nftable-migration
1{
2 pkgs,
3 libx,
4 globals,
5 ...
6}:
7{
8 imports = [
9 ../common/services/bind.nix
10 ../common/services/prometheus-exporters-node.nix
11 ../common/services/prometheus-exporters-bind.nix
12 ];
13
14 networking.firewall.enable = false;
15
16 # TODO make it an option ? (otherwise I'll add it for all)
17 users.users.vincent.linger = true;
18
19 systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www/" ];
20 services = {
21 wireguard = {
22 enable = true;
23 ips = libx.wg-ips globals.machines.athena.net.vpn.ips;
24 endpoint = "${globals.net.vpn.endpoint}";
25 endpointPublicKey = "${globals.machines.kerkouane.net.vpn.pubkey}";
26 };
27 nginx = {
28 enable = true;
29 statusPage = true;
30 package = pkgs.nginxMainline.override (_old: {
31 modules = with pkgs.nginxModules; [
32 fancyindex
33 dav
34 ];
35 });
36 recommendedGzipSettings = true;
37 recommendedTlsSettings = true;
38 recommendedOptimisation = true;
39 virtualHosts."dav.athena.sbr.pm" = {
40 locations."/" = {
41 root = "/var/www/dav";
42 basicAuthFile = "/var/www/dav.auth";
43 extraConfig = ''
44 autoindex on;
45 set $x $uri$request_method;
46 if ($x ~ [^/]MKCOL$) {
47 rewrite ^(.*)$ $1/;
48 }
49 dav_methods PUT DELETE MKCOL COPY MOVE;
50 dav_ext_methods PROPFIND OPTIONS;
51 dav_access user:rw group:rw all:r;
52 client_body_temp_path /var/cache/nginx;
53 create_full_put_path on;
54 # add_header 'Access-Control-Allow-Origin' '$ALLOWED_ORIGIN' always;
55 # add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, MKCOL, COPY, MOVE, PROPFIND, OPTIONS' always;
56 # add_header 'Access-Control-Allow-Headers' 'Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization,X-CSRF-Token,Depth' always;
57 # add_header 'Access-Control-Allow-Credentials' 'true' always;
58 '';
59 };
60 };
61 };
62 };
63}