summaryrefslogtreecommitdiff
path: root/hosts
diff options
context:
space:
mode:
authorsinanmohd <sinan@sinanmohd.com>2024-01-16 11:05:23 +0530
committersinanmohd <sinan@sinanmohd.com>2024-01-16 11:11:36 +0530
commite0da2bba6904aa924dee63f10788997761f75d36 (patch)
tree3f35c445932b41692f544a60c1a44decacaf2822 /hosts
parentc2915950ae09921d228c4f4d828ba60f7748abcb (diff)
kay/www: init http3
Diffstat (limited to 'hosts')
-rw-r--r--hosts/kay/modules/cgit.nix48
-rw-r--r--hosts/kay/modules/www.nix57
2 files changed, 46 insertions, 59 deletions
diff --git a/hosts/kay/modules/cgit.nix b/hosts/kay/modules/cgit.nix
index f66a89d..2ef95fb 100644
--- a/hosts/kay/modules/cgit.nix
+++ b/hosts/kay/modules/cgit.nix
@@ -5,31 +5,29 @@ let
user = config.userdata.user;
in
{
- environment.systemPackages = with pkgs; [ luajitPackages.luaossl lua52Packages.luaossl ];
- services = {
- nginx.virtualHosts."git.${domain}" = {
- forceSSL = true;
- enableACME = true;
- };
- cgit."git.${domain}" = {
- enable = true;
- nginx.virtualHost = "git.${domain}";
- scanPath = "/var/lib/git";
- settings = {
- project-list = "/var/lib/git/project.list";
- remove-suffix = 1;
- enable-commit-graph = 1;
- root-title = "${user}'s git repository";
- root-desc = "how do i learn github anon";
- source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py";
- about-filter = "${pkgs.cgit}/lib/cgit/filters/about-formatting.sh";
- readme = ":README.md";
- footer = "";
- enable-blame = 1;
- clone-url = "https://git.${domain}/$CGIT_REPO_URL";
- enable-log-filecount = 1;
- enable-log-linecount = 1;
- };
+ environment.systemPackages = with pkgs; [
+ luajitPackages.luaossl
+ lua52Packages.luaossl
+ ];
+
+ services.cgit."git.${domain}" = {
+ enable = true;
+ nginx.virtualHost = "git.${domain}";
+ scanPath = "/var/lib/git";
+ settings = {
+ project-list = "/var/lib/git/project.list";
+ remove-suffix = 1;
+ enable-commit-graph = 1;
+ root-title = "${user}'s git repository";
+ root-desc = "how do i learn github anon";
+ source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py";
+ about-filter = "${pkgs.cgit}/lib/cgit/filters/about-formatting.sh";
+ readme = ":README.md";
+ footer = "";
+ enable-blame = 1;
+ clone-url = "https://git.${domain}/$CGIT_REPO_URL";
+ enable-log-filecount = 1;
+ enable-log-linecount = 1;
};
};
}
diff --git a/hosts/kay/modules/www.nix b/hosts/kay/modules/www.nix
index cae862a..2e409e3 100644
--- a/hosts/kay/modules/www.nix
+++ b/hosts/kay/modules/www.nix
@@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, pkgs, ... }:
let
domain = config.userdata.domain;
@@ -14,7 +14,11 @@ in
./cgit.nix
];
- networking.firewall.allowedTCPPorts = [ 80 443 ];
+ networking.firewall = {
+ allowedTCPPorts = [ 80 443 ];
+ allowedUDPPorts = [ 443 ];
+ };
+
security.acme = {
acceptTerms = true;
defaults.email = email;
@@ -22,6 +26,8 @@ in
services.nginx = {
enable = true;
+ package = pkgs.nginxQuic;
+
recommendedTlsSettings = true;
recommendedZstdSettings = true;
recommendedOptimisation = true;
@@ -30,10 +36,15 @@ in
recommendedBrotliSettings = true;
eventsConfig = "worker_connections 1024;";
- virtualHosts = {
- "${domain}" = {
+ virtualHosts = let
+ defaultOpts = {
+ quic = true;
+ http3 = true;
forceSSL = true;
enableACME = true;
+ };
+ in {
+ "${domain}" = defaultOpts // {
globalRedirect = "www.${domain}";
extraConfig = ''
@@ -59,53 +70,31 @@ in
proxyPass = "http://${addr}";
};
};
- "www.${domain}" = {
- forceSSL = true;
- enableACME = true;
+ "www.${domain}" = defaultOpts // {
root = "/var/www/${domain}";
};
- "bin.${domain}" = {
- forceSSL = true;
- enableACME = true;
+ "git.${domain}" = defaultOpts;
+ "bin.${domain}" = defaultOpts // {
root = "${storage}/bin";
-
locations."= /".return = "307 https://www.${domain}";
};
- "static.${domain}" = {
- forceSSL = true;
- enableACME = true;
+ "static.${domain}" = defaultOpts // {
root = "${storage}/static";
-
locations."= /".return = "301 https://www.${domain}";
};
- "${fscusat}" = {
- forceSSL = true;
- enableACME = true;
+ "${fscusat}" = defaultOpts // {
globalRedirect = "www.${fscusat}";
};
- "www.${fscusat}" = {
- forceSSL = true;
- enableACME = true;
- extraConfig = ''
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_read_timeout 600;
- '';
-
+ "www.${fscusat}" = defaultOpts // {
locations."/" = {
return = "200 '<h1>under construction</h1>'";
extraConfig = "add_header Content-Type text/html;";
};
};
- "${mark}" = {
- forceSSL = true;
- enableACME = true;
+ "${mark}" = defaultOpts // {
globalRedirect = "www.${mark}";
};
- "www.${mark}" = {
- forceSSL = true;
- enableACME = true;
-
+ "www.${mark}" = defaultOpts // {
locations."/" = {
return = "200 '<h1>under construction, see you soon</h1>'";
extraConfig = "add_header Content-Type text/html;";