blob: e3cc2870534e3109faef8a77e555f227b5eb3880 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
{ config, lib, pkgs, ... }:
let
uwsgi_params = builtins.toFile "uwsgi_param" ''
uwsgi_param QUERY_STRING $query_string;
uwsgi_param REQUEST_METHOD $request_method;
uwsgi_param CONTENT_TYPE $content_type;
uwsgi_param CONTENT_LENGTH $content_length;
uwsgi_param REQUEST_URI $request_uri;
uwsgi_param PATH_INFO $document_uri;
uwsgi_param DOCUMENT_ROOT $document_root;
uwsgi_param SERVER_PROTOCOL $server_protocol;
uwsgi_param REMOTE_ADDR $remote_addr;
uwsgi_param REMOTE_PORT $remote_port;
uwsgi_param SERVER_ADDR $server_addr;
uwsgi_param SERVER_PORT $server_port;
uwsgi_param SERVER_NAME $server_name;
'';
favicon = builtins.toFile "favicon" ''
location /favicon.ico {
root /srv/www/praseodym.org;
}
'';
in {
services.nginx = {
enable = true;
httpConfig = ''
default_type application/octet-stream;
log_format main
'$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
client_header_timeout 10m;
client_body_timeout 10m;
send_timeout 10m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 4 2k;
request_pool_size 4k;
gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain;
output_buffers 1 32k;
postpone_output 1460;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 75 20;
ignore_invalid_headers on;
access_log stderr;
error_log stderr;
server {
listen *:80;
listen [::]:80;
server_name _;
root /srv/www/praseodym.org;
}
server {
listen *:80;
listen [::]:80;
server_name dirty-haskell.org www.dirty-haskell.org;
root /srv/www/dirty-haskell.org;
}
server {
listen *:443 ssl;
listen [::]:443 ssl;
server_name dirty-haskell.org;
ssl_certificate /etc/nginx/ssl/dirty-haskell.org/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/dirty-haskell.org/privkey.pem;
root /srv/www/dirty-haskell.org;
}
server {
listen *:443 ssl;
listen [::]:443 ssl;
server_name www.dirty-haskell.org;
ssl_certificate /etc/nginx/ssl/www.dirty-haskell.org/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/www.dirty-haskell.org/privkey.pem;
root /srv/www/dirty-haskell.org;
}
server {
listen *:80;
listen [::]:80;
server_name git.yggdrasil.li www.git.yggdrasil.li;
root ${pkgs.cgit}/cgit;
try_files $uri @cgit;
location @cgit {
include ${uwsgi_params};
uwsgi_pass unix:/tmp/cgit.sock;
uwsgi_modifier1 9;
}
}
'';
};
}
|
