1 files changed, 95 insertions, 0 deletions
diff --git a/host/Rory-nginx/services/nginx.nix b/host/Rory-nginx/services/nginx.nix
new file mode 100755
index 0000000..56b09f4
--- /dev/null
+++ b/host/Rory-nginx/services/nginx.nix
@@ -0,0 +1,95 @@
+{ config, pkgs, lib, ... }:
+
+{
+ imports =
+ [
+ ../../modules/base-server.nix
+ #../../modules/packages/gitfs.nix
+ ];
+
+ services = {
+ nginx = {
+ enable = true;
+ package = pkgs.nginxQuic;
+ recommendedProxySettings = true;
+ recommendedTlsSettings = true;
+ recommendedZstdSettings = true;
+ recommendedGzipSettings = true;
+ recommendedBrotliSettings = true;
+ recommendedOptimisation = true;
+ defaultMimeTypes = ../../modules/packages/nginx/mime.types;
+ appendConfig = ''
+ worker_processes 16;
+ '';
+ eventsConfig = ''
+ #use kqueue;
+ worker_connections 512;
+ '';
+ appendHttpConfig = ''
+ #sendfile on;
+ disable_symlinks off;
+ '';
+ upstreams = import ./matrix/upstreams.nix;
+ additionalModules = with pkgs.nginxModules; [
+ moreheaders
+ ];
+ virtualHosts = {
+ "siliconheaven.thearcanebrony.net" = import ./hosts/thearcanebrony.net/siliconheaven.nix;
+ "lfs.thearcanebrony.net" = import ./hosts/thearcanebrony.net/lfs.nix;
+ "http.thearcanebrony.net" = import ./hosts/thearcanebrony.net/http.nix;
+ "thearcanebrony.net" = import ./hosts/thearcanebrony.net/root.nix;
+ "sentry.thearcanebrony.net" = import ./hosts/thearcanebrony.net/sentry.nix;
+ "awooradio.thearcanebrony.net" = import ./hosts/thearcanebrony.net/awooradio.nix;
+ "search.thearcanebrony.net" = import ./hosts/thearcanebrony.net/search.nix;
+ "git.thearcanebrony.net" = import ./hosts/thearcanebrony.net/git.nix;
+ "files.thearcanebrony.net" = import ./hosts/thearcanebrony.net/files.nix;
+ "spigotav.thearcanebrony.net" = import ./hosts/thearcanebrony.net/spigotav.nix;
+ "terra.thearcanebrony.net" = import ./hosts/thearcanebrony.net/terra.nix;
+ "vives.thearcanebrony.net" = import ./hosts/thearcanebrony.net/vives.nix;
+ "rory.gay" = import ./hosts/rory.gay/root.nix;
+ "rory.boo" = import ./hosts/rory.gay/root.nix;
+ "lfs.rory.gay" = import ./hosts/rory.gay/lfs.nix;
+ "git.rory.gay" = import ./hosts/rory.gay/git.nix;
+ "matrix.rory.gay" = import ./hosts/rory.gay/matrix.nix;
+ "mru.rory.gay" = import ./hosts/rory.gay/mru.nix;
+ "tunnel.rory.boo" = import ./hosts/rory.boo/tunnel.nix;
+ "boorunav.com" = import ./hosts/boorunav.com/root.nix;
+ "catgirlsaresexy.com" = import ./hosts/catgirlsaresexy.com/root.nix;
+ "sugarcanemc.org" = import ./hosts/sugarcanemc.org/root.nix;
+
+ #bots...
+ "0bottests.bots.rory.gay" = import ./hosts/rory.gay/bots.nix;
+ "catnipbot.bots.rory.gay" = import ./hosts/rory.gay/bots.nix;
+ "impulsyeeter.bots.rory.gay" = import ./hosts/rory.gay/bots.nix;
+ "omnibot.bots.rory.gay" = import ./hosts/rory.gay/bots.nix;
+ "yatopiawatchdog.bots.rory.gay" = import ./hosts/rory.gay/bots.nix;
+ "playground.bots.rory.gay" = import ./hosts/rory.gay/bots.nix;
+ "kinobot.bots.rory.gay" = import ./hosts/rory.gay/bots.nix;
+ "siliconbotpublic.bots.rory.gay" = import ./hosts/rory.gay/bots.nix;
+ "thearcanebot.bots.rory.gay" = import ./hosts/rory.gay/bots.nix;
+ "anonbot.bots.rory.gay" = import ./hosts/rory.gay/bots.nix;
+ "hericanbot.bots.rory.gay" = import ./hosts/rory.gay/bots.nix;
+ "siliconbot.bots.rory.gay" = import ./hosts/rory.gay/bots.nix;
+ "impulsbot.bots.rory.gay" = import ./hosts/rory.gay/bots.nix;
+ "studiobot.bots.rory.gay" = import ./hosts/rory.gay/bots.nix;
+ "carsnbots.bots.rory.gay" = import ./hosts/rory.gay/bots.nix;
+ "binsh.bots.rory.gay" = import ./hosts/rory.gay/bots.nix;
+ "fosscordbot.bots.rory.gay" = import ./hosts/rory.gay/bots.nix;
+ "sugarcanebot.bots.rory.gay" = import ./hosts/rory.gay/bots.nix;
+ "gradbot.bots.rory.gay" = import ./hosts/rory.gay/bots.nix;
+ };
+ };
+ };
+ systemd.services.nginx.serviceConfig = {
+ LimitNOFILE=5000000;
+ };
+ systemd.services.nginx.requires = [ "data.mount" ];
+ security.acme.acceptTerms = true;
+ security.acme.defaults.email = "root@thearcanebrony.net";
+
+ environment.systemPackages = with pkgs; [
+ #gitfs
+ ];
+
+ system.stateVersion = "22.11"; # DO NOT EDIT!
+}
|
