From e0da2bba6904aa924dee63f10788997761f75d36 Mon Sep 17 00:00:00 2001 From: sinanmohd Date: Tue, 16 Jan 2024 11:05:23 +0530 Subject: kay/www: init http3 --- hosts/kay/modules/cgit.nix | 48 +++++++++++++++++++------------------- hosts/kay/modules/www.nix | 57 +++++++++++++++++++--------------------------- 2 files changed, 46 insertions(+), 59 deletions(-) diff --git a/hosts/kay/modules/cgit.nix b/hosts/kay/modules/cgit.nix index f66a89d..2ef95fb 100644 --- a/hosts/kay/modules/cgit.nix +++ b/hosts/kay/modules/cgit.nix @@ -5,31 +5,29 @@ let user = config.userdata.user; in { - environment.systemPackages = with pkgs; [ luajitPackages.luaossl lua52Packages.luaossl ]; - services = { - nginx.virtualHosts."git.${domain}" = { - forceSSL = true; - enableACME = true; - }; - cgit."git.${domain}" = { - enable = true; - nginx.virtualHost = "git.${domain}"; - scanPath = "/var/lib/git"; - settings = { - project-list = "/var/lib/git/project.list"; - remove-suffix = 1; - enable-commit-graph = 1; - root-title = "${user}'s git repository"; - root-desc = "how do i learn github anon"; - source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py"; - about-filter = "${pkgs.cgit}/lib/cgit/filters/about-formatting.sh"; - readme = ":README.md"; - footer = ""; - enable-blame = 1; - clone-url = "https://git.${domain}/$CGIT_REPO_URL"; - enable-log-filecount = 1; - enable-log-linecount = 1; - }; + environment.systemPackages = with pkgs; [ + luajitPackages.luaossl + lua52Packages.luaossl + ]; + + services.cgit."git.${domain}" = { + enable = true; + nginx.virtualHost = "git.${domain}"; + scanPath = "/var/lib/git"; + settings = { + project-list = "/var/lib/git/project.list"; + remove-suffix = 1; + enable-commit-graph = 1; + root-title = "${user}'s git repository"; + root-desc = "how do i learn github anon"; + source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py"; + about-filter = "${pkgs.cgit}/lib/cgit/filters/about-formatting.sh"; + readme = ":README.md"; + footer = ""; + enable-blame = 1; + clone-url = "https://git.${domain}/$CGIT_REPO_URL"; + enable-log-filecount = 1; + enable-log-linecount = 1; }; }; } diff --git a/hosts/kay/modules/www.nix b/hosts/kay/modules/www.nix index cae862a..2e409e3 100644 --- a/hosts/kay/modules/www.nix +++ b/hosts/kay/modules/www.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, pkgs, ... }: let domain = config.userdata.domain; @@ -14,7 +14,11 @@ in ./cgit.nix ]; - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall = { + allowedTCPPorts = [ 80 443 ]; + allowedUDPPorts = [ 443 ]; + }; + security.acme = { acceptTerms = true; defaults.email = email; @@ -22,6 +26,8 @@ in services.nginx = { enable = true; + package = pkgs.nginxQuic; + recommendedTlsSettings = true; recommendedZstdSettings = true; recommendedOptimisation = true; @@ -30,10 +36,15 @@ in recommendedBrotliSettings = true; eventsConfig = "worker_connections 1024;"; - virtualHosts = { - "${domain}" = { + virtualHosts = let + defaultOpts = { + quic = true; + http3 = true; forceSSL = true; enableACME = true; + }; + in { + "${domain}" = defaultOpts // { globalRedirect = "www.${domain}"; extraConfig = '' @@ -59,53 +70,31 @@ in proxyPass = "http://${addr}"; }; }; - "www.${domain}" = { - forceSSL = true; - enableACME = true; + "www.${domain}" = defaultOpts // { root = "/var/www/${domain}"; }; - "bin.${domain}" = { - forceSSL = true; - enableACME = true; + "git.${domain}" = defaultOpts; + "bin.${domain}" = defaultOpts // { root = "${storage}/bin"; - locations."= /".return = "307 https://www.${domain}"; }; - "static.${domain}" = { - forceSSL = true; - enableACME = true; + "static.${domain}" = defaultOpts // { root = "${storage}/static"; - locations."= /".return = "301 https://www.${domain}"; }; - "${fscusat}" = { - forceSSL = true; - enableACME = true; + "${fscusat}" = defaultOpts // { globalRedirect = "www.${fscusat}"; }; - "www.${fscusat}" = { - forceSSL = true; - enableACME = true; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_read_timeout 600; - ''; - + "www.${fscusat}" = defaultOpts // { locations."/" = { return = "200 '

under construction

'"; extraConfig = "add_header Content-Type text/html;"; }; }; - "${mark}" = { - forceSSL = true; - enableACME = true; + "${mark}" = defaultOpts // { globalRedirect = "www.${mark}"; }; - "www.${mark}" = { - forceSSL = true; - enableACME = true; - + "www.${mark}" = defaultOpts // { locations."/" = { return = "200 '

under construction, see you soon

'"; extraConfig = "add_header Content-Type text/html;"; -- cgit v1.2.3