joepie91/morph-rc
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

nginx preset

Browse source
This commit is contained in:
Sven Slootweg 2022-02-27 13:10:52 +01:00
parent 1aded254ae
commit ac895afd28
2 changed files with 97 additions and 121 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

201
configuration/default.nix
View file

@ -28,6 +28,7 @@ let
trackSystemMetrics = (import ./lib/track-system-metrics.nix);
trackServiceMetrics = (import ./lib/track-service-metrics.nix);
httpHealthChecks = (import ./lib/http-health-checks.nix);
nginx = (import ./lib/nginx.nix);
in {
network = {
inherit pkgs;
@ -111,7 +112,7 @@ in {
(trackSystemMetrics nodes."machine-haless-03.cryto.net".internalIpv4)
(trackServiceMetrics nodes."machine-haless-03.cryto.net".internalIpv4)
(httpHealthChecks {
http = [
both = [
"iomfats.cryto.net"
"castleroland.cryto.net"
"awesomedude.cryto.net"
@ -121,15 +122,68 @@ in {
"geojson.cryto.net"
"ossworks.nl"
];
https = [
"iomfats.cryto.net"
"castleroland.cryto.net"
"awesomedude.cryto.net"
"matrix-rooms.cryto.net"
"validatem.cryto.net"
"nixos-manual-mdx.cryto.net"
"geojson.cryto.net"
"ossworks.nl"
})
(nginx {
"modular-matrix.cryto.net" = [
(nginxPresets.letsEncrypt)
{ root = ./sources/modular-matrix; }
];
"geojson.cryto.net" = [
(nginxPresets.letsEncrypt)
{ root = ../../image-to-geojson/static; }
];
"validatem.cryto.net" = [
(nginxPresets.letsEncrypt)
{ root = ../../validatem/site/build; }
];
"ossworks.nl" = [
(nginxPresets.letsEncrypt)
{ root = ../../ossworks-site/build; }
];
"nixos-manual-mdx.cryto.net" = [
(nginxPresets.letsEncrypt)
{ root = ../../nixos-manual-mdx/build; }
];
"haless.cryto.net" = [
(nginxPresets.letsEncrypt)
{
locations."/shadow/" = {
alias = ./sources/shadow-generator;
};
locations."/knex-mirror/" = {
alias = ./sources/knex-mirror;
};
}
];
"books.cryto.net" = [
(nginxPresets.letsEncrypt)
(nginxPresets.phpDisabled)
];
"todo.cryto.net" = [
(nginxPresets.phpDisabled)
];
"learn.cryto.net" = [
(nginxPresets.phpDisabled)
];
"vps-list.cryto.net" = [
(nginxPresets.letsEncrypt)
(nginxPresets.phpDisabled)
];
"iomfats.cryto.net" = [
(nginxPresets.letsEncrypt)
(nginxPresets.reverseProxy "http://127.0.0.1:3000/")
];
"castleroland.cryto.net" = [
(nginxPresets.letsEncrypt)
(nginxPresets.reverseProxy "http://127.0.0.1:3000/")
];
"awesomedude.cryto.net" = [
(nginxPresets.letsEncrypt)
(nginxPresets.reverseProxy "http://127.0.0.1:3000/")
];
"matrix-rooms.cryto.net" = [
(nginxPresets.letsEncrypt)
(nginxPresets.reverseProxy "http://127.0.0.1:3842/")
];
})
];
@ -156,83 +210,6 @@ in {
startAt = "daily";
};
services.nginx = {
enable = true;
virtualHosts = {
"404.cryto.net" = {
default = true;
extraConfig = ''
return 404;
'';
};
"modular-matrix.cryto.net" = lib.mkMerge [
(nginxPresets.letsEncrypt)
{ root = ./sources/modular-matrix; }
];
"geojson.cryto.net" = lib.mkMerge [
(nginxPresets.letsEncrypt)
{ root = ../../image-to-geojson/static; }
];
# "validatem.cryto.net" = lib.mkMerge [
# (nginxPresets.letsEncrypt)
# { root = ./sources/validatem-site; }
# ];
"validatem.cryto.net" = lib.mkMerge [
(nginxPresets.letsEncrypt)
{ root = ../../validatem/site/build; }
];
"ossworks.nl" = lib.mkMerge [
(nginxPresets.letsEncrypt)
{ root = ../../ossworks-site/build; }
];
"nixos-manual-mdx.cryto.net" = lib.mkMerge [
(nginxPresets.letsEncrypt)
{ root = ../../nixos-manual-mdx/build; }
];
"haless.cryto.net" = lib.mkMerge [
(nginxPresets.letsEncrypt)
{
locations."/shadow/" = {
alias = ./sources/shadow-generator;
};
locations."/knex-mirror/" = {
alias = ./sources/knex-mirror;
};
}
];
"books.cryto.net" = lib.mkMerge [
(nginxPresets.letsEncrypt)
(nginxPresets.phpDisabled)
];
"todo.cryto.net" = lib.mkMerge [
(nginxPresets.phpDisabled)
];
"learn.cryto.net" = lib.mkMerge [
(nginxPresets.phpDisabled)
];
"vps-list.cryto.net" = lib.mkMerge [
(nginxPresets.letsEncrypt)
(nginxPresets.phpDisabled)
];
"iomfats.cryto.net" = lib.mkMerge [
(nginxPresets.letsEncrypt)
(nginxPresets.reverseProxy "http://127.0.0.1:3000/")
];
"castleroland.cryto.net" = lib.mkMerge [
(nginxPresets.letsEncrypt)
(nginxPresets.reverseProxy "http://127.0.0.1:3000/")
];
"awesomedude.cryto.net" = lib.mkMerge [
(nginxPresets.letsEncrypt)
(nginxPresets.reverseProxy "http://127.0.0.1:3000/")
];
"matrix-rooms.cryto.net" = lib.mkMerge [
(nginxPresets.letsEncrypt)
(nginxPresets.reverseProxy "http://127.0.0.1:3842/")
];
};
};
users.groups.mobile-proxy = {};
users.users.mobile-proxy = {
description = "mobile-proxy Service User";
@ -309,6 +286,15 @@ in {
(tincConfiguration { hostname = "machine-konjassiem-02.cryto.net"; nodes = nodes; })
(trackSystemMetrics nodes."machine-konjassiem-02.cryto.net".internalIpv4)
(trackServiceMetrics nodes."machine-konjassiem-02.cryto.net".internalIpv4)
(httpHealthChecks {
both = [ "git.cryto.net" ];
})
(nginx {
"git.cryto.net" = [
(nginxPresets.letsEncrypt)
(nginxPresets.reverseProxy "http://127.0.0.1:3000/")
];
})
];
services.postgresql = {
@ -334,22 +320,6 @@ in {
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
virtualHosts = {
"404.cryto.net" = {
default = true;
extraConfig = ''
return 404;
'';
};
"git.cryto.net" = lib.mkMerge [
(nginxPresets.letsEncrypt)
(nginxPresets.reverseProxy "http://127.0.0.1:3000/")
];
};
};
# NOTE: Workaround that removes `setuid` from the disallowed syscall list, because otherwise sendmail/opensmtpd breaks
# systemd.services.gitea.serviceConfig.SystemCallFilter = lib.mkForce "~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @resources @swap";
@ -484,36 +454,25 @@ in {
# "nix-cache.cryto.net" # Not directory-indexable
];
})
];
services.nginx = {
enable = true;
virtualHosts = {
"404.cryto.net" = {
# Pseudo-hostname just to set a default when no Host header is specified
default = true;
extraConfig = ''
return 404;
'';
};
"hydra.cryto.net" = lib.mkMerge [
(nginx {
"hydra.cryto.net" = [
(nginxPresets.letsEncrypt)
(nginxPresets.reverseProxy "http://localhost:3333/")
];
"prometheus.cryto.net" = lib.mkMerge [
"prometheus.cryto.net" = [
(nginxPresets.letsEncrypt)
(nginxPresets.reverseProxy "http://localhost:9090/")
];
"metrics.cryto.net" = lib.mkMerge [
"metrics.cryto.net" = [
(nginxPresets.letsEncrypt)
(nginxPresets.reverseProxy "http://localhost:8452/")
];
"nix-cache.cryto.net" = lib.mkMerge [
"nix-cache.cryto.net" = [
(nginxPresets.letsEncrypt)
{ root = "/var/lib/hydra-builds"; }
];
};
};
})
];
services.postgresql = {
enable = true;

17
configuration/lib/nginx.nix Normal file
View file

@ -0,0 +1,17 @@
hosts: { lib, ... }:
let
mapMkMerge = builtins.mapAttrs (_host: configs: lib.mkMerge configs);
in {
services.nginx = {
enable = true;
virtualHosts = {
"404.cryto.net" = {
# Pseudo-hostname just to set a default when no Host header is specified
default = true;
extraConfig = ''
return 404;
'';
};
} // mapMkMerge hosts;
};
}