diff --git a/config/hosts/web-dus/configuration.nix b/config/hosts/web-dus/configuration.nix index 1b35af0..56fa8a9 100644 --- a/config/hosts/web-dus/configuration.nix +++ b/config/hosts/web-dus/configuration.nix @@ -1,14 +1,4 @@ -{ config, inputs, pkgs, ... }: -let - bmpPort = 11019; - kyouma-www = inputs.kyouma-www.packages.${config.nixpkgs.hostPlatform.system}; - autoIndex = '' - autoindex on; - autoindex_exact_size off; - autoindex_format html; - autoindex_localtime on; - ''; -in { +{ config, inputs, pkgs, ... }: { imports = [ inputs.fernglas.nixosModules.default inputs.kyouma-www.nixosModules.default @@ -20,9 +10,8 @@ in { ]; networking = { hostName = "web-dus"; - # docker nftables.enable = mkForce false; - firewall.allowedTCPPorts = [ 80 443 bmpPort ]; + firewall.allowedTCPPorts = [ 80 443 11019 ]; firewall.allowedUDPPorts = [ 443 ]; }; systemd.network.networks."98-eth-default" = { @@ -48,7 +37,7 @@ in { collectors = { bmp_collector = { collector_type = "Bmp"; - bind = "[::]:${toString bmpPort}"; + bind = "[::]:11019"; peers = { "45.150.123.0" = {}; }; @@ -56,56 +45,62 @@ in { }; }; }; - services.nginx = { - createHost = { - "miau.zip" = { root = kyouma-www.default; }; - "www.miau.zip" = { redirectTo = "miau.zip"; }; - "www.kyouma.net" = { redirectTo = "kyouma.net"; }; - "emily.cat" = { root = "/var/www/emily.cat/_site"; }; - "www.emily.cat" = { redirectTo = "kyouma.net"; }; - "www.cocaine.trade" = { redirectTo = "cocaine.trade"; }; + kyouma.nginx.virtualHosts = let + kyouma-www = inputs.kyouma-www.packages.${config.nixpkgs.hostPlatform.system}; + autoIndex = '' + autoindex on; + autoindex_exact_size off; + autoindex_format html; + autoindex_localtime on; + ''; + in { + "miau.zip" = { root = kyouma-www.default; }; + "www.miau.zip" = { redirectTo = "miau.zip"; }; + "www.kyouma.net" = { redirectTo = "kyouma.net"; }; + "emily.cat" = { root = "/var/www/emily.cat/_site"; }; + "www.emily.cat" = { redirectTo = "kyouma.net"; }; + "www.cocaine.trade" = { redirectTo = "cocaine.trade"; }; - "redirect" = { - default = true; - reuseport = true; - useACMEHost = "kyouma.net"; - extraConfig = '' - return 403; - ''; + "redirect" = { + default = true; + reuseport = true; + useACMEHost = "kyouma.net"; + extraConfig = '' + return 403; + ''; + }; + "cocaine.trade" = { + root = "/var/www/basti/cocaine.trade"; + extraConfig = ''error_page 404 /404.html;''; + locations."/" = { + index = "index.html"; + tryFiles = "$uri $uri.html =404"; }; - "cocaine.trade" = { - root = "/var/www/basti/cocaine.trade"; - extraConfig = ''error_page 404 /404.html;''; - locations."/" = { - index = "index.html"; - tryFiles = "$uri $uri.html =404"; + locations."= /".extraConfig = ''rewrite ^ /index.html last;''; + }; + "files.cocaine.trade" = { + useACMEHost = "cocaine.trade"; + root = "/var/www/basti/files.cocaine.trade"; + locations."/".extraConfig = autoIndex; + }; + "kyouma.net" = { + root = kyouma-www.default; + locations = { + "/assets/media/".root = kyouma-www.vid; + "/vyos/" = { + root = config.services.vyosBld.output; + extraConfig = autoIndex; }; - locations."= /".extraConfig = ''rewrite ^ /index.html last;''; - }; - "files.cocaine.trade" = { - useACMEHost = "cocaine.trade"; - root = "/var/www/basti/files.cocaine.trade"; - locations."/".extraConfig = autoIndex; - }; - "kyouma.net" = { - root = kyouma-www.default; - locations = { - "/assets/media/".root = kyouma-www.vid; - "/vyos/" = { - root = config.services.vyosBld.output; - extraConfig = autoIndex; - }; - "/ihk/" = { - root = "/var/www/kyouma.net/ihk"; - extraConfig = autoIndex; - }; + "/ihk/" = { + root = "/var/www/kyouma.net/ihk"; + extraConfig = autoIndex; }; }; - "lg.kyouma.net" = { - useACMEHost = "kyouma.net"; - locations."/".root = inputs.fernglas.packages.${config.nixpkgs.hostPlatform.system}.fernglas-frontend; - locations."/api/".proxyPass = "http://${config.services.fernglas.settings.api.bind}"; - }; + }; + "lg.kyouma.net" = { + useACMEHost = "kyouma.net"; + locations."/".root = inputs.fernglas.packages.${config.nixpkgs.hostPlatform.system}.fernglas-frontend; + locations."/api/".proxyPass = "http://${config.services.fernglas.settings.api.bind}"; }; }; security.acme.certs = { diff --git a/config/services/nginx.nix b/config/services/nginx.nix index 92780be..f1679dd 100644 --- a/config/services/nginx.nix +++ b/config/services/nginx.nix @@ -11,7 +11,7 @@ }; services.nginx = { enable = true; - package = pkgs.nginxQuic; + #package = pkgs.nginxQuic; recommendedGzipSettings = true; recommendedOptimisation = true; diff --git a/modules/vhost/default.nix b/modules/vhost/default.nix index 1fda4b7..456d3ad 100644 --- a/modules/vhost/default.nix +++ b/modules/vhost/default.nix @@ -1,7 +1,7 @@ { config, lib, ... }: with lib; let - cfg = config.services.nginx.createHost; + cfg = config.kyouma.nginx.virtualHosts; extraConfig = '' add_header Strict-Transport-Security $hsts_header; #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; @@ -12,8 +12,9 @@ with lib; let ''; virtHostCfg = { forceSSL = true; - http3 = true; - quic = true; + #kTLS = true; + #http3 = true; + #quic = true; }; createHostFunc = builtins.mapAttrs (vhostName: vhostCfg: with lib; let @@ -34,7 +35,7 @@ with lib; let ); in { options = { - services.nginx.createHost = mkOption { + kyouma.nginx.virtualHosts = mkOption { type = with types; nullOr anything; default = null; };