Merge pull request #20 from archtika/devel

Set prod module nix configuration
2025-11-22 02:41:35 +01:00 · 2024-12-08 18:03:15 +01:00
parent 5a9526174f a6c0cf5167
commit fe42f275a5
2 changed files with 24 additions and 6 deletions
--- a/nix/deploy/prod/default.nix
+++ b/nix/deploy/prod/default.nix
@@ -6,8 +6,9 @@
    ../../module.nix
  ];

-  networking.hostName = "archtika-prod";
+  networking.hostName = "archtika-demo";

+  /*
  services.archtika = {
    enable = true;
    package = localArchtikaPackage;
@@ -15,5 +16,11 @@
    acmeEmail = "thilo.hohlt@tutanota.com";
    dnsProvider = "porkbun";
    dnsEnvironmentFile = /var/lib/porkbun.env;
+    settings = {
+      disableRegistration = true;
+      maxWebsiteStorageSize = 50;
+      maxUserWebsites = 2;
+    };
  };
+  */
 }
--- a/nix/module.nix
+++ b/nix/module.nix
@@ -28,9 +28,13 @@ let
    RestrictRealtime = true;
    RestrictSUIDSGID = true;
    SystemCallArchitectures = "native";
-    SystemCallFilter = ["@system-service" "~@privileged" "~@resources"];
+    SystemCallFilter = [
+      "@system-service"
+      "~@privileged"
+      "~@resources"
+    ];

-    ReadWritePaths = ["/var/www/archtika-websites"];
+    ReadWritePaths = [ "/var/www/archtika-websites" ];
  };
 in
 {
@@ -154,7 +158,11 @@ in
        Restart = "always";
        WorkingDirectory = "${cfg.package}/rest-api";

-        RestrictAddressFamilies = ["AF_INET" "AF_INET6" "AF_UNIX"];
+        RestrictAddressFamilies = [
+          "AF_INET"
+          "AF_INET6"
+          "AF_UNIX"
+        ];
      };

      script = ''
@@ -181,7 +189,10 @@ in
        Restart = "always";
        WorkingDirectory = "${cfg.package}/web-app";

-        RestrictAddressFamilies = ["AF_INET" "AF_INET6"];
+        RestrictAddressFamilies = [
+          "AF_INET"
+          "AF_INET6"
+        ];
      };

      script = ''