1 files changed, 102 insertions, 0 deletions
diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix
new file mode 100644
index 00000000..05618e35
--- /dev/null
+++ b/custom/ymir-nginx.nix
@@ -0,0 +1,102 @@
+{ config, lib, pkgs, ... }:
+let
+  uwsgi_param = builtins.toFile "uwsgi_param" ''
+    uwsgi_param QUERY_STRING $query_string;
+    uwsgi_param REQUEST_METHOD $request_method;
+    uwsgi_param CONTENT_TYPE $content_type;
+    uwsgi_param CONTENT_LENGTH $content_length;
+    uwsgi_param REQUEST_URI $request_uri;
+    uwsgi_param PATH_INFO $document_uri;
+    uwsgi_param DOCUMENT_ROOT $document_root;
+    uwsgi_param SERVER_PROTOCOL $server_protocol;
+    uwsgi_param REMOTE_ADDR $remote_addr;
+    uwsgi_param REMOTE_PORT $remote_port;
+    uwsgi_param SERVER_ADDR $server_addr;
+    uwsgi_param SERVER_PORT $server_port;
+    uwsgi_param SERVER_NAME $server_name;
+  '';
+in {
+  services.nginx = {
+    enable = true;
+    httpConfig = ''
+      default_type application/octet-stream;
+      log_format main
+              '$remote_addr - $remote_user [$time_local] '
+              '"$request" $status $bytes_sent '
+              '"$http_referer" "$http_user_agent" '
+              '"$gzip_ratio"';
+      client_header_timeout 10m;
+      client_body_timeout 10m;
+      send_timeout 10m;
+      connection_pool_size 256;
+      client_header_buffer_size 1k;
+      large_client_header_buffers 4 2k;
+      request_pool_size 4k;
+      gzip on;
+      gzip_min_length 1100;
+      gzip_buffers 4 8k;
+      gzip_types text/plain;
+      output_buffers 1 32k;
+      postpone_output 1460;
+      sendfile on;
+      tcp_nopush on;
+      tcp_nodelay on;
+      keepalive_timeout 75 20;
+      ignore_invalid_headers on;
+      server {
+        listen *:80;
+        listen [::]:80;
+        server_name dirty-haskell.org www.dirty-haskell.org;
+        root /srv/www/dirty-haskell.org;
+      }
+      server {
+        listen *:443 ssl;
+        listen [::]:443 ssl;
+        server_name dirty-haskell.org;
+        ssl_certificate /etc/nginx/ssl/dirty-haskell.org/fullchain.pem;
+        ssl_certificate_key /etc/nginx/ssl/dirty-haskell.org/privkey.pem;
+        root /srv/www/dirty-haskell.org;
+      }
+      server {
+        listen *:443 ssl;
+        listen [::]:443 ssl;
+        server_name www.dirty-haskell.org;
+        ssl_certificate /etc/nginx/ssl/www.dirty-haskell.org/fullchain.pem;
+        ssl_certificate_key /etc/nginx/ssl/www.dirty-haskell.org/privkey.pem;
+        root /srv/www/dirty-haskell.org;
+      }
+      server {
+        listen *:80;
+        listen [::]:80;
+        server_name git.yggdrasil.li www.git.yggdrasil.li;
+        root ${pkgs.cgit}/cgit;
+        try_files $uri @cgit;
+        location @uwsgi {
+          uwsgi_pass unix:/tmp/cgit.sock;
+          uwsgi_modifier1 9;
+        }
+      }
+    '';
+  };
+}

diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix new file mode 100644 index 00000000..05618e35 --- /dev/null +++ b/custom/ymir-nginx.nix
@@ -0,0 +1,102 @@
	1	{ config, lib, pkgs, ... }:
	2
	3	let
	4	uwsgi_param = builtins.toFile "uwsgi_param" ''
	5	uwsgi_param QUERY_STRING $query_string;
	6	uwsgi_param REQUEST_METHOD $request_method;
	7	uwsgi_param CONTENT_TYPE $content_type;
	8	uwsgi_param CONTENT_LENGTH $content_length;
	9	uwsgi_param REQUEST_URI $request_uri;
	10	uwsgi_param PATH_INFO $document_uri;
	11	uwsgi_param DOCUMENT_ROOT $document_root;
	12	uwsgi_param SERVER_PROTOCOL $server_protocol;
	13	uwsgi_param REMOTE_ADDR $remote_addr;
	14	uwsgi_param REMOTE_PORT $remote_port;
	15	uwsgi_param SERVER_ADDR $server_addr;
	16	uwsgi_param SERVER_PORT $server_port;
	17	uwsgi_param SERVER_NAME $server_name;
	18	'';
	19	in {
	20	services.nginx = {
	21	enable = true;
	22	httpConfig = ''
	23	default_type application/octet-stream;
	24
	25	log_format main
	26	'$remote_addr - $remote_user [$time_local] '
	27	'"$request" $status $bytes_sent '
	28	'"$http_referer" "$http_user_agent" '
	29	'"$gzip_ratio"';
	30
	31	client_header_timeout 10m;
	32	client_body_timeout 10m;
	33	send_timeout 10m;
	34
	35	connection_pool_size 256;
	36	client_header_buffer_size 1k;
	37	large_client_header_buffers 4 2k;
	38	request_pool_size 4k;
	39
	40	gzip on;
	41	gzip_min_length 1100;
	42	gzip_buffers 4 8k;
	43	gzip_types text/plain;
	44
	45	output_buffers 1 32k;
	46	postpone_output 1460;
	47
	48	sendfile on;
	49	tcp_nopush on;
	50	tcp_nodelay on;
	51
	52	keepalive_timeout 75 20;
	53
	54	ignore_invalid_headers on;
	55
	56	server {
	57	listen *:80;
	58	listen [::]:80;
	59	server_name dirty-haskell.org www.dirty-haskell.org;
	60
	61	root /srv/www/dirty-haskell.org;
	62	}
	63
	64	server {
	65	listen *:443 ssl;
	66	listen [::]:443 ssl;
	67	server_name dirty-haskell.org;
	68
	69	ssl_certificate /etc/nginx/ssl/dirty-haskell.org/fullchain.pem;
	70	ssl_certificate_key /etc/nginx/ssl/dirty-haskell.org/privkey.pem;
	71
	72	root /srv/www/dirty-haskell.org;
	73	}
	74
	75	server {
	76	listen *:443 ssl;
	77	listen [::]:443 ssl;
	78	server_name www.dirty-haskell.org;
	79
	80	ssl_certificate /etc/nginx/ssl/www.dirty-haskell.org/fullchain.pem;
	81	ssl_certificate_key /etc/nginx/ssl/www.dirty-haskell.org/privkey.pem;
	82
	83	root /srv/www/dirty-haskell.org;
	84	}
	85
	86	server {
	87	listen *:80;
	88	listen [::]:80;
	89	server_name git.yggdrasil.li www.git.yggdrasil.li;
	90
	91	root ${pkgs.cgit}/cgit;
	92
	93	try_files $uri @cgit;
	94
	95	location @uwsgi {
	96	uwsgi_pass unix:/tmp/cgit.sock;
	97	uwsgi_modifier1 9;
	98	}
	99	}
	100	'';
	101	};
	102	}