Merge branch 'flakes' into flakes-test

This commit is contained in:
Alexander Tomokhov 2024-01-10 03:35:26 +04:00
commit e8842e455b
2 changed files with 4 additions and 20 deletions

View file

@ -3,5 +3,4 @@ config: rec {
secrets-filepath = "/etc/selfprivacy/secrets.json"; secrets-filepath = "/etc/selfprivacy/secrets.json";
db-pass-filepath = "/var/lib/nextcloud/db-pass"; db-pass-filepath = "/var/lib/nextcloud/db-pass";
admin-pass-filepath = "/var/lib/nextcloud/admin-pass"; admin-pass-filepath = "/var/lib/nextcloud/admin-pass";
hostName = "cloud.${sp.domain}";
} }

View file

@ -13,7 +13,8 @@
config = config =
let let
inherit (import ./common.nix config) inherit (import ./common.nix config)
sp secrets-filepath db-pass-filepath admin-pass-filepath hostName; sp secrets-filepath db-pass-filepath admin-pass-filepath;
hostName = "cloud.${sp.domain}";
in in
lib.mkIf sp.modules.nextcloud.enable { lib.mkIf sp.modules.nextcloud.enable {
fileSystems = lib.mkIf sp.useBinds { fileSystems = lib.mkIf sp.useBinds {
@ -52,7 +53,7 @@
inherit hostName; inherit hostName;
# Use HTTPS for links # Use HTTPS for links
https = false; https = true;
# auto-update Nextcloud Apps # auto-update Nextcloud Apps
autoUpdateApps.enable = true; autoUpdateApps.enable = true;
@ -65,7 +66,6 @@
dbtype = "sqlite"; dbtype = "sqlite";
dbuser = "nextcloud"; dbuser = "nextcloud";
dbhost = "/run/postgresql"; # nextcloud adds .s.PGSQL.5432 by itself
dbname = "nextcloud"; dbname = "nextcloud";
dbpassFile = db-pass-filepath; dbpassFile = db-pass-filepath;
adminpassFile = admin-pass-filepath; adminpassFile = admin-pass-filepath;
@ -73,23 +73,8 @@
}; };
}; };
services.nginx.virtualHosts.${hostName} = { services.nginx.virtualHosts.${hostName} = {
useACMEHost = config.selfprivacy.domain; useACMEHost = sp.domain;
forceSSL = true; forceSSL = true;
extraConfig = ''
add_header Strict-Transport-Security $hsts_header;
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
add_header 'Referrer-Policy' 'origin-when-cross-origin';
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
expires 10m;
'';
locations = {
"/" = {
proxyPass = "http://127.0.0.1:80/";
};
};
}; };
}; };
} }