summary refs log tree commit diff
path: root/host/Rory-ovh/services/nginx/nginx.nix
diff options
context:
space:
mode:
Diffstat (limited to 'host/Rory-ovh/services/nginx/nginx.nix')
-rwxr-xr-xhost/Rory-ovh/services/nginx/nginx.nix95
1 files changed, 95 insertions, 0 deletions
diff --git a/host/Rory-ovh/services/nginx/nginx.nix b/host/Rory-ovh/services/nginx/nginx.nix
new file mode 100755

index 0000000..d422cc8
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/nginx.nix
@@ -0,0 +1,95 @@
+{ config, pkgs, ... }:
+let
+  serveDir = config: {
+    enableACME = if config ? ssl then config.ssl else !config.virtualisation.isVmVariant;
+    addSSL = if config ? ssl then config.ssl else true;
+    root = if config ? path then config.path else builtins.throw "path is required";
+    locations = {
+      "/" = {
+        index = "index.html";
+      };
+    };
+  };
+in
+{
+  services = {
+    nginx = {
+      enable = true;
+      package = pkgs.nginxQuic;
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+      recommendedZstdSettings = true;
+      #recommendedGzipSettings = true;
+      recommendedBrotliSettings = true;
+      recommendedOptimisation = true;
+      defaultMimeTypes = ../../../../packages/nginx/mime.types;
+      appendConfig = ''
+        worker_processes 16;
+      '';
+      eventsConfig = ''
+        #use kqueue;
+        worker_connections 512;
+      '';
+      appendHttpConfig = ''
+        #sendfile on;
+        disable_symlinks off;
+        log_format combined_vhosts '$remote_addr - $remote_user [$time_local] {host="$host",server_name="$server_name",upstream=$upstream_addr,t=$request_time[u_conn=$upstream_connect_time,u_hdr=$upstream_header_time,u_resp=$upstream_response_time]} "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
+        access_log /var/log/nginx/access.log combined_vhosts;
+      '';
+      additionalModules = with pkgs.nginxModules; [ moreheaders ];
+      virtualHosts = {
+        #"boorunav.com" = serveDir { path = "/data/nginx/html_boorunav"; };
+        # "catgirlsaresexy.com" = serveDir { path = "/data/nginx/html_catgirlsaresexy"; };
+        # "sugarcanemc.org" = serveDir { path = "/data/nginx/html_sugarcanemc"; };
+# 
+        #"siliconheaven.thearcanebrony.net" = serveDir { path = "/data/nginx/html_siliconheaven"; };
+        #"lfs.thearcanebrony.net" = serveDir { path = "/data/nginx/html_lfs"; };
+        #"git.thearcanebrony.net" = serveDir { path = "/data/nginx/html_git"; };
+        #"files.thearcanebrony.net" = serveDir { path = "/data/nginx/html_files"; };
+        #"spigotav.thearcanebrony.net" = serveDir { path = "/data/nginx/html_spigotav"; };
+        #"terra.thearcanebrony.net" = serveDir { path = "/data/nginx/html_terrarchive"; };
+        #"vives.thearcanebrony.net" = serveDir { path = "/data/nginx/html_vives"; };
+# 
+        # "git.rory.gay" = serveDir { path = "/data/nginx/html_git"; };
+        # "wad.rory.gay" = serveDir { path = "/data/nginx/html_wad"; } // {
+        #   locations."/".extraConfig = "autoindex on; try_files $uri $uri/ /index.html;";
+        # };
+        # "wad-api.rory.gay" = import ./rory.gay/wad-api.nix;
+# 
+        #"thearcanebrony.net" = import ./thearcanebrony.net/root.nix;
+        # "sentry.thearcanebrony.net" = import ./thearcanebrony.net/sentry.nix;
+        # "search.thearcanebrony.net" = import ./thearcanebrony.net/search.nix;
+# 
+        "rory.gay" = import ./rory.gay/root.nix { inherit config; };
+        # "lfs.rory.gay" = serveDir { path = "/data/nginx/html_lfs"; };
+# 
+        # "awooradio.thearcanebrony.net" = import ./thearcanebrony.net/awooradio.nix;
+        "cgit.rory.gay" = import ./rory.gay/cgit.nix { inherit config; };
+        # #"jitsi.rory.gay" = import ./rory.gay/jitsi.nix;
+# 
+        # #matrix...
+        # "conduit.rory.gay" = import ./rory.gay/conduit.nix;
+        "matrix.rory.gay" = import ./rory.gay/matrix.nix { inherit config; };
+        "libmatrix-fed-test.rory.gay" = import ./rory.gay/libmatrix-fed-test.nix { inherit config; };
+        "safensound.rory.gay" = import ./rory.gay/safensound.nix { inherit config; };
+        "demo.safensound.rory.gay" = import ./rory.gay/demo.safensound.nix { inherit config; };
+        "api.safensound.rory.gay" = import ./rory.gay/api.safensound.nix { inherit config; };
+        "stream.rory.gay" = import ./rory.gay/stream.nix { inherit config; };
+        # "pcpoc.rory.gay" = import ./rory.gay/pcpoc.nix;
+        # "matrixunittests.rory.gay" = import ./rory.gay/matrixunittests.nix;
+        # "conduit.matrixunittests.rory.gay" = import ./rory.gay/conduit.matrixunittests.nix;
+        "mru.rory.gay" = import ./rory.gay/mru.nix { inherit config; };
+        "ec.rory.gay" = import ./rory.gay/ec.nix { inherit config; };
+      };
+    };
+  };
+  systemd.services.nginx.serviceConfig = {
+    LimitNOFILE = 5000000;
+  };
+  security.acme.acceptTerms = true;
+  security.acme.defaults.email = "root@rory.gay";
+
+  networking.hosts."127.0.0.1" = builtins.attrNames config.services.nginx.virtualHosts;
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedUDPPorts = [ 443 ];
+}
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-07-04 09:42:51 +0000