diff options
-rw-r--r-- | custom/ymir-nginx.nix | 48 | ||||
-rw-r--r-- | ymir.nix | 4 |
2 files changed, 14 insertions, 38 deletions
diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix index f4430059..3511b35e 100644 --- a/custom/ymir-nginx.nix +++ b/custom/ymir-nginx.nix | |||
@@ -133,8 +133,6 @@ in { | |||
133 | ssl_certificate_key /var/lib/acme/yggdrasil.li/key.pem; | 133 | ssl_certificate_key /var/lib/acme/yggdrasil.li/key.pem; |
134 | 134 | ||
135 | server { | 135 | server { |
136 | listen *:80; | ||
137 | listen [::]:80; | ||
138 | listen *:443 ssl; | 136 | listen *:443 ssl; |
139 | listen [::]:443 ssl; | 137 | listen [::]:443 ssl; |
140 | server_name _; | 138 | server_name _; |
@@ -152,6 +150,16 @@ in { | |||
152 | server { | 150 | server { |
153 | listen *:80; | 151 | listen *:80; |
154 | listen [::]:80; | 152 | listen [::]:80; |
153 | server_name _; | ||
154 | |||
155 | include ${acme}; | ||
156 | |||
157 | location / { | ||
158 | return 301 https://$host$request_uri; | ||
159 | } | ||
160 | } | ||
161 | |||
162 | server { | ||
155 | listen *:443 ssl; | 163 | listen *:443 ssl; |
156 | listen [::]:443 ssl; | 164 | listen [::]:443 ssl; |
157 | server_name ~^(.*\.)?(f|files)\.(yggdrasil\.li|141\.li|praseodym\.org)$; | 165 | server_name ~^(.*\.)?(f|files)\.(yggdrasil\.li|141\.li|praseodym\.org)$; |
@@ -163,8 +171,6 @@ in { | |||
163 | } | 171 | } |
164 | 172 | ||
165 | server { | 173 | server { |
166 | listen *:80; | ||
167 | listen [::]:80; | ||
168 | listen *:443 ssl; | 174 | listen *:443 ssl; |
169 | listen [::]:443 ssl; | 175 | listen [::]:443 ssl; |
170 | server_name ~^(.*\.)?(o|online)\.(yggdrasil\.li|141\.li|praseodym\.org)$; | 176 | server_name ~^(.*\.)?(o|online)\.(yggdrasil\.li|141\.li|praseodym\.org)$; |
@@ -179,8 +185,6 @@ in { | |||
179 | } | 185 | } |
180 | 186 | ||
181 | server { | 187 | server { |
182 | listen *:80; | ||
183 | listen [::]:80; | ||
184 | listen *:443 ssl; | 188 | listen *:443 ssl; |
185 | listen [::]:443 ssl; | 189 | listen [::]:443 ssl; |
186 | server_name ~^(.*\.)?dirty-haskell\.org$; | 190 | server_name ~^(.*\.)?dirty-haskell\.org$; |
@@ -192,9 +196,7 @@ in { | |||
192 | } | 196 | } |
193 | 197 | ||
194 | server { | 198 | server { |
195 | listen *:80; | ||
196 | listen *:443 ssl; | 199 | listen *:443 ssl; |
197 | listen [::]:80; | ||
198 | listen [::]:443 ssl; | 200 | listen [::]:443 ssl; |
199 | server_name ~^(.*\.)?git\.yggdrasil\.li$; | 201 | server_name ~^(.*\.)?git\.yggdrasil\.li$; |
200 | 202 | ||
@@ -207,15 +209,13 @@ in { | |||
207 | 209 | ||
208 | location @cgit { | 210 | location @cgit { |
209 | include ${uwsgi_params}; | 211 | include ${uwsgi_params}; |
210 | uwsgi_pass unix:/tmp/git.yggdrasil.li.sock; | 212 | uwsgi_pass unix:/run/git.yggdrasil.li.sock; |
211 | uwsgi_modifier1 9; | 213 | uwsgi_modifier1 9; |
212 | } | 214 | } |
213 | } | 215 | } |
214 | 216 | ||
215 | server { | 217 | server { |
216 | listen *:80; | ||
217 | listen *:443 ssl; | 218 | listen *:443 ssl; |
218 | listen [::]:80; | ||
219 | listen [::]:443 ssl; | 219 | listen [::]:443 ssl; |
220 | server_name ~^(.*\.)?git\.rheperire\.org$; | 220 | server_name ~^(.*\.)?git\.rheperire\.org$; |
221 | 221 | ||
@@ -228,24 +228,12 @@ in { | |||
228 | 228 | ||
229 | location @cgit { | 229 | location @cgit { |
230 | include ${uwsgi_params}; | 230 | include ${uwsgi_params}; |
231 | uwsgi_pass unix:/tmp/git.rheperire.org.sock; | 231 | uwsgi_pass unix:/run/git.rheperire.org.sock; |
232 | uwsgi_modifier1 9; | 232 | uwsgi_modifier1 9; |
233 | } | 233 | } |
234 | } | 234 | } |
235 | 235 | ||
236 | server { | 236 | server { |
237 | listen *:80; | ||
238 | listen [::]:80; | ||
239 | server_name ~^(.*\.)?odin\.(yggdrasil\.li|141\.li)$; | ||
240 | |||
241 | include ${acme}; | ||
242 | |||
243 | location / { | ||
244 | return 301 https://$host$request_uri; | ||
245 | } | ||
246 | } | ||
247 | |||
248 | server { | ||
249 | listen *:443 ssl; | 237 | listen *:443 ssl; |
250 | listen [::]:443 ssl; | 238 | listen [::]:443 ssl; |
251 | server_name ~^(.*\.)?odin\.(yggdrasil\.li|141\.li)$; | 239 | server_name ~^(.*\.)?odin\.(yggdrasil\.li|141\.li)$; |
@@ -260,18 +248,6 @@ in { | |||
260 | } | 248 | } |
261 | 249 | ||
262 | server { | 250 | server { |
263 | listen *:80; | ||
264 | listen [::]:80; | ||
265 | server_name ~^ftp\.(yggdrasil\.li|141\.li|praseodym\.org)$; | ||
266 | |||
267 | include ${acme}; | ||
268 | |||
269 | location / { | ||
270 | return 301 https://$host$request_uri; | ||
271 | } | ||
272 | } | ||
273 | |||
274 | server { | ||
275 | listen *:443 ssl; | 251 | listen *:443 ssl; |
276 | listen [::]:443 ssl; | 252 | listen [::]:443 ssl; |
277 | 253 | ||
@@ -297,7 +297,7 @@ in rec { | |||
297 | env = [ | 297 | env = [ |
298 | "CGIT_CONFIG=/etc/cgit/git.yggdrasil.li" | 298 | "CGIT_CONFIG=/etc/cgit/git.yggdrasil.li" |
299 | ]; | 299 | ]; |
300 | socket = "/tmp/git.yggdrasil.li.sock"; | 300 | socket = "/run/git.yggdrasil.li.sock"; |
301 | chmod-socket = "660"; | 301 | chmod-socket = "660"; |
302 | chown-socket = "uwsgi:nginx"; | 302 | chown-socket = "uwsgi:nginx"; |
303 | uid = "uwsgi"; gid = "uwsgi"; | 303 | uid = "uwsgi"; gid = "uwsgi"; |
@@ -311,7 +311,7 @@ in rec { | |||
311 | env = [ | 311 | env = [ |
312 | "CGIT_CONFIG=/etc/cgit/git.rheperire.org" | 312 | "CGIT_CONFIG=/etc/cgit/git.rheperire.org" |
313 | ]; | 313 | ]; |
314 | socket = "/tmp/git.rheperire.org.sock"; | 314 | socket = "/run/git.rheperire.org.sock"; |
315 | chmod-socket = "660"; | 315 | chmod-socket = "660"; |
316 | chown-socket = "uwsgi:nginx"; | 316 | chown-socket = "uwsgi:nginx"; |
317 | uid = "uwsgi"; gid = "uwsgi"; | 317 | uid = "uwsgi"; gid = "uwsgi"; |