Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
c3f260370201169b39beaafc5499d53e29d14660
nixos/hosts/web-arm/sites/tandem.paraclub.at.nix
Dominik Polakovics 53d73142ae Add a11ywatch and related configurations for Podman and Nginx 
- Introduced a new module for a11ywatch with Podman support, creating a bridge network and defining backend and frontend containers.
- Configured Nginx to serve the a11ywatch application with SSL and ACME support.
- Added user and group configurations for a11ywatch.
- Created a systemd service to ensure the Podman network exists on boot.

Implement Firefox Container Controller extension and host

- Added a module for the Firefox Container Controller extension, allowing installation via Nix.
- Created a native messaging host for the extension to communicate with the container controller.
- Included CLI helpers to enqueue commands for showing and hiding containers.

Enable fingerprint authentication in PAM

- Configured fingerprint authentication for login, sudo, and swaylock services.

Setup Raspberry Pi OS image creation script

- Developed a script to create a read-only Raspberry Pi OS Lite image with Snapcast client.
- Included configuration for Wi-Fi, hostname, and Snapcast server.
- Implemented user and group setup for Snapcast client and ensured necessary services are enabled.

Document Raspberry Pi Zero W setup instructions

- Added detailed instructions for configuring Raspberry Pi OS on Zero W, including disabling unused services and setting up Snapcast client.

Create test configuration script for NixOS

- Implemented a script to perform dry-builds for NixOS configurations, allowing for easy validation of host configurations.
2025-05-29 00:10:07 +02:00

48 lines
1.1 KiB
Nix
Raw Blame History

{ pkgs, lib, config, ... }:
let
domain = "tandem.paraclub.at";
dataDir = "/var/www/${domain}";
user = builtins.replaceStrings ["." "-"] ["_" "_"] domain;
in {
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
# acmeRoot = null;
acmeRoot = "/var/lib/acme/acme-challenge";
root = "${dataDir}";
locations."/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
locations."/".extraConfig = ''
index index.html;
try_files $uri $uri/ /index.html$is_args$args;
'';
locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
expires 365d;
add_header Pragma "public";
add_header Cache-Control "public";
'';
locations."~ [^/]\.php(/|$)".extraConfig = ''
deny all;
'';
};
users.users."${user}" = {
isNormalUser = true;
createHome = true;
home = dataDir;
homeMode= "770";
#home = "/home/${domain}";
group = "nginx";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTsI0YyToIokBIcSf6j70iI68pKd4fPkRpqByFkZLRB"
];
};
users.groups.${user} = {};
}
Reference in New Issue View Git Blame Copy Permalink