Personal Nix setup
Update caddy config
+26
-8
+10
-2
modules/server/caddy.nix
+10
-2
modules/server/caddy.nix
···
55
55
}
56
56
'' else "";
57
57
58
-
knotConfig = if knotEnabled then ''
58
+
knotConfig = let
59
+
knotAddr = config.services.tangled.knot.server.listenAddr;
60
+
in if knotEnabled then ''
59
61
${cfg.tangled.hostname} {
60
62
log
61
63
request_body {
···
68
70
Strict-Transport-Security "max-age=31536000"
69
71
-Server
70
72
}
71
-
reverse_proxy ${config.services.tangled.knot.server.listenAddr} {
73
+
handle /events {
74
+
reverse_proxy ${knotAddr} {
75
+
header_up X-Real-IP {remote_host}
76
+
flush_interval -1
77
+
}
78
+
}
79
+
reverse_proxy ${knotAddr} {
72
80
header_up X-Real-IP {remote_host}
73
81
}
74
82
}
+1
modules/server/sshd.nix
+1
modules/server/sshd.nix
+15
-6
modules/server/tangled.nix
+15
-6
modules/server/tangled.nix
···
24
24
};
25
25
26
26
config = mkIf (cfg.enable && cfg.tangled.enable) {
27
-
services.tangled.knot = {
28
-
enable = true;
29
-
openFirewall = true;
30
-
server = {
31
-
hostname = cfg.tangled.hostname;
32
-
owner = cfg.tangled.owner;
27
+
services = {
28
+
tangled.knot = {
29
+
enable = true;
30
+
openFirewall = true;
31
+
server = {
32
+
hostname = cfg.tangled.hostname;
33
+
owner = cfg.tangled.owner;
34
+
};
35
+
};
36
+
37
+
openssh.settings = let
38
+
user = config.services.tangled.knot.gitUser;
39
+
in {
40
+
AllowUsers = [ user ];
41
+
AllowGroups = [ user ];
33
42
};
34
43
};
35
44