diff --git a/.gitattributes b/.gitattributes index c1101f8..23deab9 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,2 +1,3 @@ secrets.nix filter=git-crypt diff=git-crypt -secrets.yml filter=git-crypt diff=git-crypt \ No newline at end of file +secrets.yml filter=git-crypt diff=git-crypt +secrets.txt filter=git-crypt diff=git-crypt diff --git a/flake.nix b/flake.nix index 6bdbd29..9959439 100644 --- a/flake.nix +++ b/flake.nix @@ -40,10 +40,12 @@ # we only want nix hosts for this part, not all of the defined ones... nixHosts = (builtins.filter ({ nix ? true, ... }: nix) hosts'); + # We can't do partial application with //, so this solves it i guess... + merge = a: b: a // b; + # Convert a host from hosts.nix to something nixosConfigurations understands hostToConfig = z@{ hostname, nixname ? hostname, lxc ? true, ... }: - a: - a // { + merge { ${nixname} = mkConfig { name = nixname; lxc = lxc; @@ -52,14 +54,11 @@ # Same as above, but for the nodes part of deploy. hostToDeploy = z@{ hostname, nixname ? hostname, lxc ? true, ... }: - a: - a // { - ${nixname} = mkDeploy nixname; - }; + merge { ${nixname} = mkDeploy nixname; }; # And actually make the two sets. - configs = nixpkgs.lib.fold hostToConfig { } nixHosts; - nodes = nixpkgs.lib.fold hostToDeploy { } nixHosts; + configs = nixpkgs.lib.foldr hostToConfig { } nixHosts; + nodes = nixpkgs.lib.foldr hostToDeploy { } nixHosts; in { nixosConfigurations = configs; diff --git a/hosts/gitea/configuration.nix b/hosts/gitea/configuration.nix index 78013e8..6659887 100644 --- a/hosts/gitea/configuration.nix +++ b/hosts/gitea/configuration.nix @@ -18,7 +18,9 @@ in { # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "21.11"; # Did you read the comment? - environment.systemPackages = with pkgs; [ ]; + environment.systemPackages = with pkgs; [ + gnupg + ]; networking.firewall.enable = false; networking.firewall.allowedTCPPorts = [ 3000 ]; @@ -28,7 +30,6 @@ in { environment.etc.giteaPass = { enable = true; text = "x"; - user = "gitea2"; }; services.gitea = { diff --git a/hosts/nginx/configuration.nix b/hosts/nginx/configuration.nix index ca1e324..c1a3bd2 100644 --- a/hosts/nginx/configuration.nix +++ b/hosts/nginx/configuration.nix @@ -3,12 +3,25 @@ let proxy = url: { forceSSL = true; enableACME = true; + http2 = true; locations."/" = { proxyPass = url; proxyWebsockets = true; }; }; k8s_proxy = proxy "http://10.42.20.5:80/"; + big_proxy = url: { + forceSSL = true; + enableACME = true; + http2 = true; + locations."/" = { + proxyPass = url; + proxyWebsockets = true; + extraConfig = '' + client_max_body_size 0; + ''; + }; + }; in { imports = [ # Import common config @@ -42,6 +55,13 @@ in { virtualHosts."git.voidcorp.nl" = proxy "http://gitea.voidlocal:3000/"; + virtualHosts."www.galerievanslagmaat.nl" = { + forceSSL = true; + enableACME = true; + http2 = true; + globalRedirect = "galerievanslagmaat.nl"; + }; + virtualHosts."galerievanslagmaat.nl" = k8s_proxy; virtualHosts."staging.galerievanslagmaat.nl" = k8s_proxy; virtualHosts."groenehartansichtkaarten.nl" = k8s_proxy; @@ -49,7 +69,7 @@ in { virtualHosts."vaultwarden.voidcorp.nl" = proxy "http://10.42.20.4:8000/"; - virtualHosts."s3.voidcorp.nl" = proxy "http://10.42.20.6:9000/"; + virtualHosts."s3.voidcorp.nl" = big_proxy "http://10.42.20.6:9000/"; virtualHosts."explore.s3.voidcorp.nl" = proxy "http://10.42.20.6:9001/"; virtualHosts."registry.voidcorp.nl" = proxy "http://10.42.20.7:5000/"; virtualHosts."grafana.voidcorp.nl" = proxy "http://10.42.20.9:3000/";