diff options
-rw-r--r-- | custom/ymir-nginx.nix | 102 | ||||
-rw-r--r-- | ymir.nix | 5 |
2 files changed, 103 insertions, 4 deletions
diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix new file mode 100644 index 00000000..05618e35 --- /dev/null +++ b/custom/ymir-nginx.nix | |||
@@ -0,0 +1,102 @@ | |||
1 | { config, lib, pkgs, ... }: | ||
2 | |||
3 | let | ||
4 | uwsgi_param = builtins.toFile "uwsgi_param" '' | ||
5 | uwsgi_param QUERY_STRING $query_string; | ||
6 | uwsgi_param REQUEST_METHOD $request_method; | ||
7 | uwsgi_param CONTENT_TYPE $content_type; | ||
8 | uwsgi_param CONTENT_LENGTH $content_length; | ||
9 | uwsgi_param REQUEST_URI $request_uri; | ||
10 | uwsgi_param PATH_INFO $document_uri; | ||
11 | uwsgi_param DOCUMENT_ROOT $document_root; | ||
12 | uwsgi_param SERVER_PROTOCOL $server_protocol; | ||
13 | uwsgi_param REMOTE_ADDR $remote_addr; | ||
14 | uwsgi_param REMOTE_PORT $remote_port; | ||
15 | uwsgi_param SERVER_ADDR $server_addr; | ||
16 | uwsgi_param SERVER_PORT $server_port; | ||
17 | uwsgi_param SERVER_NAME $server_name; | ||
18 | ''; | ||
19 | in { | ||
20 | services.nginx = { | ||
21 | enable = true; | ||
22 | httpConfig = '' | ||
23 | default_type application/octet-stream; | ||
24 | |||
25 | log_format main | ||
26 | '$remote_addr - $remote_user [$time_local] ' | ||
27 | '"$request" $status $bytes_sent ' | ||
28 | '"$http_referer" "$http_user_agent" ' | ||
29 | '"$gzip_ratio"'; | ||
30 | |||
31 | client_header_timeout 10m; | ||
32 | client_body_timeout 10m; | ||
33 | send_timeout 10m; | ||
34 | |||
35 | connection_pool_size 256; | ||
36 | client_header_buffer_size 1k; | ||
37 | large_client_header_buffers 4 2k; | ||
38 | request_pool_size 4k; | ||
39 | |||
40 | gzip on; | ||
41 | gzip_min_length 1100; | ||
42 | gzip_buffers 4 8k; | ||
43 | gzip_types text/plain; | ||
44 | |||
45 | output_buffers 1 32k; | ||
46 | postpone_output 1460; | ||
47 | |||
48 | sendfile on; | ||
49 | tcp_nopush on; | ||
50 | tcp_nodelay on; | ||
51 | |||
52 | keepalive_timeout 75 20; | ||
53 | |||
54 | ignore_invalid_headers on; | ||
55 | |||
56 | server { | ||
57 | listen *:80; | ||
58 | listen [::]:80; | ||
59 | server_name dirty-haskell.org www.dirty-haskell.org; | ||
60 | |||
61 | root /srv/www/dirty-haskell.org; | ||
62 | } | ||
63 | |||
64 | server { | ||
65 | listen *:443 ssl; | ||
66 | listen [::]:443 ssl; | ||
67 | server_name dirty-haskell.org; | ||
68 | |||
69 | ssl_certificate /etc/nginx/ssl/dirty-haskell.org/fullchain.pem; | ||
70 | ssl_certificate_key /etc/nginx/ssl/dirty-haskell.org/privkey.pem; | ||
71 | |||
72 | root /srv/www/dirty-haskell.org; | ||
73 | } | ||
74 | |||
75 | server { | ||
76 | listen *:443 ssl; | ||
77 | listen [::]:443 ssl; | ||
78 | server_name www.dirty-haskell.org; | ||
79 | |||
80 | ssl_certificate /etc/nginx/ssl/www.dirty-haskell.org/fullchain.pem; | ||
81 | ssl_certificate_key /etc/nginx/ssl/www.dirty-haskell.org/privkey.pem; | ||
82 | |||
83 | root /srv/www/dirty-haskell.org; | ||
84 | } | ||
85 | |||
86 | server { | ||
87 | listen *:80; | ||
88 | listen [::]:80; | ||
89 | server_name git.yggdrasil.li www.git.yggdrasil.li; | ||
90 | |||
91 | root ${pkgs.cgit}/cgit; | ||
92 | |||
93 | try_files $uri @cgit; | ||
94 | |||
95 | location @uwsgi { | ||
96 | uwsgi_pass unix:/tmp/cgit.sock; | ||
97 | uwsgi_modifier1 9; | ||
98 | } | ||
99 | } | ||
100 | ''; | ||
101 | }; | ||
102 | } | ||
@@ -20,6 +20,7 @@ in rec { | |||
20 | ./custom/zsh.nix | 20 | ./custom/zsh.nix |
21 | ./users.nix | 21 | ./users.nix |
22 | ./custom/tinc/def.nix | 22 | ./custom/tinc/def.nix |
23 | ./custom/ymir-nginx.nix | ||
23 | ]; | 24 | ]; |
24 | 25 | ||
25 | boot.loader.grub = { | 26 | boot.loader.grub = { |
@@ -180,10 +181,6 @@ in rec { | |||
180 | }; | 181 | }; |
181 | }); | 182 | }); |
182 | 183 | ||
183 | services.nginx = { | ||
184 | enable = true; | ||
185 | httpConfig = builtins.readFile ./custom/ymir.nginx; | ||
186 | }; | ||
187 | users.extraUsers."nginx".extraGroups = ["uwsgi"]; | 184 | users.extraUsers."nginx".extraGroups = ["uwsgi"]; |
188 | 185 | ||
189 | services.uwsgi = { | 186 | services.uwsgi = { |