From 97a368b8f3afa9bd72ef23bbf7de0df0c63ff8ba Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Wed, 13 Jan 2016 02:00:20 +0100
Subject: revamped nginx config

---
 custom/ymir-nginx.nix | 102 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 102 insertions(+)
 create mode 100644 custom/ymir-nginx.nix

(limited to 'custom/ymir-nginx.nix')

diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix
new file mode 100644
index 00000000..05618e35
--- /dev/null
+++ b/custom/ymir-nginx.nix
@@ -0,0 +1,102 @@
+{ config, lib, pkgs, ... }:
+
+let
+  uwsgi_param = builtins.toFile "uwsgi_param" ''
+    uwsgi_param QUERY_STRING $query_string;
+    uwsgi_param REQUEST_METHOD $request_method;
+    uwsgi_param CONTENT_TYPE $content_type;
+    uwsgi_param CONTENT_LENGTH $content_length;
+    uwsgi_param REQUEST_URI $request_uri;
+    uwsgi_param PATH_INFO $document_uri;
+    uwsgi_param DOCUMENT_ROOT $document_root;
+    uwsgi_param SERVER_PROTOCOL $server_protocol;
+    uwsgi_param REMOTE_ADDR $remote_addr;
+    uwsgi_param REMOTE_PORT $remote_port;
+    uwsgi_param SERVER_ADDR $server_addr;
+    uwsgi_param SERVER_PORT $server_port;
+    uwsgi_param SERVER_NAME $server_name;
+  '';
+in {
+  services.nginx = {
+    enable = true;
+    httpConfig = ''
+      default_type application/octet-stream;
+
+      log_format main
+              '$remote_addr - $remote_user [$time_local] '
+              '"$request" $status $bytes_sent '
+              '"$http_referer" "$http_user_agent" '
+              '"$gzip_ratio"';
+
+      client_header_timeout 10m;
+      client_body_timeout 10m;
+      send_timeout 10m;
+
+      connection_pool_size 256;
+      client_header_buffer_size 1k;
+      large_client_header_buffers 4 2k;
+      request_pool_size 4k;
+
+      gzip on;
+      gzip_min_length 1100;
+      gzip_buffers 4 8k;
+      gzip_types text/plain;
+
+      output_buffers 1 32k;
+      postpone_output 1460;
+
+      sendfile on;
+      tcp_nopush on;
+      tcp_nodelay on;
+
+      keepalive_timeout 75 20;
+
+      ignore_invalid_headers on;
+
+      server {
+        listen *:80;
+        listen [::]:80;
+        server_name dirty-haskell.org www.dirty-haskell.org;
+
+        root /srv/www/dirty-haskell.org;
+      }
+
+      server {
+        listen *:443 ssl;
+        listen [::]:443 ssl;
+        server_name dirty-haskell.org;
+
+        ssl_certificate /etc/nginx/ssl/dirty-haskell.org/fullchain.pem;
+        ssl_certificate_key /etc/nginx/ssl/dirty-haskell.org/privkey.pem;
+
+        root /srv/www/dirty-haskell.org;
+      }
+
+      server {
+        listen *:443 ssl;
+        listen [::]:443 ssl;
+        server_name www.dirty-haskell.org;
+
+        ssl_certificate /etc/nginx/ssl/www.dirty-haskell.org/fullchain.pem;
+        ssl_certificate_key /etc/nginx/ssl/www.dirty-haskell.org/privkey.pem;
+
+        root /srv/www/dirty-haskell.org;
+      }
+
+      server {
+        listen *:80;
+        listen [::]:80;
+        server_name git.yggdrasil.li www.git.yggdrasil.li;
+
+	root ${pkgs.cgit}/cgit;
+
+	try_files $uri @cgit;
+
+        location @uwsgi {
+          uwsgi_pass unix:/tmp/cgit.sock;
+          uwsgi_modifier1 9;
+        }
+      }
+    '';
+  };
+}
-- 
cgit v1.2.3