disabled quic
This commit is contained in:
parent
2839b1a2a8
commit
5b102f2be1
3 changed files with 60 additions and 64 deletions
|
@ -1,14 +1,4 @@
|
||||||
{ config, inputs, pkgs, ... }:
|
{ config, inputs, pkgs, ... }: {
|
||||||
let
|
|
||||||
bmpPort = 11019;
|
|
||||||
kyouma-www = inputs.kyouma-www.packages.${config.nixpkgs.hostPlatform.system};
|
|
||||||
autoIndex = ''
|
|
||||||
autoindex on;
|
|
||||||
autoindex_exact_size off;
|
|
||||||
autoindex_format html;
|
|
||||||
autoindex_localtime on;
|
|
||||||
'';
|
|
||||||
in {
|
|
||||||
imports = [
|
imports = [
|
||||||
inputs.fernglas.nixosModules.default
|
inputs.fernglas.nixosModules.default
|
||||||
inputs.kyouma-www.nixosModules.default
|
inputs.kyouma-www.nixosModules.default
|
||||||
|
@ -20,9 +10,8 @@ in {
|
||||||
];
|
];
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "web-dus";
|
hostName = "web-dus";
|
||||||
# docker
|
|
||||||
nftables.enable = mkForce false;
|
nftables.enable = mkForce false;
|
||||||
firewall.allowedTCPPorts = [ 80 443 bmpPort ];
|
firewall.allowedTCPPorts = [ 80 443 11019 ];
|
||||||
firewall.allowedUDPPorts = [ 443 ];
|
firewall.allowedUDPPorts = [ 443 ];
|
||||||
};
|
};
|
||||||
systemd.network.networks."98-eth-default" = {
|
systemd.network.networks."98-eth-default" = {
|
||||||
|
@ -48,7 +37,7 @@ in {
|
||||||
collectors = {
|
collectors = {
|
||||||
bmp_collector = {
|
bmp_collector = {
|
||||||
collector_type = "Bmp";
|
collector_type = "Bmp";
|
||||||
bind = "[::]:${toString bmpPort}";
|
bind = "[::]:11019";
|
||||||
peers = {
|
peers = {
|
||||||
"45.150.123.0" = {};
|
"45.150.123.0" = {};
|
||||||
};
|
};
|
||||||
|
@ -56,56 +45,62 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
services.nginx = {
|
kyouma.nginx.virtualHosts = let
|
||||||
createHost = {
|
kyouma-www = inputs.kyouma-www.packages.${config.nixpkgs.hostPlatform.system};
|
||||||
"miau.zip" = { root = kyouma-www.default; };
|
autoIndex = ''
|
||||||
"www.miau.zip" = { redirectTo = "miau.zip"; };
|
autoindex on;
|
||||||
"www.kyouma.net" = { redirectTo = "kyouma.net"; };
|
autoindex_exact_size off;
|
||||||
"emily.cat" = { root = "/var/www/emily.cat/_site"; };
|
autoindex_format html;
|
||||||
"www.emily.cat" = { redirectTo = "kyouma.net"; };
|
autoindex_localtime on;
|
||||||
"www.cocaine.trade" = { redirectTo = "cocaine.trade"; };
|
'';
|
||||||
|
in {
|
||||||
|
"miau.zip" = { root = kyouma-www.default; };
|
||||||
|
"www.miau.zip" = { redirectTo = "miau.zip"; };
|
||||||
|
"www.kyouma.net" = { redirectTo = "kyouma.net"; };
|
||||||
|
"emily.cat" = { root = "/var/www/emily.cat/_site"; };
|
||||||
|
"www.emily.cat" = { redirectTo = "kyouma.net"; };
|
||||||
|
"www.cocaine.trade" = { redirectTo = "cocaine.trade"; };
|
||||||
|
|
||||||
"redirect" = {
|
"redirect" = {
|
||||||
default = true;
|
default = true;
|
||||||
reuseport = true;
|
reuseport = true;
|
||||||
useACMEHost = "kyouma.net";
|
useACMEHost = "kyouma.net";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
return 403;
|
return 403;
|
||||||
'';
|
'';
|
||||||
|
};
|
||||||
|
"cocaine.trade" = {
|
||||||
|
root = "/var/www/basti/cocaine.trade";
|
||||||
|
extraConfig = ''error_page 404 /404.html;'';
|
||||||
|
locations."/" = {
|
||||||
|
index = "index.html";
|
||||||
|
tryFiles = "$uri $uri.html =404";
|
||||||
};
|
};
|
||||||
"cocaine.trade" = {
|
locations."= /".extraConfig = ''rewrite ^ /index.html last;'';
|
||||||
root = "/var/www/basti/cocaine.trade";
|
};
|
||||||
extraConfig = ''error_page 404 /404.html;'';
|
"files.cocaine.trade" = {
|
||||||
locations."/" = {
|
useACMEHost = "cocaine.trade";
|
||||||
index = "index.html";
|
root = "/var/www/basti/files.cocaine.trade";
|
||||||
tryFiles = "$uri $uri.html =404";
|
locations."/".extraConfig = autoIndex;
|
||||||
|
};
|
||||||
|
"kyouma.net" = {
|
||||||
|
root = kyouma-www.default;
|
||||||
|
locations = {
|
||||||
|
"/assets/media/".root = kyouma-www.vid;
|
||||||
|
"/vyos/" = {
|
||||||
|
root = config.services.vyosBld.output;
|
||||||
|
extraConfig = autoIndex;
|
||||||
};
|
};
|
||||||
locations."= /".extraConfig = ''rewrite ^ /index.html last;'';
|
"/ihk/" = {
|
||||||
};
|
root = "/var/www/kyouma.net/ihk";
|
||||||
"files.cocaine.trade" = {
|
extraConfig = autoIndex;
|
||||||
useACMEHost = "cocaine.trade";
|
|
||||||
root = "/var/www/basti/files.cocaine.trade";
|
|
||||||
locations."/".extraConfig = autoIndex;
|
|
||||||
};
|
|
||||||
"kyouma.net" = {
|
|
||||||
root = kyouma-www.default;
|
|
||||||
locations = {
|
|
||||||
"/assets/media/".root = kyouma-www.vid;
|
|
||||||
"/vyos/" = {
|
|
||||||
root = config.services.vyosBld.output;
|
|
||||||
extraConfig = autoIndex;
|
|
||||||
};
|
|
||||||
"/ihk/" = {
|
|
||||||
root = "/var/www/kyouma.net/ihk";
|
|
||||||
extraConfig = autoIndex;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
"lg.kyouma.net" = {
|
};
|
||||||
useACMEHost = "kyouma.net";
|
"lg.kyouma.net" = {
|
||||||
locations."/".root = inputs.fernglas.packages.${config.nixpkgs.hostPlatform.system}.fernglas-frontend;
|
useACMEHost = "kyouma.net";
|
||||||
locations."/api/".proxyPass = "http://${config.services.fernglas.settings.api.bind}";
|
locations."/".root = inputs.fernglas.packages.${config.nixpkgs.hostPlatform.system}.fernglas-frontend;
|
||||||
};
|
locations."/api/".proxyPass = "http://${config.services.fernglas.settings.api.bind}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
security.acme.certs = {
|
security.acme.certs = {
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
};
|
};
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.nginxQuic;
|
#package = pkgs.nginxQuic;
|
||||||
|
|
||||||
recommendedGzipSettings = true;
|
recommendedGzipSettings = true;
|
||||||
recommendedOptimisation = true;
|
recommendedOptimisation = true;
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{ config, lib, ... }:
|
{ config, lib, ... }:
|
||||||
|
|
||||||
with lib; let
|
with lib; let
|
||||||
cfg = config.services.nginx.createHost;
|
cfg = config.kyouma.nginx.virtualHosts;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
add_header Strict-Transport-Security $hsts_header;
|
add_header Strict-Transport-Security $hsts_header;
|
||||||
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
|
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
|
||||||
|
@ -12,8 +12,9 @@ with lib; let
|
||||||
'';
|
'';
|
||||||
virtHostCfg = {
|
virtHostCfg = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
http3 = true;
|
#kTLS = true;
|
||||||
quic = true;
|
#http3 = true;
|
||||||
|
#quic = true;
|
||||||
};
|
};
|
||||||
createHostFunc = builtins.mapAttrs (vhostName: vhostCfg:
|
createHostFunc = builtins.mapAttrs (vhostName: vhostCfg:
|
||||||
with lib; let
|
with lib; let
|
||||||
|
@ -34,7 +35,7 @@ with lib; let
|
||||||
);
|
);
|
||||||
in {
|
in {
|
||||||
options = {
|
options = {
|
||||||
services.nginx.createHost = mkOption {
|
kyouma.nginx.virtualHosts = mkOption {
|
||||||
type = with types; nullOr anything;
|
type = with types; nullOr anything;
|
||||||
default = null;
|
default = null;
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue