Compare commits

...

3 Commits

Author SHA1 Message Date
h7x4 d23adbd4c2 temmie/userweb: deny access to documentRoot 2026-06-17 08:49:44 +09:00
h7x4 48c0a4e504 temmie/userweb: fix directory denylist enforcement 2026-06-17 08:23:08 +09:00
h7x4 374d9b1bc7 flake.nix: passthru machine config, pkgs and config.system.build
This shortens down the path needed to build both overlayed packages and
all the other machine derivations. Here are some examples:

```
nix build .#machine.etc
nix build '.#machine.units."nginx.service".unit'
nix build .#machine.pkgs.overlayed-package
nix build .#machine.config.services.nginx.package
```
2026-06-17 08:10:17 +09:00
2 changed files with 24 additions and 15 deletions
+6 -1
View File
@@ -369,7 +369,12 @@
// //
# Machines # Machines
lib.genAttrs allMachines lib.genAttrs allMachines
(machine: self.nixosConfigurations.${machine}.config.system.build.toplevel) (machine: self.nixosConfigurations.${machine}.config.system.build.toplevel.overrideAttrs (prev: {
passthru =
(prev.passthru or { })
// self.nixosConfigurations.${machine}.config.system.build
// { inherit (self.nixosConfigurations.${machine}) pkgs config; };
}))
// //
# Nix-topology # Nix-topology
(let (let
+18 -14
View File
@@ -63,6 +63,10 @@ in
]; ];
extraConfig = '' extraConfig = ''
<Directory "${pkgs.emptyDirectory}">
Require all denied
</Directory>
CustomLog "${cfg.logDir}/access.log" combined CustomLog "${cfg.logDir}/access.log" combined
CustomLog "/run/httpd-log-processor-access.fifo" combined CustomLog "/run/httpd-log-processor-access.fifo" combined
ErrorLog "/run/httpd-log-processor-error.fifo" ErrorLog "/run/httpd-log-processor-error.fifo"
@@ -107,25 +111,25 @@ in
</Directory> </Directory>
${lib.concatMapStringsSep "\n" (d: '' ${lib.concatMapStringsSep "\n" (d: ''
<Directory "${d}"> <DirectoryMatch "/${d}(/|$)">
Require all denied Require all denied
</Directory> </DirectoryMatch>
'') [ '') [
".git" "\\.git"
".hg" "\\.hg"
".svn" "\\.svn"
".ssh" "\\.ssh"
".bzr" "\\.bzr"
".venv" "\\.venv"
"CVS" "CVS"
"RCS" "RCS"
"*.bak" ".*\\.bak"
"*.bak*" ".*\\.bak.*"
"*.bkp" ".*\\.bkp"
"*.bkp*" ".*\\.bkp.*"
"*.backup" ".*\\.backup"
"*.backup*" ".*\\.backup.*"
]} ]}
${lib.concatMapStringsSep "\n" (d: '' ${lib.concatMapStringsSep "\n" (d: ''