tigor/NixOS
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
NixOS/system/services/cockpit.nix

35 lines
868 B
Nix
Raw Permalink Normal View History

system: added services config
2024-06-13 13:52:45 +07:00
{ config, lib, pkgs, ... }:
let
cfg = config.profile.services.cockpit;
caddy: moved reverse proxy config to secrets
2024-06-13 14:04:10 +07:00
inherit (lib) mkIf;
system: added services config
2024-06-13 13:52:45 +07:00
in
{
config = mkIf cfg.enable {
environment.systemPackages = mkIf config.profile.podman.enable [
(pkgs.callPackage ../packages/cockpit-podman.nix { })
];
cockpit: now remote access is denied by default. Require wireguard to access cockpit.
2024-07-28 21:05:39 +07:00
services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = /*caddyfile*/ ''
@denied not remote_ip private_ranges
respond @denied "Access denied" 403
forgejo: setup
2024-06-13 18:59:07 +07:00
reverse_proxy 0.0.0.0:9090
'';
cockpit: enabled storage monitoring via udisks2
2024-07-06 22:01:57 +07:00
services.udisks2.enable = true;
system: added services config
2024-06-13 13:52:45 +07:00
services.cockpit = {
enable = true;
openFirewall = true;
settings = {
WebService = {
AllowUnencrypted = true;
ProtocolHeader = "X-Forwarded-Proto";
ForwardedForHeader = "X-Forwarded-For";
};
Session = {
IdleTimeout = 120; # 2 hours.
};
};
};
};
}
Reference in a new issue Copy permalink