diff --git a/hosts/thegeneralist-central/configuration.nix b/hosts/thegeneralist-central/configuration.nix index 1e5ec17..88eff86 100644 --- a/hosts/thegeneralist-central/configuration.nix +++ b/hosts/thegeneralist-central/configuration.nix @@ -15,6 +15,7 @@ extraGroups = [ "wheel" "audio" "video" "input" "scanner" "docker" ]; shell = pkgs.zsh; home = "/home/thegeneralist"; + homeMode = "0750"; hashedPasswordFile = config.age.secrets.password.path; openssh.authorizedKeys.keys = let inherit (import ../../keys.nix) thegeneralist; @@ -67,4 +68,3 @@ system.stateVersion = "24.11"; } - diff --git a/hosts/thegeneralist-central/forgejo/default.nix b/hosts/thegeneralist-central/forgejo/default.nix index 3ba7af7..1f54c11 100644 --- a/hosts/thegeneralist-central/forgejo/default.nix +++ b/hosts/thegeneralist-central/forgejo/default.nix @@ -148,6 +148,7 @@ in users.users.gitea-runner = { isSystemUser = true; group = "gitea-runner"; + extraGroups = [ "users" ]; home = "/var/lib/gitea-runner/central"; createHome = true; }; diff --git a/hosts/thegeneralist-central/site.nix b/hosts/thegeneralist-central/site.nix index 82a1c08..538f1ad 100644 --- a/hosts/thegeneralist-central/site.nix +++ b/hosts/thegeneralist-central/site.nix @@ -56,18 +56,21 @@ in virtualHosts."${family_domain}" = { root = "/var/www/${family_domain}/dist"; - locations."/".tryFiles = "$uri $uri.html $uri/ $uri/index.html =404"; + locations."/".tryFiles = "$uri $uri/index.html $uri.html =404"; extraConfig = '' - if ($http_x_forwarded_proto = "http") { - return 301 https://${family_domain}$request_uri; - } + absolute_redirect off; - location ~* \.(html|css|js|jpg|jpeg|png|gif|svg|ico|woff2?)$ { + location ~* \.(html|css|js|jpg|jpeg|png|gif|svg|ico)$ { expires 1d; add_header Cache-Control "public"; } + location ~* \.(ttf|woff2?)$ { + expires 1y; + add_header Cache-Control "public, immutable"; + } + error_page 404 /404.html; ''; };