diff options
| -rw-r--r-- | custom/ymir-nginx.nix | 48 | ||||
| -rw-r--r-- | ymir.nix | 4 |
2 files changed, 14 insertions, 38 deletions
diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix index f4430059..3511b35e 100644 --- a/custom/ymir-nginx.nix +++ b/custom/ymir-nginx.nix | |||
| @@ -133,8 +133,6 @@ in { | |||
| 133 | ssl_certificate_key /var/lib/acme/yggdrasil.li/key.pem; | 133 | ssl_certificate_key /var/lib/acme/yggdrasil.li/key.pem; |
| 134 | 134 | ||
| 135 | server { | 135 | server { |
| 136 | listen *:80; | ||
| 137 | listen [::]:80; | ||
| 138 | listen *:443 ssl; | 136 | listen *:443 ssl; |
| 139 | listen [::]:443 ssl; | 137 | listen [::]:443 ssl; |
| 140 | server_name _; | 138 | server_name _; |
| @@ -152,6 +150,16 @@ in { | |||
| 152 | server { | 150 | server { |
| 153 | listen *:80; | 151 | listen *:80; |
| 154 | listen [::]:80; | 152 | listen [::]:80; |
| 153 | server_name _; | ||
| 154 | |||
| 155 | include ${acme}; | ||
| 156 | |||
| 157 | location / { | ||
| 158 | return 301 https://$host$request_uri; | ||
| 159 | } | ||
| 160 | } | ||
| 161 | |||
| 162 | server { | ||
| 155 | listen *:443 ssl; | 163 | listen *:443 ssl; |
| 156 | listen [::]:443 ssl; | 164 | listen [::]:443 ssl; |
| 157 | server_name ~^(.*\.)?(f|files)\.(yggdrasil\.li|141\.li|praseodym\.org)$; | 165 | server_name ~^(.*\.)?(f|files)\.(yggdrasil\.li|141\.li|praseodym\.org)$; |
| @@ -163,8 +171,6 @@ in { | |||
| 163 | } | 171 | } |
| 164 | 172 | ||
| 165 | server { | 173 | server { |
| 166 | listen *:80; | ||
| 167 | listen [::]:80; | ||
| 168 | listen *:443 ssl; | 174 | listen *:443 ssl; |
| 169 | listen [::]:443 ssl; | 175 | listen [::]:443 ssl; |
| 170 | server_name ~^(.*\.)?(o|online)\.(yggdrasil\.li|141\.li|praseodym\.org)$; | 176 | server_name ~^(.*\.)?(o|online)\.(yggdrasil\.li|141\.li|praseodym\.org)$; |
| @@ -179,8 +185,6 @@ in { | |||
| 179 | } | 185 | } |
| 180 | 186 | ||
| 181 | server { | 187 | server { |
| 182 | listen *:80; | ||
| 183 | listen [::]:80; | ||
| 184 | listen *:443 ssl; | 188 | listen *:443 ssl; |
| 185 | listen [::]:443 ssl; | 189 | listen [::]:443 ssl; |
| 186 | server_name ~^(.*\.)?dirty-haskell\.org$; | 190 | server_name ~^(.*\.)?dirty-haskell\.org$; |
| @@ -192,9 +196,7 @@ in { | |||
| 192 | } | 196 | } |
| 193 | 197 | ||
| 194 | server { | 198 | server { |
| 195 | listen *:80; | ||
| 196 | listen *:443 ssl; | 199 | listen *:443 ssl; |
| 197 | listen [::]:80; | ||
| 198 | listen [::]:443 ssl; | 200 | listen [::]:443 ssl; |
| 199 | server_name ~^(.*\.)?git\.yggdrasil\.li$; | 201 | server_name ~^(.*\.)?git\.yggdrasil\.li$; |
| 200 | 202 | ||
| @@ -207,15 +209,13 @@ in { | |||
| 207 | 209 | ||
| 208 | location @cgit { | 210 | location @cgit { |
| 209 | include ${uwsgi_params}; | 211 | include ${uwsgi_params}; |
| 210 | uwsgi_pass unix:/tmp/git.yggdrasil.li.sock; | 212 | uwsgi_pass unix:/run/git.yggdrasil.li.sock; |
| 211 | uwsgi_modifier1 9; | 213 | uwsgi_modifier1 9; |
| 212 | } | 214 | } |
| 213 | } | 215 | } |
| 214 | 216 | ||
| 215 | server { | 217 | server { |
| 216 | listen *:80; | ||
| 217 | listen *:443 ssl; | 218 | listen *:443 ssl; |
| 218 | listen [::]:80; | ||
| 219 | listen [::]:443 ssl; | 219 | listen [::]:443 ssl; |
| 220 | server_name ~^(.*\.)?git\.rheperire\.org$; | 220 | server_name ~^(.*\.)?git\.rheperire\.org$; |
| 221 | 221 | ||
| @@ -228,24 +228,12 @@ in { | |||
| 228 | 228 | ||
| 229 | location @cgit { | 229 | location @cgit { |
| 230 | include ${uwsgi_params}; | 230 | include ${uwsgi_params}; |
| 231 | uwsgi_pass unix:/tmp/git.rheperire.org.sock; | 231 | uwsgi_pass unix:/run/git.rheperire.org.sock; |
| 232 | uwsgi_modifier1 9; | 232 | uwsgi_modifier1 9; |
| 233 | } | 233 | } |
| 234 | } | 234 | } |
| 235 | 235 | ||
| 236 | server { | 236 | server { |
| 237 | listen *:80; | ||
| 238 | listen [::]:80; | ||
| 239 | server_name ~^(.*\.)?odin\.(yggdrasil\.li|141\.li)$; | ||
| 240 | |||
| 241 | include ${acme}; | ||
| 242 | |||
| 243 | location / { | ||
| 244 | return 301 https://$host$request_uri; | ||
| 245 | } | ||
| 246 | } | ||
| 247 | |||
| 248 | server { | ||
| 249 | listen *:443 ssl; | 237 | listen *:443 ssl; |
| 250 | listen [::]:443 ssl; | 238 | listen [::]:443 ssl; |
| 251 | server_name ~^(.*\.)?odin\.(yggdrasil\.li|141\.li)$; | 239 | server_name ~^(.*\.)?odin\.(yggdrasil\.li|141\.li)$; |
| @@ -260,18 +248,6 @@ in { | |||
| 260 | } | 248 | } |
| 261 | 249 | ||
| 262 | server { | 250 | server { |
| 263 | listen *:80; | ||
| 264 | listen [::]:80; | ||
| 265 | server_name ~^ftp\.(yggdrasil\.li|141\.li|praseodym\.org)$; | ||
| 266 | |||
| 267 | include ${acme}; | ||
| 268 | |||
| 269 | location / { | ||
| 270 | return 301 https://$host$request_uri; | ||
| 271 | } | ||
| 272 | } | ||
| 273 | |||
| 274 | server { | ||
| 275 | listen *:443 ssl; | 251 | listen *:443 ssl; |
| 276 | listen [::]:443 ssl; | 252 | listen [::]:443 ssl; |
| 277 | 253 | ||
| @@ -297,7 +297,7 @@ in rec { | |||
| 297 | env = [ | 297 | env = [ |
| 298 | "CGIT_CONFIG=/etc/cgit/git.yggdrasil.li" | 298 | "CGIT_CONFIG=/etc/cgit/git.yggdrasil.li" |
| 299 | ]; | 299 | ]; |
| 300 | socket = "/tmp/git.yggdrasil.li.sock"; | 300 | socket = "/run/git.yggdrasil.li.sock"; |
| 301 | chmod-socket = "660"; | 301 | chmod-socket = "660"; |
| 302 | chown-socket = "uwsgi:nginx"; | 302 | chown-socket = "uwsgi:nginx"; |
| 303 | uid = "uwsgi"; gid = "uwsgi"; | 303 | uid = "uwsgi"; gid = "uwsgi"; |
| @@ -311,7 +311,7 @@ in rec { | |||
| 311 | env = [ | 311 | env = [ |
| 312 | "CGIT_CONFIG=/etc/cgit/git.rheperire.org" | 312 | "CGIT_CONFIG=/etc/cgit/git.rheperire.org" |
| 313 | ]; | 313 | ]; |
| 314 | socket = "/tmp/git.rheperire.org.sock"; | 314 | socket = "/run/git.rheperire.org.sock"; |
| 315 | chmod-socket = "660"; | 315 | chmod-socket = "660"; |
| 316 | chown-socket = "uwsgi:nginx"; | 316 | chown-socket = "uwsgi:nginx"; |
| 317 | uid = "uwsgi"; gid = "uwsgi"; | 317 | uid = "uwsgi"; gid = "uwsgi"; |