From be8bb83ab2208dafeb9c756817cfb40648e7df54 Mon Sep 17 00:00:00 2001
From: Hendrik Sokolowski <hensoko@gssws.de>
Date: Sun, 29 Oct 2023 00:38:56 +0200
Subject: [PATCH] dont use nginx in front of restic http server

---
 hosts/cox/backup.nix | 28 +++++++++-------------------
 1 file changed, 9 insertions(+), 19 deletions(-)

diff --git a/hosts/cox/backup.nix b/hosts/cox/backup.nix
index 57f7c1a7..7d0504b2 100644
--- a/hosts/cox/backup.nix
+++ b/hosts/cox/backup.nix
@@ -3,29 +3,19 @@
   config,
   pkgs,
   ...
-}: {
+}:
+
+let
+  resticListenPort = 18000;
+in
+{
   age.secrets.backup_restic_htpasswd = {
     file = "${self}/secrets/cox_backup_restic_htpasswd.age";
     owner = "${toString config.ids.uids.restic}";
   };
 
-  services.nginx = {
-    enable = true;
-    clientMaxBodySize = "1G";
-    virtualHosts."backup.local" = {
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:18000";
-        extraConfig = ''
-          proxy_connect_timeout 600;
-          proxy_send_timeout 600;
-          proxy_read_timeout 600;
-          send_timeout 600;
-          proxy_set_header Host ''$host;
-          proxy_set_header X-Forwarded-For ''$remote_addr;
-        '';
-      };
-    };
-  };
+  networking.firewall.allowedTCPPorts = [ resticListenPort ];
+
   containers."backup" = {
     autoStart = true;
     ephemeral = true;
@@ -49,7 +39,7 @@
 
       services.restic.server = {
         enable = true;
-        listenAddress = "0.0.0.0:18000";
+        listenAddress = "0.0.0.0:${toString resticListenPort}";
         privateRepos = true;
         extraFlags = [
           "--append-only"