dont use nginx in front of restic http server

2023-10-29 00:38:56 +02:00 · 2023-10-29 00:38:56 +02:00 · be8bb83ab2
parent 6bd1909c3b
commit be8bb83ab2
1 changed files with 9 additions and 19 deletions
--- a/hosts/cox/backup.nix
+++ b/hosts/cox/backup.nix
@ -3,29 +3,19 @@
  config,
  pkgs,
  ...
-}: {
+}:
+
+let
+  resticListenPort = 18000;
+in
+{
  age.secrets.backup_restic_htpasswd = {
    file = "${self}/secrets/cox_backup_restic_htpasswd.age";
    owner = "${toString config.ids.uids.restic}";
  };

-  services.nginx = {
-    enable = true;
-    clientMaxBodySize = "1G";
-    virtualHosts."backup.local" = {
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:18000";
-        extraConfig = ''
-          proxy_connect_timeout 600;
-          proxy_send_timeout 600;
-          proxy_read_timeout 600;
-          send_timeout 600;
-          proxy_set_header Host ''$host;
-          proxy_set_header X-Forwarded-For ''$remote_addr;
-        '';
-      };
-    };
-  };
+  networking.firewall.allowedTCPPorts = [ resticListenPort ];
+
  containers."backup" = {
    autoStart = true;
    ephemeral = true;
@ -49,7 +39,7 @@

      services.restic.server = {
        enable = true;
-        listenAddress = "0.0.0.0:18000";
+        listenAddress = "0.0.0.0:${toString resticListenPort}";
        privateRepos = true;
        extraFlags = [
          "--append-only"