changes to nginx for gollum

2025-05-19 10:56:05 -07:00 · 2023-09-12 22:20:31 -07:00 · 2023-09-12 22:20:31 -07:00 · 988b8b98df
commit 988b8b98df
parent b6c2823d29
1 changed files with 33 additions and 18 deletions
--- a/provision/nixos/hosts/torus/configuration.nix
+++ b/provision/nixos/hosts/torus/configuration.nix
@ -71,6 +71,9 @@
    unzip
    nnn
    docker-compose
+    python3
+    zk
+    gollum
  ];

  # Enable user services
@ -98,32 +101,44 @@
  networking.firewall.allowedTCPPorts = [ 80 443 ];
  networking.firewall.allowedUDPPorts = [ 80 443 ];

+  security.pam.services.nginx.setEnvironment = false;
+  systemd.services.nginx.serviceConfig = {
+    SupplementaryGroups = [ "shadow" ];
+  };
+
+  networking.nameservers = [ "8.8.8.8" "8.8.4.4" ];
+  
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
+    additionalModules = [ pkgs.nginxModules.pam ];
    virtualHosts = let
    SSL = { 
      enableACME = true; 
-        addSSL = true;
+      forceSSL = true;
    }; in {
-        #"tstarr.us" = (SSL // {
-        #  locations."/".proxyPass = "http://127.0.0.1:8080/"; 
-        #  serverAliases = [
-        #    "www.tstarr.us"
-        #  ];
-        #});
      "media.tstarr.us" = (SSL // {
-          locations."/".proxyPass = "http://127.0.0.1:8096/"; 
+        locations."/".proxyPass = "http://localhost:8096/"; 
      });
      "joplin.tstarr.us" = (SSL // {
-          locations."/".proxyPass = "http://127.0.0.1:22300/"; 
+        locations."/".proxyPass = "http://localhost:22300/"; 
+      });
+      "wiki.tstarr.us" = (SSL // {
+        locations."/".proxyPass = "http://localhost:4567/"; 
+        extraConfig = ''
+          auth_pam  "Password Required";
+          auth_pam_service_name "nginx";        
+        '';
      });
    };
  };

+
+
+
  # Enable modules
  imports = [ ../../modules ];
  modules = {