Merge pull request 'Disable password auth and allow serving static files at root domain' (#48) from inex-oct-31 into master

Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/pulls/48
This commit is contained in:
Inex Code 2023-10-31 18:28:19 +02:00
commit f8befb0e3d
3 changed files with 7 additions and 1 deletions

View file

@ -25,6 +25,7 @@ in
"f+ /var/domain 0444 selfprivacy-api selfprivacy-api - ${domain}" "f+ /var/domain 0444 selfprivacy-api selfprivacy-api - ${domain}"
(if cfg.bitwarden.enable then "f /var/lib/bitwarden/.env 0640 vaultwarden vaultwarden - -" else "") (if cfg.bitwarden.enable then "f /var/lib/bitwarden/.env 0640 vaultwarden vaultwarden - -" else "")
"d /var/sieve 0770 virtualMail virtualMail - -" "d /var/sieve 0770 virtualMail virtualMail - -"
"d /var/www/root 0750 nginx nginx - -"
]; ];
system.activationScripts = system.activationScripts =
let let

View file

@ -187,7 +187,7 @@ in
description = '' description = ''
Password authentication for SSH Password authentication for SSH
''; '';
default = true; default = false;
type = types.nullOr types.bool; type = types.nullOr types.bool;
}; };
}; };

View file

@ -32,6 +32,11 @@ in
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
expires 10m; expires 10m;
''; '';
locations = {
"/" = {
root = "/var/www/root";
};
};
}; };
"vpn.${domain}" = { "vpn.${domain}" = {
sslCertificate = "/var/lib/acme/wildcard-${domain}/fullchain.pem"; sslCertificate = "/var/lib/acme/wildcard-${domain}/fullchain.pem";