pub-solar/os
5
0
Fork 2
Code Issues 4 Pull requests Packages Projects 1 Releases Wiki Activity

dont use nginx in front of restic http server

Browse source
This commit is contained in:
Hendrik Sokolowski 2023-10-29 00:38:56 +02:00
parent 6bd1909c3b
commit be8bb83ab2
1 changed files with 9 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
hosts/cox/backup.nix
View file

@ -3,29 +3,19 @@
config, config,
pkgs, pkgs,
... ...
}: { }:
let
resticListenPort = 18000;
in
{
age.secrets.backup_restic_htpasswd = { age.secrets.backup_restic_htpasswd = {
file = "${self}/secrets/cox_backup_restic_htpasswd.age"; file = "${self}/secrets/cox_backup_restic_htpasswd.age";
owner = "${toString config.ids.uids.restic}"; owner = "${toString config.ids.uids.restic}";
}; };
services.nginx = { networking.firewall.allowedTCPPorts = [ resticListenPort ];
enable = true;
clientMaxBodySize = "1G";
virtualHosts."backup.local" = {
locations."/" = {
proxyPass = "http://127.0.0.1:18000";
extraConfig = ''
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
proxy_set_header Host ''$host;
proxy_set_header X-Forwarded-For ''$remote_addr;
'';
};
};
};
containers."backup" = { containers."backup" = {
autoStart = true; autoStart = true;
ephemeral = true; ephemeral = true;
@ -49,7 +39,7 @@
services.restic.server = { services.restic.server = {
enable = true; enable = true;
listenAddress = "0.0.0.0:18000"; listenAddress = "0.0.0.0:${toString resticListenPort}";
privateRepos = true; privateRepos = true;
extraFlags = [ extraFlags = [
"--append-only" "--append-only"