curben
/
blog
mirror of https://gitlab.com/curben/blog
1
0
Fork 0
Code Issues Releases Wiki Activity

post(nixos): discourage nix-env

This commit is contained in:
Ming Di Leom 2024-07-25 10:55:33 +00:00
parent df9009f987
commit d2c6db25d3
No known key found for this signature in database
GPG Key ID: 32D3E28E96A695E8
3 changed files with 57 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
source/_posts/caddy-nixos-part-1.md
View File

@ -109,7 +109,7 @@ nixos-generate-config --root /mnt
# This is much less memory-intensive than `nix-env -i package`
# wormhole-william is Go-implementation of magic-wormhole
# Available in 20.09+
nix-env -f '<nixpkgs>' -iA google-authenticator p7zip usbguard wormhole-william
nix-shell -p google-authenticator p7zip usbguard wormhole-william
cd /tmp
wormhole-william receive configuration.7z

4
source/_posts/caddy-nixos-part-2.md
View File

@ -29,10 +29,10 @@ Following diagram shows the architecture behind this website.
## Prerequisites
Before proceeding to the rest of this guide, there are some system packages that you need to install.
Before proceeding to the rest of this guide, there are some packages that you need to install.
```
$ nix-env -f '<nixpkgs>' -iA google-authenticator p7zip usbguard wormhole-william
$ nix-shell -p google-authenticator p7zip usbguard wormhole-william
```
## Disable mutableUsers

11
source/_posts/caddy-nixos-part-3.md
View File

@ -53,7 +53,7 @@ A package is installed in `/nix/store/<hash>/` folder and that hash is what make
1. Locate the binary in "/nix/store" by checking `$ systemctl status caddy`. This is only available when caddy service is enabled in "configuration.nix". Disabling the service will remove the package.
2. Install it as a system package using `environment.systemPackages`.
3. Install it as a user package using `$ nix-env -f '<nixpkgs>' -iA caddy`.
3. Install it as a user package using Home Manager (recommended), [ad-hoc shell](https://nix.dev/tutorials/first-steps/ad-hoc-shell-environments.html) or `$ nix-env -iA nixpkgs.caddy` ([discouraged](https://stop-using-nix-env.privatevoid.net/)).
caddy.nix grants `CAP_NET_BIND_SERVICE` capability which is not needed in my use case because I'm not binding caddy to port < 1024.
@ -186,7 +186,7 @@ If you followed my {% post_link caddy-nixos-part-2 'Part 2' %} guide, you should
### Initial setup
Set up Caddy to listen on apex domain and www.* on port 4430
Set up Caddy to listen on apex domain and www.\* on port 4430
```plain Caddyfile
mdleom.com:4430 www.mdleom.com:4430 {
@ -270,18 +270,19 @@ In Caddyfile, the config can be expressed as:
To make sure Caddy sends the correct `Host:` header to the upstream/backend locations, I use `header_up` option,
{% codeblock mark:5,13,18 %}
handle /img/* {
handle /img/\* {
reverse_proxy https://cdn.statically.io {
header_up Host cdn.statically.io
}
}
handle_path /screenshot/* {
rewrite * /screenshot/mdleom.com{path}
handle*path /screenshot/* {
rewrite \_ /screenshot/mdleom.com{path}
reverse_proxy https://cdn.statically.io {
header_up Host cdn.statically.io
}
}
reverse_proxy https://curben.netlify.app {