changes

2024-12-21 13:47:00 +01:00
parent c96c24f864
commit 44b47ce18c
24 changed files with 91 additions and 50 deletions
--- a/hosts/web-arm/modules/authelia/default.nix
+++ b/hosts/web-arm/modules/authelia/default.nix
@@ -40,11 +40,6 @@
      theme = "dark";
      default_redirection_url = "https://cloonar.com";
  
-      server = {
-        host = "127.0.0.1";
-        port = 9091;
-      };
-  
      # log = {
      #   level = "debug";
      #   format = "text";
@@ -227,6 +222,7 @@
              authorization_policy = "one_factor";
              redirect_uris = [ "https://support.cloonar.dev/oauth-login/callback/fryg87l64" ];
              pre_configured_consent_duration = "1y";
+              token_endpoint_auth_method = "client_secret_post";
              scopes = [
                "openid"
                "profile"
--- a/hosts/web-arm/modules/nextcloud/default.nix
+++ b/hosts/web-arm/modules/nextcloud/default.nix
@@ -23,7 +23,7 @@ in
      inherit (config.services.nextcloud.package.packages.apps) calendar contacts deck groupfolders mail richdocuments tasks;
      oidc_login = pkgs.fetchNextcloudApp rec {
        url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.1.1/oidc_login.tar.gz";
-        sha256 = "sha256-EVHDDFtz92lZviuTqr+St7agfBWok83HpfuL6DFCoTE=";
+        sha256 = "sha256-b/tKk+y+ZypCHGNDtunDua2msYD6/TzA0haoC0k85F4=";
        license = "gpl3";
      };
    };
--- a/hosts/web-arm/modules/web/typo3.nix
+++ b/hosts/web-arm/modules/web/typo3.nix
@@ -50,6 +50,14 @@ let
            Authorized keys for the typo3 instance ssh user.
          '';
        };
+
+        acmeRoot = mkOption {
+          type = types.nullOr types.str;
+          default = null;
+          description = lib.mdDoc ''
+            Directory for the ACME challenge, which is public. Don’t put certs or keys in here. Set to null to inherit from config.security.acme.
+          '';
+        };
      };
    };
 in
@@ -183,7 +191,7 @@ in
    nameValuePair domain {
      forceSSL = true;
      enableACME = true;
-      acmeRoot = null;
+      acmeRoot = instanceOpts.acmeRoot;
      root = cfg.dataDir + "/" + domain + "/current/public";
      serverAliases = instanceOpts.domainAliases;

@@ -337,13 +345,6 @@ in
        # access_log logs/static.log; # I don't usually include a static log
      '';

-      # Cache Media: images, icons, video, audio, HTC
-      locations."~* \\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|woff2)$".extraConfig = ''
-        expires 1y;
-        access_log off;
-        add_header Cache-Control "public";
-      '';
-
      # Feed
      locations."~* \\.(?:rss|atom)$".extraConfig = ''
        expires 1h;
@@ -351,7 +352,7 @@ in
      '';

      # Cache CSS, Javascript, Images, Icons, Video, Audio, HTC, Fonts
-      locations."~* \\.(?:css|js|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|woff2)$".extraConfig = ''
+      locations."~* \\.(?:css|js|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|webp|htc|woff2)$".extraConfig = ''
        expires 1y;
        access_log off;
        add_header Cache-Control "public";