From acf46cb576e8594c3285ee48b49f910952e337f9 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Wed, 14 Aug 2024 21:28:07 +0200 Subject: [PATCH] bekkalokk/gitea-web: host pages --- .../services/gitea/web-secret-provider/default.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/hosts/bekkalokk/services/gitea/web-secret-provider/default.nix b/hosts/bekkalokk/services/gitea/web-secret-provider/default.nix index 24cc64d..e502b19 100644 --- a/hosts/bekkalokk/services/gitea/web-secret-provider/default.nix +++ b/hosts/bekkalokk/services/gitea/web-secret-provider/default.nix @@ -59,7 +59,7 @@ in authorized-keys-path = "/var/lib/gitea-web/authorized_keys.d/%i"; rrsync-script = pkgs.writeShellScript "rrsync-chown" '' ${lib.getExe pkgs.rrsync} -wo "$1" - ${pkgs.coreutils}/bin/chown -R gitea-web:nginx "$1" + ${pkgs.coreutils}/bin/chown -R gitea-web:gitea-web "$1" ''; web-dir = "/var/lib/gitea-web/web"; }; @@ -103,4 +103,12 @@ in systemd.targets.timers.wants = map (org: "gitea-web-secret-provider@${org}.timer") organizations; services.openssh.authorizedKeysFiles = map (org: "/var/lib/gitea-web/authorized_keys.d/${org}") organizations; + + users.users.nginx.extraGroups = [ "gitea-web" ]; + services.nginx.virtualHosts."pages.pvv.ntnu.no" = { + kTLS = true; + forceSSL = true; + enableACME = true; + root = "/var/lib/gitea-web/web"; + }; }