };
security.pam.services.nginx.setEnvironment = false;
systemd.services = { systemd.services = {
nginx.serviceConfig = { nginx.serviceConfig.SupplementaryGroups = [ "anubis" ];
SupplementaryGroups = [ anubis-main.serviceConfig.SupplementaryGroups = [ "nginx" ];
"shadow"
"anubis"
];
};
anubis-main.serviceConfig = {
SupplementaryGroups = [ "nginx" ];
};
}; };
services = { services = {
@ -32,42 +24,7 @@ in
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
virtualHosts = virtualHosts = {
#let
# servicesDomain = "services.zerforschen.plus";
# mkServiceConfig =
# { host, port }:
# {
# addSSL = true;
# enableACME = true;
# locations."/" = {
# proxyPass = "http://${host}:${toString port}/";
# extraConfig = ''
# # bind to tailscale ip
# proxy_bind 100.88.118.60;
# # pam auth
# limit_except OPTIONS {
# auth_pam "Password Required";
# auth_pam_service_name "nginx";
# }
# '';
# };
# };
# pc2 = "vinzenz-pc2.donkey-pentatonic.ts.net";
#in
{
#"code.${servicesDomain}" = lib.mkMerge [
# (mkServiceConfig {
# host = pc2;
# port = 8542;
# })
# { locations."/".proxyWebsockets = true; }
#];
#"view.${servicesDomain}" = mkServiceConfig {
# host = pc2;
# port = 1313;
#};
"zerforschen.plus" = { "zerforschen.plus" = {
addSSL = true; addSSL = true;
enableACME = true; enableACME = true;