diff options
Diffstat (limited to 'hosts/kay')
| -rw-r--r-- | hosts/kay/modules/cgit.nix | 48 | ||||
| -rw-r--r-- | hosts/kay/modules/www.nix | 57 | 
2 files changed, 46 insertions, 59 deletions
| diff --git a/hosts/kay/modules/cgit.nix b/hosts/kay/modules/cgit.nix index f66a89d..2ef95fb 100644 --- a/hosts/kay/modules/cgit.nix +++ b/hosts/kay/modules/cgit.nix @@ -5,31 +5,29 @@ let    user = config.userdata.user;  in  { -  environment.systemPackages = with pkgs; [ luajitPackages.luaossl lua52Packages.luaossl ]; -  services = { -    nginx.virtualHosts."git.${domain}" = { -      forceSSL = true; -      enableACME = true; -    }; -    cgit."git.${domain}" = { -      enable = true; -      nginx.virtualHost = "git.${domain}"; -      scanPath = "/var/lib/git"; -      settings = { -        project-list = "/var/lib/git/project.list"; -        remove-suffix = 1; -        enable-commit-graph = 1; -        root-title = "${user}'s git repository"; -        root-desc = "how do i learn github anon"; -        source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py"; -        about-filter = "${pkgs.cgit}/lib/cgit/filters/about-formatting.sh"; -        readme = ":README.md"; -        footer = ""; -        enable-blame = 1; -        clone-url = "https://git.${domain}/$CGIT_REPO_URL"; -        enable-log-filecount = 1; -        enable-log-linecount = 1; -      }; +  environment.systemPackages = with pkgs; [ +    luajitPackages.luaossl +    lua52Packages.luaossl +  ]; + +  services.cgit."git.${domain}" = { +    enable = true; +    nginx.virtualHost = "git.${domain}"; +    scanPath = "/var/lib/git"; +    settings = { +      project-list = "/var/lib/git/project.list"; +      remove-suffix = 1; +      enable-commit-graph = 1; +      root-title = "${user}'s git repository"; +      root-desc = "how do i learn github anon"; +      source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py"; +      about-filter = "${pkgs.cgit}/lib/cgit/filters/about-formatting.sh"; +      readme = ":README.md"; +      footer = ""; +      enable-blame = 1; +      clone-url = "https://git.${domain}/$CGIT_REPO_URL"; +      enable-log-filecount = 1; +      enable-log-linecount = 1;      };    };  } diff --git a/hosts/kay/modules/www.nix b/hosts/kay/modules/www.nix index cae862a..2e409e3 100644 --- a/hosts/kay/modules/www.nix +++ b/hosts/kay/modules/www.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, pkgs, ... }:  let    domain = config.userdata.domain; @@ -14,7 +14,11 @@ in      ./cgit.nix    ]; -  networking.firewall.allowedTCPPorts = [ 80 443 ]; +  networking.firewall = { +    allowedTCPPorts = [ 80 443 ]; +    allowedUDPPorts = [ 443 ]; +  }; +    security.acme = {      acceptTerms = true;      defaults.email = email; @@ -22,6 +26,8 @@ in    services.nginx = {       enable = true; +    package = pkgs.nginxQuic; +      recommendedTlsSettings = true;      recommendedZstdSettings = true;      recommendedOptimisation = true; @@ -30,10 +36,15 @@ in      recommendedBrotliSettings = true;      eventsConfig = "worker_connections 1024;"; -    virtualHosts = { -      "${domain}" = { +    virtualHosts = let +      defaultOpts = { +        quic = true; +        http3 = true;          forceSSL = true;          enableACME = true; +      }; +    in { +      "${domain}" = defaultOpts // {          globalRedirect = "www.${domain}";          extraConfig = '' @@ -59,53 +70,31 @@ in            proxyPass = "http://${addr}";          };        }; -      "www.${domain}" = { -        forceSSL = true; -        enableACME = true; +      "www.${domain}" = defaultOpts // {          root = "/var/www/${domain}";        }; -      "bin.${domain}" = { -        forceSSL = true; -        enableACME = true; +      "git.${domain}" = defaultOpts; +      "bin.${domain}" = defaultOpts // {          root = "${storage}/bin"; -          locations."= /".return = "307 https://www.${domain}";        }; -      "static.${domain}" = { -        forceSSL = true; -        enableACME = true; +      "static.${domain}" = defaultOpts // {          root = "${storage}/static"; -          locations."= /".return = "301 https://www.${domain}";        }; -      "${fscusat}" = { -        forceSSL = true; -        enableACME = true; +      "${fscusat}" = defaultOpts // {          globalRedirect = "www.${fscusat}";        }; -      "www.${fscusat}" = { -        forceSSL = true; -        enableACME = true; -        extraConfig = '' -          proxy_set_header Host $host; -          proxy_set_header X-Real-IP $remote_addr; -          proxy_read_timeout 600; -        ''; - +      "www.${fscusat}" = defaultOpts // {          locations."/" = {            return = "200 '<h1>under construction</h1>'";            extraConfig = "add_header Content-Type text/html;";          };        }; -      "${mark}" = { -        forceSSL = true; -        enableACME = true; +      "${mark}" = defaultOpts // {          globalRedirect = "www.${mark}";        }; -      "www.${mark}" = { -        forceSSL = true; -        enableACME = true; - +      "www.${mark}" = defaultOpts // {          locations."/" = {            return = "200 '<h1>under construction, see you soon</h1>'";            extraConfig = "add_header Content-Type text/html;"; | 
