xin/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

massicot: fix cifs disk mount

Browse source
This commit is contained in:
xinyangli 2024-06-11 18:20:21 +08:00
parent 9ac58819e6
commit c21ce5dc81
Signed by: xin
SSH key fingerprint: SHA256:qZ/tzd8lYRtUFSrfBDBMcUqV4GHKxqeqRA3huItgvbk
1 changed files with 21 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
machines/massicot/services.nix
View file

@ -35,18 +35,23 @@ in
}; };
}; };
fileSystems = builtins.listToAttrs (map (share: { systemd.mounts = map (share: {
name = "/mnt/storage/${share}"; what = "//u380335-sub1.your-storagebox.de/u380335-sub1/${share}";
value = { where = "/mnt/storage/${share}";
device = "//u380335-sub1.your-storagebox.de/u380335-sub1/${share}"; type = "cifs";
fsType = "cifs"; options = "rw,uid=${share},gid=${share},credentials=${config.sops.secrets.storage_box_mount.path},_netdev,fsc";
options = ["uid=${share},gid=${share},credentials=${config.sops.secrets.storage_box_mount.path},rw,x-systemd.automount"]; before = [ "${share}.service" ];
}; after = [ "cachefilesd.service" ];
}) [ "forgejo" "gotosocial" "conduit" "hedgedoc" ] ); wantedBy = [ "${share}.service" ];
}) [ "forgejo" "gotosocial" "conduit" "hedgedoc" ];
services.cachefilesd.enable = true;
system.activationScripts = { system.activationScripts = {
conduit-media-link.text = '' conduit-media-link.text = ''
ln -snf /mnt/storage/conduit/media /var/lib/private/matrix-conduit/media mkdir -m 700 -p /var/lib/private/matrix-conduit/media
chown conduit:conduit /var/lib/private/matrix-conduit/media
mount --bind --verbose /mnt/storage/conduit/media /var/lib/private/matrix-conduit/media
''; '';
}; };
security.acme = { security.acme = {
@ -76,6 +81,8 @@ in
server_name = "xinyang.life"; server_name = "xinyang.life";
port = 6167; port = 6167;
# database_path = "/var/lib/matrix-conduit/"; # database_path = "/var/lib/matrix-conduit/";
max_concurrent_requests = 100;
log = "info";
database_backend = "rocksdb"; database_backend = "rocksdb";
allow_registration = false; allow_registration = false;
}; };
@ -153,22 +160,24 @@ in
virtualHosts."xinyang.life:443".extraConfig = '' virtualHosts."xinyang.life:443".extraConfig = ''
tls internal tls internal
encode zstd gzip encode zstd gzip
reverse_proxy /_matrix/* localhost:6167
handle_path /.well-known/matrix/client { handle_path /.well-known/matrix/client {
header Content-Type "application/json" header Content-Type "application/json"
header Access-Control-Allow-Origin "*" header Access-Control-Allow-Origin "*"
header Content-Disposition attachment; filename="client" header Content-Disposition attachment; filename="client"
respond `{"m.homeserver":{"base_url":"https://xinyang.life/"}, "org.matrix.msc3575.proxy":{"url":"https://xinyang.life/"}}` respond `{"m.homeserver":{"base_url":"https://msg.xinyang.life/"}, "org.matrix.msc3575.proxy":{"url":"https://msg.xinyang.life/"}}`
} }
handle_path /.well-known/matrix/server { handle_path /.well-known/matrix/server {
header Content-Type "application/json" header Content-Type "application/json"
header Access-Control-Allow-Origin "*" header Access-Control-Allow-Origin "*"
respond `{"m.server": "xinyang.life:443"}` respond `{"m.server": "msg.xinyang.life:443"}`
} }
reverse_proxy * http://localhost:8080 { reverse_proxy * http://localhost:8080 {
flush_interval -1 flush_interval -1
} }
''; '';
virtualHosts."https://msg.xinyang.life:443".extraConfig = ''
reverse_proxy /_matrix/* localhost:6167
'';
virtualHosts."https://git.xinyang.life:443".extraConfig = '' virtualHosts."https://git.xinyang.life:443".extraConfig = ''
reverse_proxy http://${config.services.gitea.settings.server.DOMAIN}:${toString config.services.gitea.settings.server.HTTP_PORT} reverse_proxy http://${config.services.gitea.settings.server.DOMAIN}:${toString config.services.gitea.settings.server.HTTP_PORT}
''; '';