crans
/
nixos
mirror of https://gitlab.crans.org/nounous/nixos
19
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Correction des permissions

merge-requests/18/head
korenstin 2025-06-28 09:54:55 +02:00
parent 1fe25c1b5f
commit abcf6977cc
2 changed files with 21 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/vm/reverseproxy/default.nix
View File

@ -140,6 +140,7 @@ in {
boot.loader.grub.devices = [ "/dev/sda" ]; boot.loader.grub.devices = [ "/dev/sda" ];
users.users."nginx".home = "/var/lib/nginx"; users.users."nginx".home = "/var/lib/nginx";
users.users."anubis".extraGroups = [ "nginx" ];
crans = { crans = {
enable = true; enable = true;

7
modules/services/reverseproxy.nix
View File

@ -95,7 +95,9 @@ in
}; };
config.services = mkIf cfg.enable { config.services = mkIf cfg.enable {
anubis.instances = mapAttrs ( anubis = {
defaultOptions.group = "nginx";
instances = mapAttrs (
vhostName: vhostConfig: { vhostName: vhostConfig: {
enable = true; enable = true;
settings = { settings = {
@ -104,7 +106,7 @@ in
TARGET = "unix:///run/nginx/nginx-${vhostName}.sock"; TARGET = "unix:///run/nginx/nginx-${vhostName}.sock";
COOKIE_DOMAIN = "crans.org"; COOKIE_DOMAIN = "crans.org";
REDIRECT_DOMAINS = "${vhostName}.crans.org"; REDIRECT_DOMAINS = "${vhostName}.crans.org";
SOCKET_MODE = "0666"; SOCKET_MODE = "0660";
POLICY_FNAME = POLICY_FNAME =
if (vhostConfig.anubisConfig == "") if (vhostConfig.anubisConfig == "")
then allowAll then allowAll
@ -112,6 +114,7 @@ in
}; };
} }
) cfg.virtualHosts; ) cfg.virtualHosts;
};
nginx = nginx =
let let