blob: 4e36577b7382f6906a10571a1446cbe8d424c83a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
{ config, pkgs, ... }:
let
serveDir = config: {
enableACME = if config ? ssl then config.ssl else true;
addSSL = if config ? ssl then config.ssl else true;
root = if config ? path then config.path else builtins.throw "path is required";
locations = {
"/" = {
index = "index.html";
};
};
};
in
{
services = {
nginx = {
enable = true;
package = pkgs.nginxQuic;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedZstdSettings = true;
recommendedGzipSettings = true;
recommendedBrotliSettings = true;
recommendedOptimisation = true;
defaultMimeTypes = ../../../../modules/packages/nginx/mime.types;
appendConfig = ''
worker_processes 16;
'';
eventsConfig = ''
#use kqueue;
worker_connections 512;
'';
appendHttpConfig = ''
#sendfile on;
disable_symlinks off;
log_format combined_vhosts '$remote_addr - $remote_user [$time_local] {host="$host",server_name="$server_name"} "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log combined_vhosts;
'';
additionalModules = with pkgs.nginxModules; [ moreheaders ];
virtualHosts = {
"boorunav.com" = serveDir { path = "/data/nginx/html_boorunav"; };
"catgirlsaresexy.com" = serveDir { path = "/data/nginx/html_catgirlsaresexy"; };
"sugarcanemc.org" = serveDir { path = "/data/nginx/html_sugarcanemc"; };
"siliconheaven.thearcanebrony.net" = serveDir { path = "/data/nginx/html_siliconheaven"; };
"lfs.thearcanebrony.net" = serveDir { path = "/data/nginx/html_lfs"; };
"git.thearcanebrony.net" = serveDir { path = "/data/nginx/html_git"; };
"files.thearcanebrony.net" = serveDir { path = "/data/nginx/html_files"; };
"spigotav.thearcanebrony.net" = serveDir { path = "/data/nginx/html_spigotav"; };
"terra.thearcanebrony.net" = serveDir { path = "/data/nginx/html_terrarchive"; };
"vives.thearcanebrony.net" = serveDir { path = "/data/nginx/html_vives"; };
"git.rory.gay" = serveDir { path = "/data/nginx/html_git"; };
"thearcanebrony.net" = import ./thearcanebrony.net/root.nix;
"sentry.thearcanebrony.net" = import ./thearcanebrony.net/sentry.nix;
"search.thearcanebrony.net" = import ./thearcanebrony.net/search.nix;
"rory.gay" = import ./rory.gay/root.nix;
"lfs.rory.gay" = serveDir { path = "/data/nginx/html_lfs"; };
"awooradio.thearcanebrony.net" = import ./thearcanebrony.net/awooradio.nix;
"cgit.rory.gay" = import ./rory.gay/cgit.nix;
#"jitsi.rory.gay" = import ./rory.gay/jitsi.nix;
#matrix...
"conduit.rory.gay" = import ./rory.gay/conduit.nix;
"matrix.rory.gay" = import ./rory.gay/matrix.nix;
"pcpoc.rory.gay" = import ./rory.gay/pcpoc.nix;
"matrixunittests.rory.gay" = import ./rory.gay/matrixunittests.nix;
"conduit.matrixunittests.rory.gay" = import ./rory.gay/conduit.matrixunittests.nix;
"mru.rory.gay" = import ./rory.gay/mru.nix;
#bots...
"0bottests.bots.rory.gay" = import ./rory.gay/bots.nix;
"catnipbot.bots.rory.gay" = import ./rory.gay/bots.nix;
"impulsyeeter.bots.rory.gay" = import ./rory.gay/bots.nix;
"omnibot.bots.rory.gay" = import ./rory.gay/bots.nix;
"yatopiawatchdog.bots.rory.gay" = import ./rory.gay/bots.nix;
"playground.bots.rory.gay" = import ./rory.gay/bots.nix;
"kinobot.bots.rory.gay" = import ./rory.gay/bots.nix;
"siliconbotpublic.bots.rory.gay" = import ./rory.gay/bots.nix;
"thearcanebot.bots.rory.gay" = import ./rory.gay/bots.nix;
"anonbot.bots.rory.gay" = import ./rory.gay/bots.nix;
"hericanbot.bots.rory.gay" = import ./rory.gay/bots.nix;
"siliconbot.bots.rory.gay" = import ./rory.gay/bots.nix;
"impulsbot.bots.rory.gay" = import ./rory.gay/bots.nix;
"studiobot.bots.rory.gay" = import ./rory.gay/bots.nix;
"carsnbots.bots.rory.gay" = import ./rory.gay/bots.nix;
"binsh.bots.rory.gay" = import ./rory.gay/bots.nix;
"fosscordbot.bots.rory.gay" = import ./rory.gay/bots.nix;
"sugarcanebot.bots.rory.gay" = import ./rory.gay/bots.nix;
"gradbot.bots.rory.gay" = import ./rory.gay/bots.nix;
};
};
};
systemd.services.nginx.serviceConfig = {
LimitNOFILE = 5000000;
};
systemd.services.nginx.requires = [ "data.mount" ];
security.acme.acceptTerms = true;
security.acme.defaults.email = "root@thearcanebrony.net";
networking.hosts."127.0.0.1" = builtins.attrNames config.services.nginx.virtualHosts;
}
|