From 9b945b0330533e6fd008091668faef8f1cf729cb Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 7 Nov 2015 19:34:23 +0100
Subject: Dropped hydra on ymir

---
 ymir.nix | 2 --
 1 file changed, 2 deletions(-)

(limited to 'ymir.nix')

diff --git a/ymir.nix b/ymir.nix
index c64dea38..17efe8cc 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -88,10 +88,8 @@ in {
   };
 
   nix.binaryCaches = [ "https://cache.nixos.org/"
-                       "https://hydra.nixos.org/"
                      ];
   nix.binaryCachePublicKeys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
-                                "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
                               ];
 
   # List services that you want to enable:
-- 
cgit v1.2.3


From 01a93e0f1b82cc5b60c35a227ef6b2d1b3fc8111 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 7 Nov 2015 19:51:04 +0100
Subject: http(s) on ymir

---
 ymir.nix | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'ymir.nix')

diff --git a/ymir.nix b/ymir.nix
index 17efe8cc..bf8c29fb 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -64,6 +64,8 @@ in {
                           5269 # xmpp.s2s
                           655 # tinc.yggdrasil
                           656 # tinc.laeradhr
+                          80 # http
+                          443 # https
                         ];
       allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh
                              ];
-- 
cgit v1.2.3


From a64a7b0134df5909399b925399462ac06ef1b592 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 7 Nov 2015 20:04:56 +0100
Subject: dirty-haskell.org on ymir

---
 ymir.nix | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

(limited to 'ymir.nix')

diff --git a/ymir.nix b/ymir.nix
index bf8c29fb..2df8f902 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -164,4 +164,59 @@ in {
       ip4 = [ { address = "10.142.0.3"; prefixLength = 16; } ];
     };
     });
+
+  services.nginx = {
+    enable = true;
+    httpConfig = ''
+      include mime.types;
+      default_type application/octet-stream;
+ 
+      log_format main
+              '$remote_addr - $remote_user [$time_local] '
+              '"$request" $status $bytes_sent '
+              '"$http_referer" "$http_user_agent" '
+              '"$gzip_ratio"';
+
+      client_header_timeout 10m;
+      client_body_timeout 10m;
+      send_timeout 10m;
+
+      connection_pool_size 256;
+      client_header_buffer_size 1k;
+      large_client_header_buffers 4 2k;
+      request_pool_size 4k;
+
+      gzip on;
+      gzip_min_length 1100;
+      gzip_buffers 4 8k;
+      gzip_types text/plain;
+
+      output_buffers 1 32k;
+      postpone_output 1460;
+
+      sendfile on;
+      tcp_nopush on;
+      tcp_nodelay on;
+
+      keepalive_timeout 75 20;
+
+      ignore_invalid_headers on;
+
+      include hosts/*.conf;
+    '';
+  };
+  environment.etc."etc/nginx/mime.types" = {
+    source = ./custom/mime.types;
+  };
+  environment.etc."etc/nginx/hosts/dirty-haskell.conf" = {
+    text = ''
+      server {
+			 listen *:80;
+			 listen [::]:80;
+			 server_name dirty-haskell.org www.dirty-haskell.org;
+
+			 root /srv/www/dirty-haskell.org;
+      }
+    '';
+  };
 }
-- 
cgit v1.2.3


From 17e246f07f9fcc89809ed81b822c11185a89b73b Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 7 Nov 2015 20:12:35 +0100
Subject: fixes to nginx

---
 ymir.nix | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'ymir.nix')

diff --git a/ymir.nix b/ymir.nix
index 2df8f902..7702d3e0 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -168,7 +168,7 @@ in {
   services.nginx = {
     enable = true;
     httpConfig = ''
-      include mime.types;
+      include /etc/nginx/mime.types;
       default_type application/octet-stream;
  
       log_format main
@@ -202,13 +202,13 @@ in {
 
       ignore_invalid_headers on;
 
-      include hosts/*.conf;
+      include /etc/nginx/hosts/*.conf;
     '';
   };
-  environment.etc."etc/nginx/mime.types" = {
+  environment.etc."nginx/mime.types" = {
     source = ./custom/mime.types;
   };
-  environment.etc."etc/nginx/hosts/dirty-haskell.conf" = {
+  environment.etc."nginx/hosts/dirty-haskell.conf" = {
     text = ''
       server {
 			 listen *:80;
-- 
cgit v1.2.3


From 5e87a7ea8396e74db27b65019ba3372f88c3367c Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 7 Nov 2015 20:22:30 +0100
Subject: More fixes to nginx

---
 ymir.nix | 1 -
 1 file changed, 1 deletion(-)

(limited to 'ymir.nix')

diff --git a/ymir.nix b/ymir.nix
index 7702d3e0..6e7451ba 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -168,7 +168,6 @@ in {
   services.nginx = {
     enable = true;
     httpConfig = ''
-      include /etc/nginx/mime.types;
       default_type application/octet-stream;
  
       log_format main
-- 
cgit v1.2.3


From 7b599507537554f12f780a6437651b01cd50342f Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 7 Nov 2015 20:23:21 +0100
Subject: more concise nginx config

---
 ymir.nix | 16 ++++------------
 1 file changed, 4 insertions(+), 12 deletions(-)

(limited to 'ymir.nix')

diff --git a/ymir.nix b/ymir.nix
index 6e7451ba..532b9cf2 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -201,20 +201,12 @@ in {
 
       ignore_invalid_headers on;
 
-      include /etc/nginx/hosts/*.conf;
-    '';
-  };
-  environment.etc."nginx/mime.types" = {
-    source = ./custom/mime.types;
-  };
-  environment.etc."nginx/hosts/dirty-haskell.conf" = {
-    text = ''
       server {
-			 listen *:80;
-			 listen [::]:80;
-			 server_name dirty-haskell.org www.dirty-haskell.org;
+        listen *:80;
+        listen [::]:80;
+        server_name dirty-haskell.org www.dirty-haskell.org;
 
-			 root /srv/www/dirty-haskell.org;
+        root /srv/www/dirty-haskell.org;
       }
     '';
   };
-- 
cgit v1.2.3


From d5600e008b265a0ec9048f7485572473fee313fa Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 7 Nov 2015 21:17:38 +0100
Subject: ssl for dirty-haskell.org

---
 ymir.nix | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'ymir.nix')

diff --git a/ymir.nix b/ymir.nix
index 532b9cf2..42db314c 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -208,6 +208,26 @@ in {
 
         root /srv/www/dirty-haskell.org;
       }
+      server {
+        listen *:443 ssl;
+        listen [::]:443 ssl;
+        server_name dirty-haskell.org;
+
+        ssl_certificate /etc/nginx/ssl/dirty-haskell.org/fullchain.pem;
+        ssl_certificate_key /etc/nginx/ssl/dirty-haskell.org/privkey.pem;
+
+        root /srv/www/dirty-haskell.org;
+       server {
+        listen *:443 ssl;
+        listen [::]:443 ssl;
+        server_name www.dirty-haskell.org;
+
+        ssl_certificate /etc/nginx/ssl/www.dirty-haskell.org/fullchain.pem;
+        ssl_certificate_key /etc/nginx/ssl/www.dirty-haskell.org/privkey.pem;
+
+        root /srv/www/dirty-haskell.org;
+      }
+     }
     '';
   };
 }
-- 
cgit v1.2.3


From 9118016246660ddf9369ec48efa97aa379e4b24a Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 7 Nov 2015 21:20:10 +0100
Subject: syntax

---
 ymir.nix | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'ymir.nix')

diff --git a/ymir.nix b/ymir.nix
index 42db314c..7e2d3c76 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -217,6 +217,7 @@ in {
         ssl_certificate_key /etc/nginx/ssl/dirty-haskell.org/privkey.pem;
 
         root /srv/www/dirty-haskell.org;
+       }
        server {
         listen *:443 ssl;
         listen [::]:443 ssl;
@@ -226,6 +227,7 @@ in {
         ssl_certificate_key /etc/nginx/ssl/www.dirty-haskell.org/privkey.pem;
 
         root /srv/www/dirty-haskell.org;
+       }
       }
      }
     '';
-- 
cgit v1.2.3


From ee5e664126609ac7f8e3eb45f02730081d678757 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 7 Nov 2015 21:21:30 +0100
Subject: syntax

---
 ymir.nix | 1 -
 1 file changed, 1 deletion(-)

(limited to 'ymir.nix')

diff --git a/ymir.nix b/ymir.nix
index 7e2d3c76..97e1d94d 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -228,7 +228,6 @@ in {
 
         root /srv/www/dirty-haskell.org;
        }
-      }
      }
     '';
   };
-- 
cgit v1.2.3


From 8ac4624d37b736913ff8368aadbc61cc362cb2a1 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 7 Nov 2015 21:23:07 +0100
Subject: syntax

---
 ymir.nix | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'ymir.nix')

diff --git a/ymir.nix b/ymir.nix
index 97e1d94d..52b6e476 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -217,8 +217,8 @@ in {
         ssl_certificate_key /etc/nginx/ssl/dirty-haskell.org/privkey.pem;
 
         root /srv/www/dirty-haskell.org;
-       }
-       server {
+      }
+      server {
         listen *:443 ssl;
         listen [::]:443 ssl;
         server_name www.dirty-haskell.org;
@@ -227,8 +227,7 @@ in {
         ssl_certificate_key /etc/nginx/ssl/www.dirty-haskell.org/privkey.pem;
 
         root /srv/www/dirty-haskell.org;
-       }
-     }
+      }
     '';
   };
 }
-- 
cgit v1.2.3


From e5899248bf45759565eb0bc2888dcedb3a6a63e8 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 7 Nov 2015 21:30:46 +0100
Subject: moved nginx config

---
 ymir.nix | 63 +--------------------------------------------------------------
 1 file changed, 1 insertion(+), 62 deletions(-)

(limited to 'ymir.nix')

diff --git a/ymir.nix b/ymir.nix
index 52b6e476..808b11bb 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -167,67 +167,6 @@ in {
 
   services.nginx = {
     enable = true;
-    httpConfig = ''
-      default_type application/octet-stream;
- 
-      log_format main
-              '$remote_addr - $remote_user [$time_local] '
-              '"$request" $status $bytes_sent '
-              '"$http_referer" "$http_user_agent" '
-              '"$gzip_ratio"';
-
-      client_header_timeout 10m;
-      client_body_timeout 10m;
-      send_timeout 10m;
-
-      connection_pool_size 256;
-      client_header_buffer_size 1k;
-      large_client_header_buffers 4 2k;
-      request_pool_size 4k;
-
-      gzip on;
-      gzip_min_length 1100;
-      gzip_buffers 4 8k;
-      gzip_types text/plain;
-
-      output_buffers 1 32k;
-      postpone_output 1460;
-
-      sendfile on;
-      tcp_nopush on;
-      tcp_nodelay on;
-
-      keepalive_timeout 75 20;
-
-      ignore_invalid_headers on;
-
-      server {
-        listen *:80;
-        listen [::]:80;
-        server_name dirty-haskell.org www.dirty-haskell.org;
-
-        root /srv/www/dirty-haskell.org;
-      }
-      server {
-        listen *:443 ssl;
-        listen [::]:443 ssl;
-        server_name dirty-haskell.org;
-
-        ssl_certificate /etc/nginx/ssl/dirty-haskell.org/fullchain.pem;
-        ssl_certificate_key /etc/nginx/ssl/dirty-haskell.org/privkey.pem;
-
-        root /srv/www/dirty-haskell.org;
-      }
-      server {
-        listen *:443 ssl;
-        listen [::]:443 ssl;
-        server_name www.dirty-haskell.org;
-
-        ssl_certificate /etc/nginx/ssl/www.dirty-haskell.org/fullchain.pem;
-        ssl_certificate_key /etc/nginx/ssl/www.dirty-haskell.org/privkey.pem;
-
-        root /srv/www/dirty-haskell.org;
-      }
-    '';
+    httpConfig = builtins.readFile ./custom/ymir.nginx;
   };
 }
-- 
cgit v1.2.3