Set prod module nix configuration

2025-11-22 10:51:36 +01:00 · 2024-12-08 18:01:48 +01:00
parent 18210d501b
commit a6c0cf5167
2 changed files with 24 additions and 6 deletions
--- a/nix/deploy/prod/default.nix
+++ b/nix/deploy/prod/default.nix
@@ -6,8 +6,9 @@
    ../../module.nix
  ];
-  networking.hostName = "archtika-prod";
+  networking.hostName = "archtika-demo";
  /*
  services.archtika = {
    enable = true;
    package = localArchtikaPackage;
@@ -15,5 +16,11 @@
    acmeEmail = "thilo.hohlt@tutanota.com";
    dnsProvider = "porkbun";
    dnsEnvironmentFile = /var/lib/porkbun.env;
    settings = {
      disableRegistration = true;
      maxWebsiteStorageSize = 50;
      maxUserWebsites = 2;
    };
  };
  */
 }
--- a/nix/module.nix
+++ b/nix/module.nix
@@ -28,9 +28,13 @@ let
    RestrictRealtime = true;
    RestrictSUIDSGID = true;
    SystemCallArchitectures = "native";
-    SystemCallFilter = ["@system-service" "~@privileged" "~@resources"];
+    SystemCallFilter = [
      "@system-service"
      "~@privileged"
      "~@resources"
    ];
-    ReadWritePaths = ["/var/www/archtika-websites"];
+    ReadWritePaths = [ "/var/www/archtika-websites" ];
  };
 in
 {
@@ -154,7 +158,11 @@ in
        Restart = "always";
        WorkingDirectory = "${cfg.package}/rest-api";
-        RestrictAddressFamilies = ["AF_INET" "AF_INET6" "AF_UNIX"];
+        RestrictAddressFamilies = [
          "AF_INET"
          "AF_INET6"
          "AF_UNIX"
        ];
      };
      script = ''
@@ -181,7 +189,10 @@ in
        Restart = "always";
        WorkingDirectory = "${cfg.package}/web-app";
-        RestrictAddressFamilies = ["AF_INET" "AF_INET6"];
+        RestrictAddressFamilies = [
          "AF_INET"
          "AF_INET6"
        ];
      };
      script = ''