coolneng/zion
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: coolneng:9bea2be94e5e85585fab1bd1910b8df2fc5d70da
Branches Tags
coolneng:master
..
compare: coolneng:e65f322cfb2ab418c5a87413e247845df9a6f02a
Branches Tags
coolneng:master

No commits in common. "9bea2be94e5e85585fab1bd1910b8df2fc5d70da" and "e65f322cfb2ab418c5a87413e247845df9a6f02a" have entirely different histories.
9bea2be94e ... e65f322cfb

3 changed files with 19 additions and 20 deletions
Show Stats Expand all files Collapse all files

8
configuration.nix
View File

@ -4,12 +4,8 @@
# A bunch of boot parameters needed for optimal runtime on RPi 4B
boot.kernelPackages = pkgs.linuxPackages_rpi4;
boot.kernelParams = [
"zfs.zfs_arc_max=134217728"
"console=TTYAMA0,115200"
"console=tty1"
"8250.nr_uarts=1"
];
boot.kernelParams =
[ "zfs.zfs_arc_max=134217728" "console=TTYAMA0,115200" "console=tty1" ];
boot.loader.raspberryPi = {
enable = true;
version = 4;

5
modules/hardware-configuration.nix
View File

@ -16,11 +16,6 @@
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/2178-694E";
fsType = "vfat";
};
fileSystems."/vault" = {
device = "vault";
fsType = "zfs";

26
modules/webstack.nix
View File

@ -23,6 +23,9 @@
}
add_header Strict-Transport-Security $hsts_header;
# Enable CSP for your services.
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
# Minimize information leaked to other domains
add_header 'Referrer-Policy' 'origin-when-cross-origin';
@ -43,13 +46,18 @@
"coolneng.duckdns.org" = {
enableACME = true;
forceSSL = true;
# Redirect from legacy subdirectory URL to subdomain
locations = {
"/radicale/".return = "301 https://radicale.coolneng.duckdns.org";
"/syncthing/".return = "301 https://sync.coolneng.duckdns.org";
"/gitea/".extraConfig =
locations."/radicale/" = {
return = "301 https://radicale.coolneng.duckdns.org";
};
locations."/syncthing/" = {
return = "301 https://sync.coolneng.duckdns.org";
};
locations."/gitea/" = {
extraConfig =
"rewrite ^/gitea/(.*)$ https://git.coolneng.duckdns.org/$1 last;";
"/miniflux/".extraConfig =
};
locations."/miniflux/" = {
extraConfig =
"rewrite ^/miniflux/(.*)$ https://rss.coolneng.duckdns.org/$1 last;";
};
};
@ -67,17 +75,17 @@
"sync.coolneng.duckdns.org" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://localhost:8384/";
locations."/" = { proxyPass = "http://localhost:8384/"; };
};
"git.coolneng.duckdns.org" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://localhost:3000/";
locations."/" = { proxyPass = "http://localhost:3000/"; };
};
"rss.coolneng.duckdns.org" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://localhost:8080/";
locations."/" = { proxyPass = "http://localhost:8080/"; };
};
"matrix.coolneng.duckdns.org" = {
enableACME = true;