move dk-stage to datakami server
parent
04fa58722a
commit
b98abbf2af
|
@ -1,34 +1,7 @@
|
||||||
{ lib, ... }: {
|
{ lib, ... }: {
|
||||||
systemd.services.nginx.serviceConfig = {
|
|
||||||
ProtectHome = "tmpfs";
|
|
||||||
UMask = lib.mkForce "0022";
|
|
||||||
BindReadOnlyPaths = [ "/home/dk-stage/out" ];
|
|
||||||
};
|
|
||||||
systemd.tmpfiles.rules = [
|
|
||||||
"d /home/dk-stage 755 dk-stage dk-stage"
|
|
||||||
"d /home/dk-stage/out 755 dk-stage dk-stage"
|
|
||||||
];
|
|
||||||
users.users.dk-stage = {
|
|
||||||
home = "/home/dk-stage";
|
|
||||||
group = "dk-stage";
|
|
||||||
useDefaultShell = true;
|
|
||||||
isSystemUser = true;
|
|
||||||
openssh.authorizedKeys.keys = with (import ../sshkeys.nix); [
|
|
||||||
''command="rsync --server -logDtprcze.iLsfxCIvu --log-format=X --delete --partial . out/" ${dk-stage-deploy}''
|
|
||||||
];
|
|
||||||
createHome = false; # sets wrong permissions
|
|
||||||
};
|
|
||||||
users.groups.dk-stage = { };
|
|
||||||
services.nginx.virtualHosts."dk-stage.yori.cc" = {
|
services.nginx.virtualHosts."dk-stage.yori.cc" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
locations."/" = {
|
globalRedirect = "staging.datakami.nl";
|
||||||
root = "/home/dk-stage/out";
|
|
||||||
index = "index.html";
|
|
||||||
extraConfig = ''
|
|
||||||
try_files $uri.html $uri $uri/ /index.html;
|
|
||||||
error_page 404 /404.html;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue