mirror of
https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git
synced 2026-07-04 09:51:47 +02:00
Compare commits
2 Commits
main
...
05589e7520
| Author | SHA1 | Date | |
|---|---|---|---|
| 05589e7520 | |||
| b592f0100a |
@@ -7,6 +7,7 @@
|
||||
|
||||
./services/alps.nix
|
||||
./services/bluemap.nix
|
||||
./services/radicle.nix
|
||||
./services/idp-simplesamlphp
|
||||
./services/kerberos.nix
|
||||
./services/mediawiki
|
||||
|
||||
@@ -0,0 +1,40 @@
|
||||
{ config, lib, ... }:
|
||||
let
|
||||
domain = "dav.pvv.ntnu.no";
|
||||
radicalePort = 5232;
|
||||
in {
|
||||
services.radicale = {
|
||||
enable = true;
|
||||
|
||||
settings = {
|
||||
server = {
|
||||
hosts = [ "127.0.0.1:${toString radicalePort}" ];
|
||||
};
|
||||
|
||||
auth = {
|
||||
type = "imap";
|
||||
imap_host = "imap.pvv.ntnu.no";
|
||||
imap_security = "tls";
|
||||
};
|
||||
|
||||
storage = {
|
||||
filesystem_folder = "/var/lib/radicale/collections";
|
||||
};
|
||||
};
|
||||
};
|
||||
services.nginx.virtualHosts."${domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
kTLS = true;
|
||||
|
||||
extraConfig = ''
|
||||
client_max_body_size 128M;
|
||||
'';
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString radicalePort}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [ radicalePort ];
|
||||
}
|
||||
@@ -3,14 +3,15 @@
|
||||
let
|
||||
cfg = config.services.loki;
|
||||
stateDir = "/data/monitoring/loki";
|
||||
internalPort = 83100;
|
||||
in {
|
||||
services.loki = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
auth_enabled = false;
|
||||
server = {
|
||||
http_listen_port = 3100;
|
||||
http_listen_address = "0.0.0.0";
|
||||
http_listen_port = internalPort;
|
||||
http_listen_address = "127.0.0.1";
|
||||
grpc_listen_port = 9096;
|
||||
};
|
||||
|
||||
@@ -81,5 +82,21 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ cfg.configuration.server.http_listen_port ];
|
||||
services.nginx.virtualHosts."loki-internal" = {
|
||||
listen = [{
|
||||
addr = "0.0.0.0";
|
||||
port = 3100;
|
||||
ssl = false;
|
||||
}];
|
||||
locations = {
|
||||
"/loki/api/v1/push" = {
|
||||
proxyPass = "http://127.0.0.1:${toString internalPort}";
|
||||
};
|
||||
"/" = {
|
||||
return = "403";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 3100 ];
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user