Merge branch 'master' of git.yggdrasil.li:nixos

author: Gregor Kleen <gkleen@yggdrasil.li> 2015-11-07 21:34:35 +0000
committer: Gregor Kleen <gkleen@yggdrasil.li> 2015-11-07 21:34:35 +0000
commit: 72e7eff45ca594035fbe1e7edcc725398d69d278 (patch)
tree: d099667006d4f5998d9790255eab837abed9f9a3
parent: 2e197f1eb606cc7244d7e863086dcdfcfc5ccc2e (diff)
parent: e5899248bf45759565eb0bc2888dcedb3a6a63e8 (diff)
download: nixos-72e7eff45ca594035fbe1e7edcc725398d69d278.tar
nixos-72e7eff45ca594035fbe1e7edcc725398d69d278.tar.gz
nixos-72e7eff45ca594035fbe1e7edcc725398d69d278.tar.bz2
nixos-72e7eff45ca594035fbe1e7edcc725398d69d278.tar.xz
nixos-72e7eff45ca594035fbe1e7edcc725398d69d278.zip
2 files changed, 69 insertions, 2 deletions
diff --git a/custom/ymir.nginx b/custom/ymir.nginx
new file mode 100644
index 00000000..1fb0afcb
--- /dev/null
+++ b/custom/ymir.nginx
@@ -0,0 +1,62 @@
+default_type application/octet-stream;
+log_format main
+        '$remote_addr - $remote_user [$time_local] '
+        '"$request" $status $bytes_sent '
+        '"$http_referer" "$http_user_agent" '
+        '"$gzip_ratio"';
+client_header_timeout 10m;
+client_body_timeout 10m;
+send_timeout 10m;
+connection_pool_size 256;
+client_header_buffer_size 1k;
+large_client_header_buffers 4 2k;
+request_pool_size 4k;
+gzip on;
+gzip_min_length 1100;
+gzip_buffers 4 8k;
+gzip_types text/plain;
+output_buffers 1 32k;
+postpone_output 1460;
+sendfile on;
+tcp_nopush on;
+tcp_nodelay on;
+keepalive_timeout 75 20;
+ignore_invalid_headers on;
+server {
+  listen *:80;
+  listen [::]:80;
+  server_name dirty-haskell.org www.dirty-haskell.org;
+  root /srv/www/dirty-haskell.org;
+}
+server {
+  listen *:443 ssl;
+  listen [::]:443 ssl;
+  server_name dirty-haskell.org;
+  ssl_certificate /etc/nginx/ssl/dirty-haskell.org/fullchain.pem;
+  ssl_certificate_key /etc/nginx/ssl/dirty-haskell.org/privkey.pem;
+  root /srv/www/dirty-haskell.org;
+}
+server {
+  listen *:443 ssl;
+  listen [::]:443 ssl;
+  server_name www.dirty-haskell.org;
+  ssl_certificate /etc/nginx/ssl/www.dirty-haskell.org/fullchain.pem;
+  ssl_certificate_key /etc/nginx/ssl/www.dirty-haskell.org/privkey.pem;
+  root /srv/www/dirty-haskell.org;
+}
diff --git a/ymir.nix b/ymir.nix
index c64dea38..808b11bb 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -64,6 +64,8 @@ in {
                          5269 # xmpp.s2s
                          655 # tinc.yggdrasil
                          656 # tinc.laeradhr
+                          80 # http
+                          443 # https
                        ];
      allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh
                             ];
@@ -88,10 +90,8 @@ in {
  };
  nix.binaryCaches = [ "https://cache.nixos.org/"
-                       "https://hydra.nixos.org/"
                     ];
  nix.binaryCachePublicKeys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
-                                "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
                              ];
  # List services that you want to enable:
@@ -164,4 +164,9 @@ in {
      ip4 = [ { address = "10.142.0.3"; prefixLength = 16; } ];
    };
    });
+  services.nginx = {
+    enable = true;
+    httpConfig = builtins.readFile ./custom/ymir.nginx;
+  };
 }
author	Gregor Kleen <gkleen@yggdrasil.li>	2015-11-07 21:34:35 +0000
committer	Gregor Kleen <gkleen@yggdrasil.li>	2015-11-07 21:34:35 +0000
commit	72e7eff45ca594035fbe1e7edcc725398d69d278 (patch)
tree	d099667006d4f5998d9790255eab837abed9f9a3
parent	2e197f1eb606cc7244d7e863086dcdfcfc5ccc2e (diff)
parent	e5899248bf45759565eb0bc2888dcedb3a6a63e8 (diff)
download	nixos-72e7eff45ca594035fbe1e7edcc725398d69d278.tar nixos-72e7eff45ca594035fbe1e7edcc725398d69d278.tar.gz nixos-72e7eff45ca594035fbe1e7edcc725398d69d278.tar.bz2 nixos-72e7eff45ca594035fbe1e7edcc725398d69d278.tar.xz nixos-72e7eff45ca594035fbe1e7edcc725398d69d278.zip

diff --git a/custom/ymir.nginx b/custom/ymir.nginx new file mode 100644 index 00000000..1fb0afcb --- /dev/null +++ b/custom/ymir.nginx
@@ -0,0 +1,62 @@
		1	default_type application/octet-stream;
		2
		3	log_format main
		4	'$remote_addr - $remote_user [$time_local] '
		5	'"$request" $status $bytes_sent '
		6	'"$http_referer" "$http_user_agent" '
		7	'"$gzip_ratio"';
		8
		9	client_header_timeout 10m;
		10	client_body_timeout 10m;
		11	send_timeout 10m;
		12
		13	connection_pool_size 256;
		14	client_header_buffer_size 1k;
		15	large_client_header_buffers 4 2k;
		16	request_pool_size 4k;
		17
		18	gzip on;
		19	gzip_min_length 1100;
		20	gzip_buffers 4 8k;
		21	gzip_types text/plain;
		22
		23	output_buffers 1 32k;
		24	postpone_output 1460;
		25
		26	sendfile on;
		27	tcp_nopush on;
		28	tcp_nodelay on;
		29
		30	keepalive_timeout 75 20;
		31
		32	ignore_invalid_headers on;
		33
		34	server {
		35	listen *:80;
		36	listen [::]:80;
		37	server_name dirty-haskell.org www.dirty-haskell.org;
		38
		39	root /srv/www/dirty-haskell.org;
		40	}
		41
		42	server {
		43	listen *:443 ssl;
		44	listen [::]:443 ssl;
		45	server_name dirty-haskell.org;
		46
		47	ssl_certificate /etc/nginx/ssl/dirty-haskell.org/fullchain.pem;
		48	ssl_certificate_key /etc/nginx/ssl/dirty-haskell.org/privkey.pem;
		49
		50	root /srv/www/dirty-haskell.org;
		51	}
		52
		53	server {
		54	listen *:443 ssl;
		55	listen [::]:443 ssl;
		56	server_name www.dirty-haskell.org;
		57
		58	ssl_certificate /etc/nginx/ssl/www.dirty-haskell.org/fullchain.pem;
		59	ssl_certificate_key /etc/nginx/ssl/www.dirty-haskell.org/privkey.pem;
		60
		61	root /srv/www/dirty-haskell.org;
		62	}


diff --git a/ymir.nix b/ymir.nix index c64dea38..808b11bb 100644 --- a/ymir.nix +++ b/ymir.nix
@@ -64,6 +64,8 @@ in {
64	5269 # xmpp.s2s	64	5269 # xmpp.s2s
65	655 # tinc.yggdrasil	65	655 # tinc.yggdrasil
66	656 # tinc.laeradhr	66	656 # tinc.laeradhr
		67	80 # http
		68	443 # https
67	];	69	];
68	allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh	70	allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh
69	];	71	];
@@ -88,10 +90,8 @@ in {
88	};	90	};
89		91
90	nix.binaryCaches = [ "https://cache.nixos.org/"	92	nix.binaryCaches = [ "https://cache.nixos.org/"
91	"https://hydra.nixos.org/"
92	];	93	];
93	nix.binaryCachePublicKeys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="	94	nix.binaryCachePublicKeys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
94	"hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
95	];	95	];
96		96
97	# List services that you want to enable:	97	# List services that you want to enable:
@@ -164,4 +164,9 @@ in {
164	ip4 = [ { address = "10.142.0.3"; prefixLength = 16; } ];	164	ip4 = [ { address = "10.142.0.3"; prefixLength = 16; } ];
165	};	165	};
166	});	166	});
		167
		168	services.nginx = {
		169	enable = true;
		170	httpConfig = builtins.readFile ./custom/ymir.nginx;
		171	};
167	}	172	}