summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--custom/ymir-nginx.nix102
-rw-r--r--ymir.nix5
2 files changed, 103 insertions, 4 deletions
diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix
new file mode 100644
index 00000000..05618e35
--- /dev/null
+++ b/custom/ymir-nginx.nix
@@ -0,0 +1,102 @@
1{ config, lib, pkgs, ... }:
2
3let
4 uwsgi_param = builtins.toFile "uwsgi_param" ''
5 uwsgi_param QUERY_STRING $query_string;
6 uwsgi_param REQUEST_METHOD $request_method;
7 uwsgi_param CONTENT_TYPE $content_type;
8 uwsgi_param CONTENT_LENGTH $content_length;
9 uwsgi_param REQUEST_URI $request_uri;
10 uwsgi_param PATH_INFO $document_uri;
11 uwsgi_param DOCUMENT_ROOT $document_root;
12 uwsgi_param SERVER_PROTOCOL $server_protocol;
13 uwsgi_param REMOTE_ADDR $remote_addr;
14 uwsgi_param REMOTE_PORT $remote_port;
15 uwsgi_param SERVER_ADDR $server_addr;
16 uwsgi_param SERVER_PORT $server_port;
17 uwsgi_param SERVER_NAME $server_name;
18 '';
19in {
20 services.nginx = {
21 enable = true;
22 httpConfig = ''
23 default_type application/octet-stream;
24
25 log_format main
26 '$remote_addr - $remote_user [$time_local] '
27 '"$request" $status $bytes_sent '
28 '"$http_referer" "$http_user_agent" '
29 '"$gzip_ratio"';
30
31 client_header_timeout 10m;
32 client_body_timeout 10m;
33 send_timeout 10m;
34
35 connection_pool_size 256;
36 client_header_buffer_size 1k;
37 large_client_header_buffers 4 2k;
38 request_pool_size 4k;
39
40 gzip on;
41 gzip_min_length 1100;
42 gzip_buffers 4 8k;
43 gzip_types text/plain;
44
45 output_buffers 1 32k;
46 postpone_output 1460;
47
48 sendfile on;
49 tcp_nopush on;
50 tcp_nodelay on;
51
52 keepalive_timeout 75 20;
53
54 ignore_invalid_headers on;
55
56 server {
57 listen *:80;
58 listen [::]:80;
59 server_name dirty-haskell.org www.dirty-haskell.org;
60
61 root /srv/www/dirty-haskell.org;
62 }
63
64 server {
65 listen *:443 ssl;
66 listen [::]:443 ssl;
67 server_name dirty-haskell.org;
68
69 ssl_certificate /etc/nginx/ssl/dirty-haskell.org/fullchain.pem;
70 ssl_certificate_key /etc/nginx/ssl/dirty-haskell.org/privkey.pem;
71
72 root /srv/www/dirty-haskell.org;
73 }
74
75 server {
76 listen *:443 ssl;
77 listen [::]:443 ssl;
78 server_name www.dirty-haskell.org;
79
80 ssl_certificate /etc/nginx/ssl/www.dirty-haskell.org/fullchain.pem;
81 ssl_certificate_key /etc/nginx/ssl/www.dirty-haskell.org/privkey.pem;
82
83 root /srv/www/dirty-haskell.org;
84 }
85
86 server {
87 listen *:80;
88 listen [::]:80;
89 server_name git.yggdrasil.li www.git.yggdrasil.li;
90
91 root ${pkgs.cgit}/cgit;
92
93 try_files $uri @cgit;
94
95 location @uwsgi {
96 uwsgi_pass unix:/tmp/cgit.sock;
97 uwsgi_modifier1 9;
98 }
99 }
100 '';
101 };
102}
diff --git a/ymir.nix b/ymir.nix
index 22b90f75..533c5b67 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -20,6 +20,7 @@ in rec {
20 ./custom/zsh.nix 20 ./custom/zsh.nix
21 ./users.nix 21 ./users.nix
22 ./custom/tinc/def.nix 22 ./custom/tinc/def.nix
23 ./custom/ymir-nginx.nix
23 ]; 24 ];
24 25
25 boot.loader.grub = { 26 boot.loader.grub = {
@@ -180,10 +181,6 @@ in rec {
180 }; 181 };
181 }); 182 });
182 183
183 services.nginx = {
184 enable = true;
185 httpConfig = builtins.readFile ./custom/ymir.nginx;
186 };
187 users.extraUsers."nginx".extraGroups = ["uwsgi"]; 184 users.extraUsers."nginx".extraGroups = ["uwsgi"];
188 185
189 services.uwsgi = { 186 services.uwsgi = {