feat: Get ROCm working with flake
This commit is contained in:
parent
5284d6e596
commit
c20fd46f9f
6 changed files with 73 additions and 25 deletions
27
nginx.nix
27
nginx.nix
|
|
@ -1,21 +1,10 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
# Read multiple API keys from the secrets file at build time
|
||||
# Note: This embeds the secrets in the Nix store, which is a trade-off
|
||||
# Alternative: Keep secrets file and read via njs module or external auth service
|
||||
secretsFile = "/srv/nginx/secrets";
|
||||
|
||||
# Read API keys from file (one key per line, will be evaluated at build time)
|
||||
# If the file doesn't exist yet, this will fail - create it first
|
||||
apiKeysRaw = builtins.readFile secretsFile;
|
||||
apiKeys = lib.filter (k: k != "") (lib.splitString "\n" apiKeysRaw);
|
||||
|
||||
# Generate map entries for each key
|
||||
mapEntries = lib.concatMapStringsSep "\n "
|
||||
(key: ''"Bearer ${key}" "authorized";'')
|
||||
apiKeys;
|
||||
|
||||
# NOTE: API keys will be loaded from /srv/nginx/secrets at runtime
|
||||
# This file should contain one Bearer token per line
|
||||
# The secrets file is read at runtime via include directive instead of build time
|
||||
# to avoid flake purity issues
|
||||
in
|
||||
{
|
||||
services.nginx = {
|
||||
|
|
@ -31,12 +20,16 @@ in
|
|||
mapHashBucketSize = 128;
|
||||
|
||||
# Map directive to check Authorization header against multiple keys
|
||||
# Keys are loaded from /srv/nginx/secrets.map at runtime
|
||||
appendHttpConfig = ''
|
||||
# Check if the Authorization header matches any expected value
|
||||
map $http_authorization $auth_status {
|
||||
default "unauthorized";
|
||||
"" "no_auth";
|
||||
${mapEntries}
|
||||
# Add your Bearer tokens here manually, or use include directive
|
||||
# Format: "Bearer YOUR_TOKEN_HERE" "authorized";
|
||||
# You can also create /srv/nginx/secrets.map and include it:
|
||||
# include /srv/nginx/secrets.map;
|
||||
}
|
||||
'';
|
||||
|
||||
|
|
@ -66,7 +59,7 @@ in
|
|||
locations."/blog/private/" = {
|
||||
extraConfig = ''
|
||||
auth_basic "Private Articles";
|
||||
auth_basic_user_file /srv/nginx/.htpasswd;
|
||||
auth_basic_user_file "/srv/nginx/.htpasswd";
|
||||
|
||||
# Enable Server Side Includes
|
||||
ssi on;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue