emily/nixfiles
emily/nixfiles
1
0
Fork 1
Code Issues Pull requests Activity

disabled quic

Browse source
This commit is contained in:
emily 2024-04-04 14:42:48 +02:00
parent 2839b1a2a8
commit 5b102f2be1
Signed by: emily
GPG key ID: F6F4C66207FCF995
3 changed files with 60 additions and 64 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
config/hosts/web-dus/configuration.nix
View file

@ -1,14 +1,4 @@
{ config, inputs, pkgs, ... }: { config, inputs, pkgs, ... }: {
let
bmpPort = 11019;
kyouma-www = inputs.kyouma-www.packages.${config.nixpkgs.hostPlatform.system};
autoIndex = ''
autoindex on;
autoindex_exact_size off;
autoindex_format html;
autoindex_localtime on;
'';
in {
imports = [ imports = [
inputs.fernglas.nixosModules.default inputs.fernglas.nixosModules.default
inputs.kyouma-www.nixosModules.default inputs.kyouma-www.nixosModules.default
@ -20,9 +10,8 @@ in {
]; ];
networking = { networking = {
hostName = "web-dus"; hostName = "web-dus";
# docker
nftables.enable = mkForce false; nftables.enable = mkForce false;
firewall.allowedTCPPorts = [ 80 443 bmpPort ]; firewall.allowedTCPPorts = [ 80 443 11019 ];
firewall.allowedUDPPorts = [ 443 ]; firewall.allowedUDPPorts = [ 443 ];
}; };
systemd.network.networks."98-eth-default" = { systemd.network.networks."98-eth-default" = {
@ -48,7 +37,7 @@ in {
collectors = { collectors = {
bmp_collector = { bmp_collector = {
collector_type = "Bmp"; collector_type = "Bmp";
bind = "[::]:${toString bmpPort}"; bind = "[::]:11019";
peers = { peers = {
"45.150.123.0" = {}; "45.150.123.0" = {};
}; };
@ -56,8 +45,15 @@ in {
}; };
}; };
}; };
services.nginx = { kyouma.nginx.virtualHosts = let
createHost = { kyouma-www = inputs.kyouma-www.packages.${config.nixpkgs.hostPlatform.system};
autoIndex = ''
autoindex on;
autoindex_exact_size off;
autoindex_format html;
autoindex_localtime on;
'';
in {
"miau.zip" = { root = kyouma-www.default; }; "miau.zip" = { root = kyouma-www.default; };
"www.miau.zip" = { redirectTo = "miau.zip"; }; "www.miau.zip" = { redirectTo = "miau.zip"; };
"www.kyouma.net" = { redirectTo = "kyouma.net"; }; "www.kyouma.net" = { redirectTo = "kyouma.net"; };
@ -107,7 +103,6 @@ in {
locations."/api/".proxyPass = "http://${config.services.fernglas.settings.api.bind}"; locations."/api/".proxyPass = "http://${config.services.fernglas.settings.api.bind}";
}; };
}; };
};
security.acme.certs = { security.acme.certs = {
"miau.zip" = { extraDomainNames = [ "www.miau.zip" "lg.miau.zip" ]; }; "miau.zip" = { extraDomainNames = [ "www.miau.zip" "lg.miau.zip" ]; };
"kyouma.net" = { extraDomainNames = [ "www.kyouma.net" "lg.kyouma.net" ]; }; "kyouma.net" = { extraDomainNames = [ "www.kyouma.net" "lg.kyouma.net" ]; };

2
config/services/nginx.nix
View file

@ -11,7 +11,7 @@
}; };
services.nginx = { services.nginx = {
enable = true; enable = true;
package = pkgs.nginxQuic; #package = pkgs.nginxQuic;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;

9
modules/vhost/default.nix
View file

@ -1,7 +1,7 @@
{ config, lib, ... }: { config, lib, ... }:
with lib; let with lib; let
cfg = config.services.nginx.createHost; cfg = config.kyouma.nginx.virtualHosts;
extraConfig = '' extraConfig = ''
add_header Strict-Transport-Security $hsts_header; add_header Strict-Transport-Security $hsts_header;
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
@ -12,8 +12,9 @@ with lib; let
''; '';
virtHostCfg = { virtHostCfg = {
forceSSL = true; forceSSL = true;
http3 = true; #kTLS = true;
quic = true; #http3 = true;
#quic = true;
}; };
createHostFunc = builtins.mapAttrs (vhostName: vhostCfg: createHostFunc = builtins.mapAttrs (vhostName: vhostCfg:
with lib; let with lib; let
@ -34,7 +35,7 @@ with lib; let
); );
in { in {
options = { options = {
services.nginx.createHost = mkOption { kyouma.nginx.virtualHosts = mkOption {
type = with types; nullOr anything; type = with types; nullOr anything;
default = null; default = null;
}; };