1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-10 14:50:40 +02:00

fix: allow api server in firewall and add CORS header

This commit is contained in:
oddlama 2025-05-18 18:23:19 +02:00
parent 4c2f98f9e4
commit e24f9e4c0b
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
5 changed files with 43 additions and 0 deletions

View file

@ -80,6 +80,7 @@ in
client.via = "sentinel";
firewallRuleForNode.sentinel.allowedTCPPorts = [
80
8080
9000
];
};
@ -88,6 +89,7 @@ in
client.via = "ward";
firewallRuleForNode.ward-web-proxy.allowedTCPPorts = [
80
8080
9000
];
};
@ -173,6 +175,11 @@ in
mode = "440";
group = "ente";
};
age.secrets.ente-smtp-password = {
generator.script = "alnum";
mode = "440";
group = "ente";
};
services.minio = {
enable = true;
@ -206,6 +213,15 @@ in
rporigins = [ "https://${enteAccountsDomain}" ];
};
# FIXME: blocked on https://github.com/ente-io/ente/issues/5958
# smtp = {
# host = config.repo.secrets.local.ente.mail.host;
# port = 465;
# email = config.repo.secrets.local.ente.mail.from;
# username = config.repo.secrets.local.ente.mail.user;
# password._secret = config.age.secrets.ente-smtp-password.path;
# };
s3 = {
use_path_style_urls = true;
b2-eu-cen = {

Binary file not shown.

View file

@ -319,6 +319,9 @@ in
locations."/" = {
root = webPackage "accounts";
tryFiles = "$uri $uri.html /index.html";
extraConfig = ''
add_header Access-Control-Allow-Origin 'https://${cfgWeb.domains.api}';
'';
};
};
virtualHosts.${domainFor "cast"} = {
@ -326,6 +329,9 @@ in
locations."/" = {
root = webPackage "cast";
tryFiles = "$uri $uri.html /index.html";
extraConfig = ''
add_header Access-Control-Allow-Origin 'https://${cfgWeb.domains.api}';
'';
};
};
virtualHosts.${domainFor "photos"} = {
@ -336,6 +342,9 @@ in
locations."/" = {
root = webPackage "photos";
tryFiles = "$uri $uri.html /index.html";
extraConfig = ''
add_header Access-Control-Allow-Origin 'https://${cfgWeb.domains.api}';
'';
};
};
};

View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> X25519 uzx96W3LGgLuzEzAtwPjH+NX2vcv8ubqqX7YZiwQFgk
KlBmy7H6aMxmwulZOlTKZstIksYCO3ZmA5FRqPNRVdw
-> piv-p256 xqSe8Q A5M4BXtJeBxuptSTUikB5VMJKqOezt0LUujl++SkBK++
J7Qv3r/5PbZtDE3bSDDSrH1hCZAhIfvYYQASnftZiBw
-> ]#ef9-grease uUT
vopjT0SJXs4y/e11dxHdH6Jm4H7fPraQnQ
--- 8eRnzo0sQwqYPdMvoIe+yh7Z0XNz04qqmVDBiOiPuOI
0ÅŠÍ}*&¹ªn4¯X’–м{fˆÖ6Æ,!sݬ™Àòc´3
7új\â$…m[7“ˆªµ£Ÿ0:’êš¼˜3+H�ƒf%­òQ�SÏ–¡

View file

@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 JgWCuA q5Wp7aYyyaEavf6STF9SvQgmzdYXgTyGxGfmw3oSZiQ
NkBSO5mKfWLe191MADiA1/8UCEWYg1Wf19tDQzRKcuY
-> Tmk{-grease 8].Slcf
o7SZB2XURbUUce7EuhTa1K0fd40MXUyuDEu52sxbAO5w8f/o7NKhH0E6gxAomVFI
3+u4q5rBb2CgqJ7Ggu0BZF5pmVjYUZc8K6c4OzK2w5YwiZzmnw
--- CToVXazvableiflSVSRk1gN7L7+//TKkELjn7mJr3qw
–aPÆo‡Ö§çªI�c 6A¢ÇwÙÍ•üàR"ûÄY}E>()iD¸ÐØêÿL<„Jå*Ϊd�§kìh#3ÙýUšìŠ ±qÙ �+