coolneng/zion
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: coolneng:9bea2be94e5e85585fab1bd1910b8df2fc5d70da
Branches Tags
coolneng:master
..
compare: coolneng:e65f322cfb2ab418c5a87413e247845df9a6f02a
Branches Tags
coolneng:master

No commits in common. "9bea2be94e5e85585fab1bd1910b8df2fc5d70da" and "e65f322cfb2ab418c5a87413e247845df9a6f02a" have entirely different histories.
9bea2be94e ... e65f322cfb

3 changed files with 19 additions and 20 deletions
Show Stats Expand all files Collapse all files

8
configuration.nix
View File

@ -4,12 +4,8 @@
# A bunch of boot parameters needed for optimal runtime on RPi 4B # A bunch of boot parameters needed for optimal runtime on RPi 4B
boot.kernelPackages = pkgs.linuxPackages_rpi4; boot.kernelPackages = pkgs.linuxPackages_rpi4;
boot.kernelParams = [ boot.kernelParams =
"zfs.zfs_arc_max=134217728" [ "zfs.zfs_arc_max=134217728" "console=TTYAMA0,115200" "console=tty1" ];
"console=TTYAMA0,115200"
"console=tty1"
"8250.nr_uarts=1"
];
boot.loader.raspberryPi = { boot.loader.raspberryPi = {
enable = true; enable = true;
version = 4; version = 4;

5
modules/hardware-configuration.nix
View File

@ -16,11 +16,6 @@
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/2178-694E";
fsType = "vfat";
};
fileSystems."/vault" = { fileSystems."/vault" = {
device = "vault"; device = "vault";
fsType = "zfs"; fsType = "zfs";

26
modules/webstack.nix
View File

@ -23,6 +23,9 @@
} }
add_header Strict-Transport-Security $hsts_header; add_header Strict-Transport-Security $hsts_header;
# Enable CSP for your services.
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
# Minimize information leaked to other domains # Minimize information leaked to other domains
add_header 'Referrer-Policy' 'origin-when-cross-origin'; add_header 'Referrer-Policy' 'origin-when-cross-origin';
@ -43,13 +46,18 @@
"coolneng.duckdns.org" = { "coolneng.duckdns.org" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
# Redirect from legacy subdirectory URL to subdomain locations."/radicale/" = {
locations = { return = "301 https://radicale.coolneng.duckdns.org";
"/radicale/".return = "301 https://radicale.coolneng.duckdns.org"; };
"/syncthing/".return = "301 https://sync.coolneng.duckdns.org"; locations."/syncthing/" = {
"/gitea/".extraConfig = return = "301 https://sync.coolneng.duckdns.org";
};
locations."/gitea/" = {
extraConfig =
"rewrite ^/gitea/(.*)$ https://git.coolneng.duckdns.org/$1 last;"; "rewrite ^/gitea/(.*)$ https://git.coolneng.duckdns.org/$1 last;";
"/miniflux/".extraConfig = };
locations."/miniflux/" = {
extraConfig =
"rewrite ^/miniflux/(.*)$ https://rss.coolneng.duckdns.org/$1 last;"; "rewrite ^/miniflux/(.*)$ https://rss.coolneng.duckdns.org/$1 last;";
}; };
}; };
@ -67,17 +75,17 @@
"sync.coolneng.duckdns.org" = { "sync.coolneng.duckdns.org" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/".proxyPass = "http://localhost:8384/"; locations."/" = { proxyPass = "http://localhost:8384/"; };
}; };
"git.coolneng.duckdns.org" = { "git.coolneng.duckdns.org" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/".proxyPass = "http://localhost:3000/"; locations."/" = { proxyPass = "http://localhost:3000/"; };
}; };
"rss.coolneng.duckdns.org" = { "rss.coolneng.duckdns.org" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/".proxyPass = "http://localhost:8080/"; locations."/" = { proxyPass = "http://localhost:8080/"; };
}; };
"matrix.coolneng.duckdns.org" = { "matrix.coolneng.duckdns.org" = {
enableACME = true; enableACME = true;