mirror of
https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git
synced 2024-11-25 12:31:27 +00:00
Merge pull request 'Disable password auth and allow serving static files at root domain' (#48) from inex-oct-31 into master
Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/pulls/48
This commit is contained in:
commit
f8befb0e3d
|
@ -25,6 +25,7 @@ in
|
||||||
"f+ /var/domain 0444 selfprivacy-api selfprivacy-api - ${domain}"
|
"f+ /var/domain 0444 selfprivacy-api selfprivacy-api - ${domain}"
|
||||||
(if cfg.bitwarden.enable then "f /var/lib/bitwarden/.env 0640 vaultwarden vaultwarden - -" else "")
|
(if cfg.bitwarden.enable then "f /var/lib/bitwarden/.env 0640 vaultwarden vaultwarden - -" else "")
|
||||||
"d /var/sieve 0770 virtualMail virtualMail - -"
|
"d /var/sieve 0770 virtualMail virtualMail - -"
|
||||||
|
"d /var/www/root 0750 nginx nginx - -"
|
||||||
];
|
];
|
||||||
system.activationScripts =
|
system.activationScripts =
|
||||||
let
|
let
|
||||||
|
|
|
@ -187,7 +187,7 @@ in
|
||||||
description = ''
|
description = ''
|
||||||
Password authentication for SSH
|
Password authentication for SSH
|
||||||
'';
|
'';
|
||||||
default = true;
|
default = false;
|
||||||
type = types.nullOr types.bool;
|
type = types.nullOr types.bool;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -32,6 +32,11 @@ in
|
||||||
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
|
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
|
||||||
expires 10m;
|
expires 10m;
|
||||||
'';
|
'';
|
||||||
|
locations = {
|
||||||
|
"/" = {
|
||||||
|
root = "/var/www/root";
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
"vpn.${domain}" = {
|
"vpn.${domain}" = {
|
||||||
sslCertificate = "/var/lib/acme/wildcard-${domain}/fullchain.pem";
|
sslCertificate = "/var/lib/acme/wildcard-${domain}/fullchain.pem";
|
||||||
|
|
Loading…
Reference in a new issue