Compare commits
1 Commits
Author | SHA1 | Date |
---|---|---|
Izorkin | 3f726cdf60 |
|
@ -27,6 +27,7 @@ in
|
|||
./resources/limits.nix
|
||||
./videomeet/jitsi.nix
|
||||
./git/gitea.nix
|
||||
./local/services/wiki-js.nix
|
||||
];
|
||||
|
||||
nixpkgs.overlays = [ (nix-overlay) ];
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
{ lib, ... }:
|
||||
{
|
||||
systemd.services.wiki-js = {
|
||||
requires = [ "postgresql.service" ];
|
||||
after = [ "postgresql.service" ];
|
||||
};
|
||||
|
||||
services.postgresql = {
|
||||
enable = lib.mkOverride 1100 true;
|
||||
ensureDatabases = [ "wiki" ];
|
||||
ensureUsers = [
|
||||
{ name = "wiki-js";
|
||||
ensurePermissions."DATABASE wiki" = "ALL PRIVILEGES";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
services.wiki-js = {
|
||||
enable = true;
|
||||
settings = {
|
||||
bindIP = "127.0.0.1";
|
||||
port = 3010;
|
||||
db = {
|
||||
host = "/run/postgresql";
|
||||
user = "wiki-js";
|
||||
};
|
||||
};
|
||||
stateDirectoryName = "wiki-js";
|
||||
};
|
||||
}
|
|
@ -150,6 +150,41 @@ in
|
|||
};
|
||||
};
|
||||
};
|
||||
"wiki.${domain}" = {
|
||||
sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
|
||||
sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
|
||||
root = "/var/empty";
|
||||
forceSSL = true;
|
||||
extraConfig = ''
|
||||
add_header Strict-Transport-Security $hsts_header;
|
||||
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
|
||||
add_header 'Referrer-Policy' 'origin-when-cross-origin';
|
||||
add_header X-Frame-Options DENY;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
|
||||
expires 10m;
|
||||
'';
|
||||
locations = {
|
||||
"/_assets/" = {
|
||||
extraConfig = ''
|
||||
alias ${pkgs.wiki-js}/assets/;
|
||||
try_files $uri =404;
|
||||
expires 7d;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
'';
|
||||
};
|
||||
"/" = {
|
||||
proxyPass = "http://127.0.0.1:3010";
|
||||
extraConfig = ''
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue