From 9b945b0330533e6fd008091668faef8f1cf729cb Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 7 Nov 2015 19:34:23 +0100 Subject: Dropped hydra on ymir --- ymir.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/ymir.nix b/ymir.nix index c64dea38..17efe8cc 100644 --- a/ymir.nix +++ b/ymir.nix @@ -88,10 +88,8 @@ in { }; nix.binaryCaches = [ "https://cache.nixos.org/" - "https://hydra.nixos.org/" ]; nix.binaryCachePublicKeys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" ]; # List services that you want to enable: -- cgit v1.2.3 From 01a93e0f1b82cc5b60c35a227ef6b2d1b3fc8111 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 7 Nov 2015 19:51:04 +0100 Subject: http(s) on ymir --- ymir.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ymir.nix b/ymir.nix index 17efe8cc..bf8c29fb 100644 --- a/ymir.nix +++ b/ymir.nix @@ -64,6 +64,8 @@ in { 5269 # xmpp.s2s 655 # tinc.yggdrasil 656 # tinc.laeradhr + 80 # http + 443 # https ]; allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh ]; -- cgit v1.2.3 From a64a7b0134df5909399b925399462ac06ef1b592 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 7 Nov 2015 20:04:56 +0100 Subject: dirty-haskell.org on ymir --- custom/mime.types | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ymir.nix | 55 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 135 insertions(+) create mode 100644 custom/mime.types diff --git a/custom/mime.types b/custom/mime.types new file mode 100644 index 00000000..8a218b22 --- /dev/null +++ b/custom/mime.types @@ -0,0 +1,80 @@ + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/x-javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + image/svg+xml svg svgz; + image/webp webp; + + application/java-archive jar war ear; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.ms-excel xls; + application/vnd.ms-powerpoint ppt; + application/vnd.wap.wmlc wmlc; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream eot; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/ymir.nix b/ymir.nix index bf8c29fb..2df8f902 100644 --- a/ymir.nix +++ b/ymir.nix @@ -164,4 +164,59 @@ in { ip4 = [ { address = "10.142.0.3"; prefixLength = 16; } ]; }; }); + + services.nginx = { + enable = true; + httpConfig = '' + include mime.types; + default_type application/octet-stream; + + log_format main + '$remote_addr - $remote_user [$time_local] ' + '"$request" $status $bytes_sent ' + '"$http_referer" "$http_user_agent" ' + '"$gzip_ratio"'; + + client_header_timeout 10m; + client_body_timeout 10m; + send_timeout 10m; + + connection_pool_size 256; + client_header_buffer_size 1k; + large_client_header_buffers 4 2k; + request_pool_size 4k; + + gzip on; + gzip_min_length 1100; + gzip_buffers 4 8k; + gzip_types text/plain; + + output_buffers 1 32k; + postpone_output 1460; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + + keepalive_timeout 75 20; + + ignore_invalid_headers on; + + include hosts/*.conf; + ''; + }; + environment.etc."etc/nginx/mime.types" = { + source = ./custom/mime.types; + }; + environment.etc."etc/nginx/hosts/dirty-haskell.conf" = { + text = '' + server { + listen *:80; + listen [::]:80; + server_name dirty-haskell.org www.dirty-haskell.org; + + root /srv/www/dirty-haskell.org; + } + ''; + }; } -- cgit v1.2.3 From 17e246f07f9fcc89809ed81b822c11185a89b73b Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 7 Nov 2015 20:12:35 +0100 Subject: fixes to nginx --- custom/mime.types | 1 + ymir.nix | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/custom/mime.types b/custom/mime.types index 8a218b22..d723a21b 100644 --- a/custom/mime.types +++ b/custom/mime.types @@ -8,6 +8,7 @@ types { application/x-javascript js; application/atom+xml atom; application/rss+xml rss; + application/jose+json json; text/mathml mml; text/plain txt; diff --git a/ymir.nix b/ymir.nix index 2df8f902..7702d3e0 100644 --- a/ymir.nix +++ b/ymir.nix @@ -168,7 +168,7 @@ in { services.nginx = { enable = true; httpConfig = '' - include mime.types; + include /etc/nginx/mime.types; default_type application/octet-stream; log_format main @@ -202,13 +202,13 @@ in { ignore_invalid_headers on; - include hosts/*.conf; + include /etc/nginx/hosts/*.conf; ''; }; - environment.etc."etc/nginx/mime.types" = { + environment.etc."nginx/mime.types" = { source = ./custom/mime.types; }; - environment.etc."etc/nginx/hosts/dirty-haskell.conf" = { + environment.etc."nginx/hosts/dirty-haskell.conf" = { text = '' server { listen *:80; -- cgit v1.2.3 From 5e87a7ea8396e74db27b65019ba3372f88c3367c Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 7 Nov 2015 20:22:30 +0100 Subject: More fixes to nginx --- custom/mime.types | 81 ------------------------------------------------------- ymir.nix | 1 - 2 files changed, 82 deletions(-) delete mode 100644 custom/mime.types diff --git a/custom/mime.types b/custom/mime.types deleted file mode 100644 index d723a21b..00000000 --- a/custom/mime.types +++ /dev/null @@ -1,81 +0,0 @@ - -types { - text/html html htm shtml; - text/css css; - text/xml xml; - image/gif gif; - image/jpeg jpeg jpg; - application/x-javascript js; - application/atom+xml atom; - application/rss+xml rss; - application/jose+json json; - - text/mathml mml; - text/plain txt; - text/vnd.sun.j2me.app-descriptor jad; - text/vnd.wap.wml wml; - text/x-component htc; - - image/png png; - image/tiff tif tiff; - image/vnd.wap.wbmp wbmp; - image/x-icon ico; - image/x-jng jng; - image/x-ms-bmp bmp; - image/svg+xml svg svgz; - image/webp webp; - - application/java-archive jar war ear; - application/mac-binhex40 hqx; - application/msword doc; - application/pdf pdf; - application/postscript ps eps ai; - application/rtf rtf; - application/vnd.ms-excel xls; - application/vnd.ms-powerpoint ppt; - application/vnd.wap.wmlc wmlc; - application/vnd.google-earth.kml+xml kml; - application/vnd.google-earth.kmz kmz; - application/x-7z-compressed 7z; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-perl pl pm; - application/x-pilot prc pdb; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-tcl tcl tk; - application/x-x509-ca-cert der pem crt; - application/x-xpinstall xpi; - application/xhtml+xml xhtml; - application/zip zip; - - application/octet-stream bin exe dll; - application/octet-stream deb; - application/octet-stream dmg; - application/octet-stream eot; - application/octet-stream iso img; - application/octet-stream msi msp msm; - - audio/midi mid midi kar; - audio/mpeg mp3; - audio/ogg ogg; - audio/x-m4a m4a; - audio/x-realaudio ra; - - video/3gpp 3gpp 3gp; - video/mp4 mp4; - video/mpeg mpeg mpg; - video/quicktime mov; - video/webm webm; - video/x-flv flv; - video/x-m4v m4v; - video/x-mng mng; - video/x-ms-asf asx asf; - video/x-ms-wmv wmv; - video/x-msvideo avi; -} diff --git a/ymir.nix b/ymir.nix index 7702d3e0..6e7451ba 100644 --- a/ymir.nix +++ b/ymir.nix @@ -168,7 +168,6 @@ in { services.nginx = { enable = true; httpConfig = '' - include /etc/nginx/mime.types; default_type application/octet-stream; log_format main -- cgit v1.2.3 From 7b599507537554f12f780a6437651b01cd50342f Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 7 Nov 2015 20:23:21 +0100 Subject: more concise nginx config --- ymir.nix | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/ymir.nix b/ymir.nix index 6e7451ba..532b9cf2 100644 --- a/ymir.nix +++ b/ymir.nix @@ -201,20 +201,12 @@ in { ignore_invalid_headers on; - include /etc/nginx/hosts/*.conf; - ''; - }; - environment.etc."nginx/mime.types" = { - source = ./custom/mime.types; - }; - environment.etc."nginx/hosts/dirty-haskell.conf" = { - text = '' server { - listen *:80; - listen [::]:80; - server_name dirty-haskell.org www.dirty-haskell.org; + listen *:80; + listen [::]:80; + server_name dirty-haskell.org www.dirty-haskell.org; - root /srv/www/dirty-haskell.org; + root /srv/www/dirty-haskell.org; } ''; }; -- cgit v1.2.3 From d5600e008b265a0ec9048f7485572473fee313fa Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 7 Nov 2015 21:17:38 +0100 Subject: ssl for dirty-haskell.org --- ymir.nix | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/ymir.nix b/ymir.nix index 532b9cf2..42db314c 100644 --- a/ymir.nix +++ b/ymir.nix @@ -208,6 +208,26 @@ in { root /srv/www/dirty-haskell.org; } + server { + listen *:443 ssl; + listen [::]:443 ssl; + server_name dirty-haskell.org; + + ssl_certificate /etc/nginx/ssl/dirty-haskell.org/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/dirty-haskell.org/privkey.pem; + + root /srv/www/dirty-haskell.org; + server { + listen *:443 ssl; + listen [::]:443 ssl; + server_name www.dirty-haskell.org; + + ssl_certificate /etc/nginx/ssl/www.dirty-haskell.org/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/www.dirty-haskell.org/privkey.pem; + + root /srv/www/dirty-haskell.org; + } + } ''; }; } -- cgit v1.2.3 From 9118016246660ddf9369ec48efa97aa379e4b24a Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 7 Nov 2015 21:20:10 +0100 Subject: syntax --- ymir.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ymir.nix b/ymir.nix index 42db314c..7e2d3c76 100644 --- a/ymir.nix +++ b/ymir.nix @@ -217,6 +217,7 @@ in { ssl_certificate_key /etc/nginx/ssl/dirty-haskell.org/privkey.pem; root /srv/www/dirty-haskell.org; + } server { listen *:443 ssl; listen [::]:443 ssl; @@ -226,6 +227,7 @@ in { ssl_certificate_key /etc/nginx/ssl/www.dirty-haskell.org/privkey.pem; root /srv/www/dirty-haskell.org; + } } } ''; -- cgit v1.2.3 From ee5e664126609ac7f8e3eb45f02730081d678757 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 7 Nov 2015 21:21:30 +0100 Subject: syntax --- ymir.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/ymir.nix b/ymir.nix index 7e2d3c76..97e1d94d 100644 --- a/ymir.nix +++ b/ymir.nix @@ -228,7 +228,6 @@ in { root /srv/www/dirty-haskell.org; } - } } ''; }; -- cgit v1.2.3 From 8ac4624d37b736913ff8368aadbc61cc362cb2a1 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 7 Nov 2015 21:23:07 +0100 Subject: syntax --- ymir.nix | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/ymir.nix b/ymir.nix index 97e1d94d..52b6e476 100644 --- a/ymir.nix +++ b/ymir.nix @@ -217,8 +217,8 @@ in { ssl_certificate_key /etc/nginx/ssl/dirty-haskell.org/privkey.pem; root /srv/www/dirty-haskell.org; - } - server { + } + server { listen *:443 ssl; listen [::]:443 ssl; server_name www.dirty-haskell.org; @@ -227,8 +227,7 @@ in { ssl_certificate_key /etc/nginx/ssl/www.dirty-haskell.org/privkey.pem; root /srv/www/dirty-haskell.org; - } - } + } ''; }; } -- cgit v1.2.3 From e5899248bf45759565eb0bc2888dcedb3a6a63e8 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 7 Nov 2015 21:30:46 +0100 Subject: moved nginx config --- custom/ymir.nginx | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ ymir.nix | 63 +------------------------------------------------------ 2 files changed, 63 insertions(+), 62 deletions(-) create mode 100644 custom/ymir.nginx diff --git a/custom/ymir.nginx b/custom/ymir.nginx new file mode 100644 index 00000000..1fb0afcb --- /dev/null +++ b/custom/ymir.nginx @@ -0,0 +1,62 @@ +default_type application/octet-stream; + +log_format main + '$remote_addr - $remote_user [$time_local] ' + '"$request" $status $bytes_sent ' + '"$http_referer" "$http_user_agent" ' + '"$gzip_ratio"'; + +client_header_timeout 10m; +client_body_timeout 10m; +send_timeout 10m; + +connection_pool_size 256; +client_header_buffer_size 1k; +large_client_header_buffers 4 2k; +request_pool_size 4k; + +gzip on; +gzip_min_length 1100; +gzip_buffers 4 8k; +gzip_types text/plain; + +output_buffers 1 32k; +postpone_output 1460; + +sendfile on; +tcp_nopush on; +tcp_nodelay on; + +keepalive_timeout 75 20; + +ignore_invalid_headers on; + +server { + listen *:80; + listen [::]:80; + server_name dirty-haskell.org www.dirty-haskell.org; + + root /srv/www/dirty-haskell.org; +} + +server { + listen *:443 ssl; + listen [::]:443 ssl; + server_name dirty-haskell.org; + + ssl_certificate /etc/nginx/ssl/dirty-haskell.org/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/dirty-haskell.org/privkey.pem; + + root /srv/www/dirty-haskell.org; +} + +server { + listen *:443 ssl; + listen [::]:443 ssl; + server_name www.dirty-haskell.org; + + ssl_certificate /etc/nginx/ssl/www.dirty-haskell.org/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/www.dirty-haskell.org/privkey.pem; + + root /srv/www/dirty-haskell.org; +} diff --git a/ymir.nix b/ymir.nix index 52b6e476..808b11bb 100644 --- a/ymir.nix +++ b/ymir.nix @@ -167,67 +167,6 @@ in { services.nginx = { enable = true; - httpConfig = '' - default_type application/octet-stream; - - log_format main - '$remote_addr - $remote_user [$time_local] ' - '"$request" $status $bytes_sent ' - '"$http_referer" "$http_user_agent" ' - '"$gzip_ratio"'; - - client_header_timeout 10m; - client_body_timeout 10m; - send_timeout 10m; - - connection_pool_size 256; - client_header_buffer_size 1k; - large_client_header_buffers 4 2k; - request_pool_size 4k; - - gzip on; - gzip_min_length 1100; - gzip_buffers 4 8k; - gzip_types text/plain; - - output_buffers 1 32k; - postpone_output 1460; - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - - keepalive_timeout 75 20; - - ignore_invalid_headers on; - - server { - listen *:80; - listen [::]:80; - server_name dirty-haskell.org www.dirty-haskell.org; - - root /srv/www/dirty-haskell.org; - } - server { - listen *:443 ssl; - listen [::]:443 ssl; - server_name dirty-haskell.org; - - ssl_certificate /etc/nginx/ssl/dirty-haskell.org/fullchain.pem; - ssl_certificate_key /etc/nginx/ssl/dirty-haskell.org/privkey.pem; - - root /srv/www/dirty-haskell.org; - } - server { - listen *:443 ssl; - listen [::]:443 ssl; - server_name www.dirty-haskell.org; - - ssl_certificate /etc/nginx/ssl/www.dirty-haskell.org/fullchain.pem; - ssl_certificate_key /etc/nginx/ssl/www.dirty-haskell.org/privkey.pem; - - root /srv/www/dirty-haskell.org; - } - ''; + httpConfig = builtins.readFile ./custom/ymir.nginx; }; } -- cgit v1.2.3