coolneng/zion
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: coolneng:e65f322cfb2ab418c5a87413e247845df9a6f02a
Branches Tags
coolneng:master
...
compare: coolneng:9bea2be94e5e85585fab1bd1910b8df2fc5d70da
Branches Tags
coolneng:master

2 Commits
e65f322cfb ... 9bea2be94e

Author SHA1 Message Date
coolneng
9bea2be94e
Refactor nginx configuration 2021-02-03 03:56:59 +01:00
coolneng
37396a628c
Mount firmware partition at /boot 2021-02-03 03:41:40 +01:00
3 changed files with 20 additions and 19 deletions
Show Stats Expand all files Collapse all files

8
configuration.nix
View File

@ -4,8 +4,12 @@
# A bunch of boot parameters needed for optimal runtime on RPi 4B # A bunch of boot parameters needed for optimal runtime on RPi 4B
boot.kernelPackages = pkgs.linuxPackages_rpi4; boot.kernelPackages = pkgs.linuxPackages_rpi4;
boot.kernelParams = boot.kernelParams = [
[ "zfs.zfs_arc_max=134217728" "console=TTYAMA0,115200" "console=tty1" ]; "zfs.zfs_arc_max=134217728"
"console=TTYAMA0,115200"
"console=tty1"
"8250.nr_uarts=1"
];
boot.loader.raspberryPi = { boot.loader.raspberryPi = {
enable = true; enable = true;
version = 4; version = 4;

5
modules/hardware-configuration.nix
View File

@ -16,6 +16,11 @@
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/2178-694E";
fsType = "vfat";
};
fileSystems."/vault" = { fileSystems."/vault" = {
device = "vault"; device = "vault";
fsType = "zfs"; fsType = "zfs";

26
modules/webstack.nix
View File

@ -23,9 +23,6 @@
} }
add_header Strict-Transport-Security $hsts_header; add_header Strict-Transport-Security $hsts_header;
# Enable CSP for your services.
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
# Minimize information leaked to other domains # Minimize information leaked to other domains
add_header 'Referrer-Policy' 'origin-when-cross-origin'; add_header 'Referrer-Policy' 'origin-when-cross-origin';
@ -46,18 +43,13 @@
"coolneng.duckdns.org" = { "coolneng.duckdns.org" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/radicale/" = { # Redirect from legacy subdirectory URL to subdomain
return = "301 https://radicale.coolneng.duckdns.org"; locations = {
}; "/radicale/".return = "301 https://radicale.coolneng.duckdns.org";
locations."/syncthing/" = { "/syncthing/".return = "301 https://sync.coolneng.duckdns.org";
return = "301 https://sync.coolneng.duckdns.org"; "/gitea/".extraConfig =
};
locations."/gitea/" = {
extraConfig =
"rewrite ^/gitea/(.*)$ https://git.coolneng.duckdns.org/$1 last;"; "rewrite ^/gitea/(.*)$ https://git.coolneng.duckdns.org/$1 last;";
}; "/miniflux/".extraConfig =
locations."/miniflux/" = {
extraConfig =
"rewrite ^/miniflux/(.*)$ https://rss.coolneng.duckdns.org/$1 last;"; "rewrite ^/miniflux/(.*)$ https://rss.coolneng.duckdns.org/$1 last;";
}; };
}; };
@ -75,17 +67,17 @@
"sync.coolneng.duckdns.org" = { "sync.coolneng.duckdns.org" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { proxyPass = "http://localhost:8384/"; }; locations."/".proxyPass = "http://localhost:8384/";
}; };
"git.coolneng.duckdns.org" = { "git.coolneng.duckdns.org" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { proxyPass = "http://localhost:3000/"; }; locations."/".proxyPass = "http://localhost:3000/";
}; };
"rss.coolneng.duckdns.org" = { "rss.coolneng.duckdns.org" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { proxyPass = "http://localhost:8080/"; }; locations."/".proxyPass = "http://localhost:8080/";
}; };
"matrix.coolneng.duckdns.org" = { "matrix.coolneng.duckdns.org" = {
enableACME = true; enableACME = true;