diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2016-04-26 15:30:38 +0200 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2016-04-26 15:30:38 +0200 |
| commit | 42570ce38245e34508dddae4bcf6a46a64ab1d4b (patch) | |
| tree | b03493dce64d2221d5f795c26ddaf7e35ff1e03e | |
| parent | 343b071a70f0e45730666dd5497dc6200606538d (diff) | |
| download | nixos-42570ce38245e34508dddae4bcf6a46a64ab1d4b.tar nixos-42570ce38245e34508dddae4bcf6a46a64ab1d4b.tar.gz nixos-42570ce38245e34508dddae4bcf6a46a64ab1d4b.tar.bz2 nixos-42570ce38245e34508dddae4bcf6a46a64ab1d4b.tar.xz nixos-42570ce38245e34508dddae4bcf6a46a64ab1d4b.zip | |
streamlined nginx config
| -rw-r--r-- | custom/ymir-nginx.nix | 40 |
1 files changed, 8 insertions, 32 deletions
diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix index 0506b5c7..bc1a4d1f 100644 --- a/custom/ymir-nginx.nix +++ b/custom/ymir-nginx.nix | |||
| @@ -19,7 +19,7 @@ let | |||
| 19 | 19 | ||
| 20 | favicon = builtins.toFile "favicon" '' | 20 | favicon = builtins.toFile "favicon" '' |
| 21 | location = /favicon.ico { | 21 | location = /favicon.ico { |
| 22 | root /srv/www/praseodym.org; | 22 | root /srv/www/default; |
| 23 | } | 23 | } |
| 24 | ''; | 24 | ''; |
| 25 | 25 | ||
| @@ -28,11 +28,6 @@ let | |||
| 28 | root /srv/www/acme/$host/; | 28 | root /srv/www/acme/$host/; |
| 29 | } | 29 | } |
| 30 | ''; | 30 | ''; |
| 31 | |||
| 32 | ssl = builtins.toFile "ssl" '' | ||
| 33 | ssl_certificate /var/lib/acme/yggdrasil.li/fullchain.pem; | ||
| 34 | ssl_certificate_key /var/lib/acme/yggdrasil.li/key.pem; | ||
| 35 | ''; | ||
| 36 | in { | 31 | in { |
| 37 | services.nginx = { | 32 | services.nginx = { |
| 38 | enable = true; | 33 | enable = true; |
| @@ -78,52 +73,33 @@ in { | |||
| 78 | ssl_prefer_server_ciphers on; | 73 | ssl_prefer_server_ciphers on; |
| 79 | ssl_session_cache shared:SSL:10m; | 74 | ssl_session_cache shared:SSL:10m; |
| 80 | ssl_dhparam /etc/ssl/dhparam.pem; | 75 | ssl_dhparam /etc/ssl/dhparam.pem; |
| 76 | |||
| 77 | ssl_certificate /var/lib/acme/yggdrasil.li/fullchain.pem; | ||
| 78 | ssl_certificate_key /var/lib/acme/yggdrasil.li/key.pem; | ||
| 81 | 79 | ||
| 82 | server { | 80 | server { |
| 83 | listen *:80; | 81 | listen *:80; |
| 84 | listen [::]:80; | 82 | listen [::]:80; |
| 83 | listen *:443 ssl; | ||
| 84 | listen [::]:443 ssl; | ||
| 85 | server_name _; | 85 | server_name _; |
| 86 | 86 | ||
| 87 | include ${favicon}; | 87 | include ${favicon}; |
| 88 | include ${acme}; | 88 | include ${acme}; |
| 89 | 89 | ||
| 90 | root /srv/www/praseodym.org; | 90 | root /srv/www/default; |
| 91 | } | 91 | } |
| 92 | 92 | ||
| 93 | server { | 93 | server { |
| 94 | listen *:80; | 94 | listen *:80; |
| 95 | listen [::]:80; | 95 | listen [::]:80; |
| 96 | server_name dirty-haskell.org www.dirty-haskell.org; | ||
| 97 | |||
| 98 | include ${favicon}; | ||
| 99 | include ${acme}; | ||
| 100 | |||
| 101 | root /srv/www/dirty-haskell.org; | ||
| 102 | } | ||
| 103 | |||
| 104 | server { | ||
| 105 | listen *:443 ssl; | ||
| 106 | listen [::]:443 ssl; | ||
| 107 | server_name dirty-haskell.org; | ||
| 108 | |||
| 109 | include ${favicon}; | ||
| 110 | include ${acme}; | ||
| 111 | |||
| 112 | include ${ssl}; | ||
| 113 | |||
| 114 | root /srv/www/dirty-haskell.org; | ||
| 115 | } | ||
| 116 | |||
| 117 | server { | ||
| 118 | listen *:443 ssl; | 96 | listen *:443 ssl; |
| 119 | listen [::]:443 ssl; | 97 | listen [::]:443 ssl; |
| 120 | server_name www.dirty-haskell.org; | 98 | server_name dirty-haskell.org www.dirty-haskell.org; |
| 121 | 99 | ||
| 122 | include ${favicon}; | 100 | include ${favicon}; |
| 123 | include ${acme}; | 101 | include ${acme}; |
| 124 | 102 | ||
| 125 | include ${ssl}; | ||
| 126 | |||
| 127 | root /srv/www/dirty-haskell.org; | 103 | root /srv/www/dirty-haskell.org; |
| 128 | } | 104 | } |
| 129 | 105 | ||