ivandimitrov8080/configuration.nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nginx module

Browse Source
This commit is contained in:
Ivan Kirilov Dimitrov 2024-08-05 18:25:15 +02:00
parent 1bd5b467ae
commit 7d7c00de4f
No known key found for this signature in database
GPG Key ID: 0BDAD4B211C49294
3 changed files with 96 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
hosts/vps/mailserver/default.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }: { { pkgs, ... }: {
fileSystems."/mnt/export1981" = { fileSystems."/mnt/export1981" = {
device = "172.16.128.47:/nas/5490"; device = "172.16.128.47:/nas/5490";
@ -101,39 +101,6 @@
PermitRootLogin = "prohibit-password"; PermitRootLogin = "prohibit-password";
}; };
}; };
postgresql = {
enable = true;
ensureUsers = [
{
name = "root";
ensureClauses = {
superuser = true;
createrole = true;
createdb = true;
};
}
];
};
gitea = {
enable = true;
appName = "src";
database = {
type = "postgres";
};
settings = {
server = {
DOMAIN = "src.idimitrov.dev";
ROOT_URL = "https://src.idimitrov.dev/";
HTTP_PORT = 3001;
};
repository = {
DEFAULT_BRANCH = "master";
};
service = {
DISABLE_REGISTRATION = true;
};
};
};
dnscrypt-proxy2 = { dnscrypt-proxy2 = {
enable = true; enable = true;
settings = { settings = {
@ -159,63 +126,6 @@
}; };
}; };
}; };
nginx =
let
webshiteConfig = ''
add_header 'Referrer-Policy' 'origin-when-cross-origin';
add_header X-Content-Type-Options nosniff;
'';
extensions = [ "html" "txt" "png" "jpg" "jpeg" ];
serveStatic = exts: ''
try_files $uri $uri/ ${pkgs.lib.strings.concatStringsSep " " (builtins.map (x: "$uri." + "${x}") exts)} =404;
'';
in
{
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
virtualHosts = {
"idimitrov.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
root = "${pkgs.webshite}";
extraConfig = serveStatic extensions;
};
extraConfig = webshiteConfig;
};
"www.idimitrov.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
root = "${pkgs.webshite}";
extraConfig = serveStatic extensions;
};
extraConfig = webshiteConfig;
};
"src.idimitrov.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3001";
};
};
"pic.idimitrov.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
root = "/var/pic";
extraConfig = ''
autoindex on;
${serveStatic ["png"]}
'';
};
};
};
};
}; };
systemd = { systemd = {
timers = { timers = {

2
nixos/configs/default.nix
View File

@ -22,7 +22,7 @@ in
nova-nonya = novaConfig (with mods; [ ivand anon cryptocurrency ]); nova-nonya = novaConfig (with mods; [ ivand anon cryptocurrency ]);
nova-ai = novaConfig (with mods; [ ivand ai ]); nova-ai = novaConfig (with mods; [ ivand ai ]);
install-iso = configWithModules { modules = (with mods; [ grub base shell wireless ]); }; install-iso = configWithModules { modules = (with mods; [ grub base shell wireless ]); };
vps = configWithModules { modules = (with mods; [ base shell security vps mailserver ]); }; vps = configWithModules { modules = (with mods; [ base shell security vps mailserver nginx ]); };
stara-miner = configWithModules { modules = (essential ++ [ mods.monero-miner ]); }; stara-miner = configWithModules { modules = (essential ++ [ mods.monero-miner ]); };
}; };
} }

94
nixos/modules/default.nix
View File

@ -314,5 +314,99 @@ top@{ inputs, moduleWithSystem, ... }: {
}; };
}; };
}); });
nginx = moduleWithSystem (toplevel@{ ... }: perSystem@{ config, pkgs, ... }: {
services = {
nginx =
let
webshiteConfig = ''
add_header 'Referrer-Policy' 'origin-when-cross-origin';
add_header X-Content-Type-Options nosniff;
'';
extensions = [ "html" "txt" "png" "jpg" "jpeg" ];
serveStatic = exts: ''
try_files $uri $uri/ ${pkgs.lib.strings.concatStringsSep " " (builtins.map (x: "$uri." + "${x}") exts)} =404;
'';
in
{
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
virtualHosts = {
"idimitrov.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
root = "${pkgs.webshite}";
extraConfig = serveStatic extensions;
};
extraConfig = webshiteConfig;
};
"www.idimitrov.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
root = "${pkgs.webshite}";
extraConfig = serveStatic extensions;
};
extraConfig = webshiteConfig;
};
"src.idimitrov.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3001";
};
};
"pic.idimitrov.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
root = "/var/pic";
extraConfig = ''
autoindex on;
${serveStatic ["png"]}
'';
};
};
};
};
gitea = {
enable = true;
appName = "src";
database = {
type = "postgres";
};
settings = {
server = {
DOMAIN = "src.idimitrov.dev";
ROOT_URL = "https://src.idimitrov.dev/";
HTTP_PORT = 3001;
};
repository = {
DEFAULT_BRANCH = "master";
};
service = {
DISABLE_REGISTRATION = true;
};
};
};
postgresql = {
enable = true;
ensureUsers = [
{
name = "root";
ensureClauses = {
superuser = true;
createrole = true;
createdb = true;
};
}
];
};
};
});
}; };
} }