Refactor nginx configuration

Mount firmware partition at /boot
2021-02-03 03:56:59 +01:00 · 2021-02-03 03:41:40 +01:00
3 changed files with 20 additions and 19 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -4,8 +4,12 @@

  # A bunch of boot parameters needed for optimal runtime on RPi 4B
  boot.kernelPackages = pkgs.linuxPackages_rpi4;
-  boot.kernelParams =
-    [ "zfs.zfs_arc_max=134217728" "console=TTYAMA0,115200" "console=tty1" ];
+  boot.kernelParams = [
+    "zfs.zfs_arc_max=134217728"
+    "console=TTYAMA0,115200"
+    "console=tty1"
+    "8250.nr_uarts=1"
+  ];
  boot.loader.raspberryPi = {
    enable = true;
    version = 4;
--- a/modules/hardware-configuration.nix
+++ b/modules/hardware-configuration.nix
@ -16,6 +16,11 @@
    fsType = "ext4";
  };

+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/2178-694E";
+    fsType = "vfat";
+  };
+
  fileSystems."/vault" = {
    device = "vault";
    fsType = "zfs";
--- a/modules/webstack.nix
+++ b/modules/webstack.nix
@ -23,9 +23,6 @@
      }
      add_header Strict-Transport-Security $hsts_header;

-      # Enable CSP for your services.
-      #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
-
      # Minimize information leaked to other domains
      add_header 'Referrer-Policy' 'origin-when-cross-origin';

@ -46,18 +43,13 @@
      "coolneng.duckdns.org" = {
        enableACME = true;
        forceSSL = true;
-        locations."/radicale/" = {
-          return = "301 https://radicale.coolneng.duckdns.org";
-        };
-        locations."/syncthing/" = {
-          return = "301 https://sync.coolneng.duckdns.org";
-        };
-        locations."/gitea/" = {
-          extraConfig =
+        # Redirect from legacy subdirectory URL to subdomain
+        locations = {
+          "/radicale/".return = "301 https://radicale.coolneng.duckdns.org";
+          "/syncthing/".return = "301 https://sync.coolneng.duckdns.org";
+          "/gitea/".extraConfig =
            "rewrite ^/gitea/(.*)$ https://git.coolneng.duckdns.org/$1 last;";
-        };
-        locations."/miniflux/" = {
-          extraConfig =
+          "/miniflux/".extraConfig =
            "rewrite ^/miniflux/(.*)$ https://rss.coolneng.duckdns.org/$1 last;";
        };
      };
@ -75,17 +67,17 @@
      "sync.coolneng.duckdns.org" = {
        enableACME = true;
        forceSSL = true;
-        locations."/" = { proxyPass = "http://localhost:8384/"; };
+        locations."/".proxyPass = "http://localhost:8384/";
      };
      "git.coolneng.duckdns.org" = {
        enableACME = true;
        forceSSL = true;
-        locations."/" = { proxyPass = "http://localhost:3000/"; };
+        locations."/".proxyPass = "http://localhost:3000/";
      };
      "rss.coolneng.duckdns.org" = {
        enableACME = true;
        forceSSL = true;
-        locations."/" = { proxyPass = "http://localhost:8080/"; };
+        locations."/".proxyPass = "http://localhost:8080/";
      };
      "matrix.coolneng.duckdns.org" = {
        enableACME = true;
Author	SHA1	Message	Date
coolneng	9bea2be94e	Refactor nginx configuration	2021-02-03 03:56:59 +01:00
coolneng	37396a628c	Mount firmware partition at /boot	2021-02-03 03:41:40 +01:00