joepie91
/
morph-rc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

nginx preset

Browse Source
master
Sven Slootweg 2 years ago
parent 1aded254ae
commit ac895afd28
2 changed files with 72 additions and 96 deletions
Show Stats Download Patch File Download Diff File

151
configuration/default.nix
Unescape Escape View File

@ -28,6 +28,7 @@ let
trackSystemMetrics = (import ./lib/track-system-metrics.nix); trackSystemMetrics = (import ./lib/track-system-metrics.nix);
trackServiceMetrics = (import ./lib/track-service-metrics.nix); trackServiceMetrics = (import ./lib/track-service-metrics.nix);
httpHealthChecks = (import ./lib/http-health-checks.nix); httpHealthChecks = (import ./lib/http-health-checks.nix);
nginx = (import ./lib/nginx.nix);
in { in {
network = { network = {
inherit pkgs; inherit pkgs;
@ -111,17 +112,7 @@ in {
(trackSystemMetrics nodes."machine-haless-03.cryto.net".internalIpv4) (trackSystemMetrics nodes."machine-haless-03.cryto.net".internalIpv4)
(trackServiceMetrics nodes."machine-haless-03.cryto.net".internalIpv4) (trackServiceMetrics nodes."machine-haless-03.cryto.net".internalIpv4)
(httpHealthChecks { (httpHealthChecks {
http = [ both = [
"iomfats.cryto.net"
"castleroland.cryto.net"
"awesomedude.cryto.net"
"matrix-rooms.cryto.net"
"validatem.cryto.net"
"nixos-manual-mdx.cryto.net"
"geojson.cryto.net"
"ossworks.nl"
];
https = [
"iomfats.cryto.net" "iomfats.cryto.net"
"castleroland.cryto.net" "castleroland.cryto.net"
"awesomedude.cryto.net" "awesomedude.cryto.net"
@ -132,64 +123,28 @@ in {
"ossworks.nl" "ossworks.nl"
]; ];
}) })
]; (nginx {
"modular-matrix.cryto.net" = [
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.borgbackup.jobs.system = {
paths = "/";
exclude = [
"/nix"
"/boot"
"/sys"
"/run"
"/tmp"
"/dev"
"/proc"
];
repo = "backup-haless@machine-borg2-01.cryto.net:haless-03";
encryption = {
mode = "repokey-blake2";
passphrase = (import ../private/machine-haless-03.cryto.net/borg-passphrase.nix);
};
compression = "auto,zlib";
startAt = "daily";
};
services.nginx = {
enable = true;
virtualHosts = {
"404.cryto.net" = {
default = true;
extraConfig = ''
return 404;
'';
};
"modular-matrix.cryto.net" = lib.mkMerge [
(nginxPresets.letsEncrypt) (nginxPresets.letsEncrypt)
{ root = ./sources/modular-matrix; } { root = ./sources/modular-matrix; }
]; ];
"geojson.cryto.net" = lib.mkMerge [ "geojson.cryto.net" = [
(nginxPresets.letsEncrypt) (nginxPresets.letsEncrypt)
{ root = ../../image-to-geojson/static; } { root = ../../image-to-geojson/static; }
]; ];
# "validatem.cryto.net" = lib.mkMerge [ "validatem.cryto.net" = [
# (nginxPresets.letsEncrypt)
# { root = ./sources/validatem-site; }
# ];
"validatem.cryto.net" = lib.mkMerge [
(nginxPresets.letsEncrypt) (nginxPresets.letsEncrypt)
{ root = ../../validatem/site/build; } { root = ../../validatem/site/build; }
]; ];
"ossworks.nl" = lib.mkMerge [ "ossworks.nl" = [
(nginxPresets.letsEncrypt) (nginxPresets.letsEncrypt)
{ root = ../../ossworks-site/build; } { root = ../../ossworks-site/build; }
]; ];
"nixos-manual-mdx.cryto.net" = lib.mkMerge [ "nixos-manual-mdx.cryto.net" = [
(nginxPresets.letsEncrypt) (nginxPresets.letsEncrypt)
{ root = ../../nixos-manual-mdx/build; } { root = ../../nixos-manual-mdx/build; }
]; ];
"haless.cryto.net" = lib.mkMerge [ "haless.cryto.net" = [
(nginxPresets.letsEncrypt) (nginxPresets.letsEncrypt)
{ {
locations."/shadow/" = { locations."/shadow/" = {
@ -200,37 +155,59 @@ in {
}; };
} }
]; ];
"books.cryto.net" = lib.mkMerge [ "books.cryto.net" = [
(nginxPresets.letsEncrypt) (nginxPresets.letsEncrypt)
(nginxPresets.phpDisabled) (nginxPresets.phpDisabled)
]; ];
"todo.cryto.net" = lib.mkMerge [ "todo.cryto.net" = [
(nginxPresets.phpDisabled) (nginxPresets.phpDisabled)
]; ];
"learn.cryto.net" = lib.mkMerge [ "learn.cryto.net" = [
(nginxPresets.phpDisabled) (nginxPresets.phpDisabled)
]; ];
"vps-list.cryto.net" = lib.mkMerge [ "vps-list.cryto.net" = [
(nginxPresets.letsEncrypt) (nginxPresets.letsEncrypt)
(nginxPresets.phpDisabled) (nginxPresets.phpDisabled)
]; ];
"iomfats.cryto.net" = lib.mkMerge [ "iomfats.cryto.net" = [
(nginxPresets.letsEncrypt) (nginxPresets.letsEncrypt)
(nginxPresets.reverseProxy "http://127.0.0.1:3000/") (nginxPresets.reverseProxy "http://127.0.0.1:3000/")
]; ];
"castleroland.cryto.net" = lib.mkMerge [ "castleroland.cryto.net" = [
(nginxPresets.letsEncrypt) (nginxPresets.letsEncrypt)
(nginxPresets.reverseProxy "http://127.0.0.1:3000/") (nginxPresets.reverseProxy "http://127.0.0.1:3000/")
]; ];
"awesomedude.cryto.net" = lib.mkMerge [ "awesomedude.cryto.net" = [
(nginxPresets.letsEncrypt) (nginxPresets.letsEncrypt)
(nginxPresets.reverseProxy "http://127.0.0.1:3000/") (nginxPresets.reverseProxy "http://127.0.0.1:3000/")
]; ];
"matrix-rooms.cryto.net" = lib.mkMerge [ "matrix-rooms.cryto.net" = [
(nginxPresets.letsEncrypt) (nginxPresets.letsEncrypt)
(nginxPresets.reverseProxy "http://127.0.0.1:3842/") (nginxPresets.reverseProxy "http://127.0.0.1:3842/")
]; ];
})
];
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.borgbackup.jobs.system = {
paths = "/";
exclude = [
"/nix"
"/boot"
"/sys"
"/run"
"/tmp"
"/dev"
"/proc"
];
repo = "backup-haless@machine-borg2-01.cryto.net:haless-03";
encryption = {
mode = "repokey-blake2";
passphrase = (import ../private/machine-haless-03.cryto.net/borg-passphrase.nix);
}; };
compression = "auto,zlib";
startAt = "daily";
}; };
users.groups.mobile-proxy = {}; users.groups.mobile-proxy = {};
@ -309,6 +286,15 @@ in {
(tincConfiguration { hostname = "machine-konjassiem-02.cryto.net"; nodes = nodes; }) (tincConfiguration { hostname = "machine-konjassiem-02.cryto.net"; nodes = nodes; })
(trackSystemMetrics nodes."machine-konjassiem-02.cryto.net".internalIpv4) (trackSystemMetrics nodes."machine-konjassiem-02.cryto.net".internalIpv4)
(trackServiceMetrics nodes."machine-konjassiem-02.cryto.net".internalIpv4) (trackServiceMetrics nodes."machine-konjassiem-02.cryto.net".internalIpv4)
(httpHealthChecks {
both = [ "git.cryto.net" ];
})
(nginx {
"git.cryto.net" = [
(nginxPresets.letsEncrypt)
(nginxPresets.reverseProxy "http://127.0.0.1:3000/")
];
})
]; ];
services.postgresql = { services.postgresql = {
@ -334,22 +320,6 @@ in {
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
virtualHosts = {
"404.cryto.net" = {
default = true;
extraConfig = ''
return 404;
'';
};
"git.cryto.net" = lib.mkMerge [
(nginxPresets.letsEncrypt)
(nginxPresets.reverseProxy "http://127.0.0.1:3000/")
];
};
};
# NOTE: Workaround that removes `setuid` from the disallowed syscall list, because otherwise sendmail/opensmtpd breaks # NOTE: Workaround that removes `setuid` from the disallowed syscall list, because otherwise sendmail/opensmtpd breaks
# systemd.services.gitea.serviceConfig.SystemCallFilter = lib.mkForce "~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @resources @swap"; # systemd.services.gitea.serviceConfig.SystemCallFilter = lib.mkForce "~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @resources @swap";
@ -484,36 +454,25 @@ in {
# "nix-cache.cryto.net" # Not directory-indexable # "nix-cache.cryto.net" # Not directory-indexable
]; ];
}) })
]; (nginx {
"hydra.cryto.net" = [
services.nginx = {
enable = true;
virtualHosts = {
"404.cryto.net" = {
# Pseudo-hostname just to set a default when no Host header is specified
default = true;
extraConfig = ''
return 404;
'';
};
"hydra.cryto.net" = lib.mkMerge [
(nginxPresets.letsEncrypt) (nginxPresets.letsEncrypt)
(nginxPresets.reverseProxy "http://localhost:3333/") (nginxPresets.reverseProxy "http://localhost:3333/")
]; ];
"prometheus.cryto.net" = lib.mkMerge [ "prometheus.cryto.net" = [
(nginxPresets.letsEncrypt) (nginxPresets.letsEncrypt)
(nginxPresets.reverseProxy "http://localhost:9090/") (nginxPresets.reverseProxy "http://localhost:9090/")
]; ];
"metrics.cryto.net" = lib.mkMerge [ "metrics.cryto.net" = [
(nginxPresets.letsEncrypt) (nginxPresets.letsEncrypt)
(nginxPresets.reverseProxy "http://localhost:8452/") (nginxPresets.reverseProxy "http://localhost:8452/")
]; ];
"nix-cache.cryto.net" = lib.mkMerge [ "nix-cache.cryto.net" = [
(nginxPresets.letsEncrypt) (nginxPresets.letsEncrypt)
{ root = "/var/lib/hydra-builds"; } { root = "/var/lib/hydra-builds"; }
]; ];
}; })
}; ];
services.postgresql = { services.postgresql = {
enable = true; enable = true;

17
configuration/lib/nginx.nix
Unescape Escape View File

@ -0,0 +1,17 @@
hosts: { lib, ... }:
let
mapMkMerge = builtins.mapAttrs (_host: configs: lib.mkMerge configs);
in {
services.nginx = {
enable = true;
virtualHosts = {
"404.cryto.net" = {
# Pseudo-hostname just to set a default when no Host header is specified
default = true;
extraConfig = ''
return 404;
'';
};
} // mapMkMerge hosts;
};
}
Write Preview
Loading…
Cancel
Save