initial commit HEAD master

9 files changed, 158 insertions, 0 deletions

diff --git a/host/Rory-ovh/services/nginx/nginx.nix b/host/Rory-ovh/services/nginx/nginx.nix
new file mode 100755

index 0000000..d3ba2f5
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/nginx.nix
@@ -0,0 +1,65 @@
+{ config, pkgs, ... }:
+let
+  serveDir = config: {
+    enableACME = if config ? ssl then config.ssl else !config.virtualisation.isVmVariant;
+    addSSL = if config ? ssl then config.ssl else true;
+    root = if config ? path then config.path else builtins.throw "path is required";
+    locations = {
+      "/" = {
+        index = "index.html";
+      };
+    };
+  };
+in
+{
+  services = {
+    nginx = {
+      enable = true;
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+      experimentalZstdSettings = true;
+      #recommendedGzipSettings = true;
+      recommendedBrotliSettings = true;
+      recommendedOptimisation = true;
+      #defaultMimeTypes = ../../../../packages/nginx/mime.types;
+      appendConfig = ''
+        worker_processes 16;
+      '';
+      eventsConfig = ''
+        #use kqueue;
+        worker_connections 512;
+      '';
+      appendHttpConfig = ''
+        #sendfile on;
+        disable_symlinks off;
+        log_format combined_vhosts '$remote_addr - $remote_user [$time_local] {host="$host",server_name="$server_name",upstream=$upstream_addr,t=$request_time[u_conn=$upstream_connect_time,u_hdr=$upstream_header_time,u_resp=$upstream_response_time]} "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
+        access_log /var/log/nginx/access.log combined_vhosts;
+      '';
+      additionalModules = with pkgs.nginxModules; [ moreheaders ];
+      virtualHosts = {
+        #spacebar...
+        "rory.server.spacebar.chat" = import ./spacebar.chat/server/rory/root.nix { inherit config; };
+        "api.rory.server.spacebar.chat" = import ./spacebar.chat/server/rory/api.nix { inherit config; };
+        "gateway.rory.server.spacebar.chat" = import ./spacebar.chat/server/rory/gateway.nix { inherit config; };
+        "cdn.rory.server.spacebar.chat" = import ./spacebar.chat/server/rory/cdn.nix { inherit config; };
+        # legacy
+        "old.server.spacebar.chat" = import ./spacebar.chat/server/rory/root.nix { inherit config; };
+        "api.old.server.spacebar.chat" = import ./spacebar.chat/server/rory/api.nix { inherit config; };
+        "gateway.old.server.spacebar.chat" = import ./spacebar.chat/server/rory/gateway.nix { inherit config; };
+        "cdn.old.server.spacebar.chat" = import ./spacebar.chat/server/rory/cdn.nix { inherit config; };
+      };
+    };
+  };
+  systemd.services.nginx.serviceConfig = {
+    LimitNOFILE = 5000000;
+  };
+  security.acme.acceptTerms = true;
+  security.acme.defaults.email = "root@rory.gay";
+
+  networking.hosts."127.0.0.1" = builtins.attrNames config.services.nginx.virtualHosts;
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+  networking.firewall.allowedUDPPorts = [ 443 ];
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/old/api.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/old/api.nix
new file mode 100644

index 0000000..8b7df6d
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/old/api.nix
@@ -0,0 +1,14 @@
+{
+  enableACME = true;
+  forceSSL = true;
+  locations = {
+    "/" = {
+      proxyPass = "http://192.168.1.200:3001";
+      proxyWebsockets = true;
+      extraConfig =
+        "proxy_ssl_server_name on;" +
+        "proxy_pass_header Authorization;"
+        ;
+    };
+  };
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/old/cdn.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/old/cdn.nix
new file mode 100644

index 0000000..89958fe
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/old/cdn.nix
@@ -0,0 +1,14 @@
+{
+  enableACME = true;
+  forceSSL = true;
+  locations = {
+    "/" = {
+      proxyPass = "http://192.168.1.200:3003";
+      proxyWebsockets = true;
+      extraConfig =
+        "proxy_ssl_server_name on;" +
+        "proxy_pass_header Authorization;"
+        ;
+    };
+  };
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/old/gateway.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/old/gateway.nix
new file mode 100644

index 0000000..ff95a5e
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/old/gateway.nix
@@ -0,0 +1,14 @@
+{
+  enableACME = true;
+  forceSSL = true;
+  locations = {
+    "/" = {
+      proxyPass = "http://192.168.1.200:3002";
+      proxyWebsockets = true;
+      extraConfig =
+        "proxy_ssl_server_name on;" +
+        "proxy_pass_header Authorization;"
+        ;
+    };
+  };
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/old/root.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/old/root.nix
new file mode 100644

index 0000000..8b7df6d
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/old/root.nix
@@ -0,0 +1,14 @@
+{
+  enableACME = true;
+  forceSSL = true;
+  locations = {
+    "/" = {
+      proxyPass = "http://192.168.1.200:3001";
+      proxyWebsockets = true;
+      extraConfig =
+        "proxy_ssl_server_name on;" +
+        "proxy_pass_header Authorization;"
+        ;
+    };
+  };
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/api.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/api.nix
new file mode 100644

index 0000000..00bbc6c
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/api.nix
@@ -0,0 +1,9 @@
+{ config }:
+{
+  enableACME = !config.virtualisation.isVmVariant;
+  addSSL = !config.virtualisation.isVmVariant;
+  locations."/" = {
+    proxyPass = "http://192.168.100.22:3001";
+    extraConfig = "proxy_ssl_server_name on;" + "proxy_pass_header Authorization;";
+  };
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/cdn.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/cdn.nix
new file mode 100644

index 0000000..02894d7
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/cdn.nix
@@ -0,0 +1,9 @@
+{ config }:
+{
+  enableACME = !config.virtualisation.isVmVariant;
+  addSSL = !config.virtualisation.isVmVariant;
+  locations."/" = {
+    proxyPass = "http://192.168.100.22:3003";
+    extraConfig = "proxy_ssl_server_name on;" + "proxy_pass_header Authorization;";
+  };
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/gateway.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/gateway.nix
new file mode 100644

index 0000000..88a37da
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/gateway.nix
@@ -0,0 +1,10 @@
+{ config }:
+{
+  enableACME = !config.virtualisation.isVmVariant;
+  addSSL = !config.virtualisation.isVmVariant;
+  locations."/" = {
+    proxyPass = "http://192.168.100.22:3002";
+    proxyWebsockets = true;
+    extraConfig = "proxy_ssl_server_name on;" + "proxy_pass_header Authorization;";
+  };
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/root.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/root.nix
new file mode 100644

index 0000000..00bbc6c
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/root.nix
@@ -0,0 +1,9 @@
+{ config }:
+{
+  enableACME = !config.virtualisation.isVmVariant;
+  addSSL = !config.virtualisation.isVmVariant;
+  locations."/" = {
+    proxyPass = "http://192.168.100.22:3001";
+    extraConfig = "proxy_ssl_server_name on;" + "proxy_pass_header Authorization;";
+  };
+}