disabled quic

This commit is contained in:
emily 2024-04-04 14:42:48 +02:00
parent 2839b1a2a8
commit 5b102f2be1
Signed by: emily
GPG key ID: F6F4C66207FCF995
3 changed files with 60 additions and 64 deletions

View file

@ -1,14 +1,4 @@
{ config, inputs, pkgs, ... }: { config, inputs, pkgs, ... }: {
let
bmpPort = 11019;
kyouma-www = inputs.kyouma-www.packages.${config.nixpkgs.hostPlatform.system};
autoIndex = ''
autoindex on;
autoindex_exact_size off;
autoindex_format html;
autoindex_localtime on;
'';
in {
imports = [ imports = [
inputs.fernglas.nixosModules.default inputs.fernglas.nixosModules.default
inputs.kyouma-www.nixosModules.default inputs.kyouma-www.nixosModules.default
@ -20,9 +10,8 @@ in {
]; ];
networking = { networking = {
hostName = "web-dus"; hostName = "web-dus";
# docker
nftables.enable = mkForce false; nftables.enable = mkForce false;
firewall.allowedTCPPorts = [ 80 443 bmpPort ]; firewall.allowedTCPPorts = [ 80 443 11019 ];
firewall.allowedUDPPorts = [ 443 ]; firewall.allowedUDPPorts = [ 443 ];
}; };
systemd.network.networks."98-eth-default" = { systemd.network.networks."98-eth-default" = {
@ -48,7 +37,7 @@ in {
collectors = { collectors = {
bmp_collector = { bmp_collector = {
collector_type = "Bmp"; collector_type = "Bmp";
bind = "[::]:${toString bmpPort}"; bind = "[::]:11019";
peers = { peers = {
"45.150.123.0" = {}; "45.150.123.0" = {};
}; };
@ -56,56 +45,62 @@ in {
}; };
}; };
}; };
services.nginx = { kyouma.nginx.virtualHosts = let
createHost = { kyouma-www = inputs.kyouma-www.packages.${config.nixpkgs.hostPlatform.system};
"miau.zip" = { root = kyouma-www.default; }; autoIndex = ''
"www.miau.zip" = { redirectTo = "miau.zip"; }; autoindex on;
"www.kyouma.net" = { redirectTo = "kyouma.net"; }; autoindex_exact_size off;
"emily.cat" = { root = "/var/www/emily.cat/_site"; }; autoindex_format html;
"www.emily.cat" = { redirectTo = "kyouma.net"; }; autoindex_localtime on;
"www.cocaine.trade" = { redirectTo = "cocaine.trade"; }; '';
in {
"miau.zip" = { root = kyouma-www.default; };
"www.miau.zip" = { redirectTo = "miau.zip"; };
"www.kyouma.net" = { redirectTo = "kyouma.net"; };
"emily.cat" = { root = "/var/www/emily.cat/_site"; };
"www.emily.cat" = { redirectTo = "kyouma.net"; };
"www.cocaine.trade" = { redirectTo = "cocaine.trade"; };
"redirect" = { "redirect" = {
default = true; default = true;
reuseport = true; reuseport = true;
useACMEHost = "kyouma.net"; useACMEHost = "kyouma.net";
extraConfig = '' extraConfig = ''
return 403; return 403;
''; '';
};
"cocaine.trade" = {
root = "/var/www/basti/cocaine.trade";
extraConfig = ''error_page 404 /404.html;'';
locations."/" = {
index = "index.html";
tryFiles = "$uri $uri.html =404";
}; };
"cocaine.trade" = { locations."= /".extraConfig = ''rewrite ^ /index.html last;'';
root = "/var/www/basti/cocaine.trade"; };
extraConfig = ''error_page 404 /404.html;''; "files.cocaine.trade" = {
locations."/" = { useACMEHost = "cocaine.trade";
index = "index.html"; root = "/var/www/basti/files.cocaine.trade";
tryFiles = "$uri $uri.html =404"; locations."/".extraConfig = autoIndex;
};
"kyouma.net" = {
root = kyouma-www.default;
locations = {
"/assets/media/".root = kyouma-www.vid;
"/vyos/" = {
root = config.services.vyosBld.output;
extraConfig = autoIndex;
}; };
locations."= /".extraConfig = ''rewrite ^ /index.html last;''; "/ihk/" = {
}; root = "/var/www/kyouma.net/ihk";
"files.cocaine.trade" = { extraConfig = autoIndex;
useACMEHost = "cocaine.trade";
root = "/var/www/basti/files.cocaine.trade";
locations."/".extraConfig = autoIndex;
};
"kyouma.net" = {
root = kyouma-www.default;
locations = {
"/assets/media/".root = kyouma-www.vid;
"/vyos/" = {
root = config.services.vyosBld.output;
extraConfig = autoIndex;
};
"/ihk/" = {
root = "/var/www/kyouma.net/ihk";
extraConfig = autoIndex;
};
}; };
}; };
"lg.kyouma.net" = { };
useACMEHost = "kyouma.net"; "lg.kyouma.net" = {
locations."/".root = inputs.fernglas.packages.${config.nixpkgs.hostPlatform.system}.fernglas-frontend; useACMEHost = "kyouma.net";
locations."/api/".proxyPass = "http://${config.services.fernglas.settings.api.bind}"; locations."/".root = inputs.fernglas.packages.${config.nixpkgs.hostPlatform.system}.fernglas-frontend;
}; locations."/api/".proxyPass = "http://${config.services.fernglas.settings.api.bind}";
}; };
}; };
security.acme.certs = { security.acme.certs = {

View file

@ -11,7 +11,7 @@
}; };
services.nginx = { services.nginx = {
enable = true; enable = true;
package = pkgs.nginxQuic; #package = pkgs.nginxQuic;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;

View file

@ -1,7 +1,7 @@
{ config, lib, ... }: { config, lib, ... }:
with lib; let with lib; let
cfg = config.services.nginx.createHost; cfg = config.kyouma.nginx.virtualHosts;
extraConfig = '' extraConfig = ''
add_header Strict-Transport-Security $hsts_header; add_header Strict-Transport-Security $hsts_header;
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
@ -12,8 +12,9 @@ with lib; let
''; '';
virtHostCfg = { virtHostCfg = {
forceSSL = true; forceSSL = true;
http3 = true; #kTLS = true;
quic = true; #http3 = true;
#quic = true;
}; };
createHostFunc = builtins.mapAttrs (vhostName: vhostCfg: createHostFunc = builtins.mapAttrs (vhostName: vhostCfg:
with lib; let with lib; let
@ -34,7 +35,7 @@ with lib; let
); );
in { in {
options = { options = {
services.nginx.createHost = mkOption { kyouma.nginx.virtualHosts = mkOption {
type = with types; nullOr anything; type = with types; nullOr anything;
default = null; default = null;
}; };