diff --git a/ops/nixos/rexxar/default.nix b/ops/nixos/rexxar/default.nix index 498f38caa8..55e417ab28 100644 --- a/ops/nixos/rexxar/default.nix +++ b/ops/nixos/rexxar/default.nix @@ -526,10 +526,20 @@ reverse_proxy unix//run/seaweedfs-filer/s3.sock ''; }; + virtualHosts."rexxar.as205479.net" = { + extraConfig = '' + handle_path /~samw/* { + root /home/samw/public_html + file_server browse + } + ''; + }; }; systemd.services.caddy.serviceConfig = { SupplementaryGroups = lib.mkAfter [ "acme" ]; + ProtectHome = lib.mkForce "tmpfs"; ReadOnlyPaths = lib.mkAfter [ "/var/lib/acme" ]; + BindReadOnlyPaths = lib.mkAfter [ "/home/samw/public_html" ]; }; my.fup.listen = [];