diff --git a/flake.lock b/flake.lock index ce8318f..cd0b2de 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1709336216, - "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", + "lastModified": 1706830856, + "narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", + "rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1709988192, - "narHash": "sha256-qxwIkl85P0I1/EyTT+NJwzbXdOv86vgZxcv4UKicjK8=", + "lastModified": 1709204054, + "narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=", "owner": "nix-community", "repo": "home-manager", - "rev": "b0b0c3d94345050a7f86d1ebc6c56eea4389d030", + "rev": "2f3367769a93b226c467551315e9e270c3f78b15", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709703039, - "narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=", + "lastModified": 1709150264, + "narHash": "sha256-HofykKuisObPUfj0E9CJVfaMhawXkYx3G8UIFR/XQ38=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d", + "rev": "9099616b93301d5cf84274b184a3a5ec69e94e08", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1710013455, - "narHash": "sha256-qzOpU4APTso6JLA+/F4zlO/yL8++n/CsUpmxbQAsy/4=", + "lastModified": 1709206595, + "narHash": "sha256-lBU/gE7DiJCNkJGPVUms0zA0hxzDVgENIXfebj1oeLc=", "owner": "nix-community", "repo": "NUR", - "rev": "cf1e9b0e085368cc489c765f285f1d07c2ec8d36", + "rev": "fbe8df1c13fd8e63e35c2c4654104661eb1fbbed", "type": "github" }, "original": { diff --git a/modules/nixos/services/lohr/default.nix b/modules/nixos/services/lohr/default.nix index 21aadba..dd4eea8 100644 --- a/modules/nixos/services/lohr/default.nix +++ b/modules/nixos/services/lohr/default.nix @@ -59,6 +59,21 @@ in "LOHR_HOME=${lohrHome}" "LOHR_CONFIG=" ]; + ExecStartPre = lib.mkIf (cfg.sshKeyFile != null) ''+${ + pkgs.writeScript "copy-ssh-key" '' + #!${pkgs.bash}/bin/bash + # Ensure the key is not there + mkdir -p '${lohrHome}/.ssh' + rm -f '${lohrHome}/.ssh/id_ed25519' + + # Move the key into place + cp ${cfg.sshKeyFile} '${lohrHome}/.ssh/id_ed25519' + + # Fix permissions + chown -R lohr:lohr '${lohrHome}/.ssh' + chmod -R 0700 '${lohrHome}/.ssh' + '' + }''; ExecStart = let configFile = settingsFormat.generate "lohr-config.yaml" cfg.setting; @@ -88,24 +103,5 @@ in inherit (cfg) port; }; }; - - # SSH key provisioning - systemd.tmpfiles.settings."10-lohr" = lib.mkIf (cfg.sshKeyFile != null) { - "${lohrHome}/.ssh" = { - d = { - user = "lohr"; - group = "lohr"; - mode = "0700"; - }; - }; - "${lohrHome}/.ssh/id_ed25519" = { - "f+" = { - user = "lohr"; - group = "lohr"; - mode = "0700"; - argument = cfg.sshKeyFile; - }; - }; - }; }; } diff --git a/modules/nixos/services/vikunja/default.nix b/modules/nixos/services/vikunja/default.nix index 6e7700f..9767d00 100644 --- a/modules/nixos/services/vikunja/default.nix +++ b/modules/nixos/services/vikunja/default.nix @@ -30,6 +30,8 @@ in frontendScheme = "https"; frontendHostname = vikunjaDomain; + setupNginx = false; + database = { type = "postgres"; user = "vikunja"; @@ -59,11 +61,28 @@ in # This is a weird setup my.services.nginx.virtualHosts = { ${subdomain} = { - socket = socketPath; + # Serve the root for the web-ui + root = config.services.vikunja.package-frontend; + + extraConfig = { + locations = { + "/" = { + tryFiles = "try_files $uri $uri/ /"; + }; + + # Serve the API through a UNIX socket + "~* ^/(api|dav|\\.well-known)/" = { + proxyPass = "http://unix:${socketPath}"; + extraConfig = '' + client_max_body_size 20M; + ''; + }; + }; + }; }; }; - systemd.services.vikunja = { + systemd.services.vikunja-api = { serviceConfig = { # Use a system user to simplify using the CLI DynamicUser = lib.mkForce false;