Compare commits
2 commits
8a687c5308
...
a2141e6ccf
| Author | SHA1 | Date | |
|---|---|---|---|
|
a2141e6ccf
|
||
|
emily
|
a74c1d8585
|
|
|
@ -187,7 +187,6 @@
|
|||
enable = true;
|
||||
sources.diagnostics = {
|
||||
pylint.enable = true;
|
||||
statix.enable = true;
|
||||
};
|
||||
sources.formatting = {
|
||||
nixfmt.enable = true;
|
||||
|
|
|
|||
|
|
@ -238,33 +238,14 @@ in
|
|||
services.nginx.virtualHosts = lib.mkIf (cfg.frontend.enable && cfg.frontend.useNginx) {
|
||||
${cfg.domain} = {
|
||||
locations."/".root = librespeedAssets;
|
||||
locations."/backend/" = {
|
||||
proxyPass = "http://${cfg.settings.bind_address}:${toString cfg.settings.listen_port}/backend/";
|
||||
extraConfig = ''
|
||||
# add_header Cache-Control 'no-store, no-cache, max-age=0, no-transform';
|
||||
# add_header Last-Modified $date_gmt;
|
||||
if_modified_since off;
|
||||
expires off;
|
||||
etag off;
|
||||
|
||||
access_log off;
|
||||
gzip off;
|
||||
log_not_found off;
|
||||
server_tokens off;
|
||||
tcp_nodelay on;
|
||||
tcp_nopush on;
|
||||
sendfile on;
|
||||
client_max_body_size 50M;
|
||||
proxy_read_timeout 999;
|
||||
proxy_buffers 16 128k;
|
||||
'';
|
||||
};
|
||||
locations."= /servers.json".return = "200 '${builtins.toJSON cfg.frontend.servers}'";
|
||||
locations."/backend/".return = "301 https://$host:${toString cfg.settings.listen_port}$request_uri";
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
};
|
||||
};
|
||||
security.acme.certs = lib.mkIf (cfg.domain != null) {
|
||||
${cfg.domain} = lib.mkIf (!cfg.frontend.useNginx) {
|
||||
${cfg.domain} = {
|
||||
reloadServices = [ "librespeed.service" ];
|
||||
webroot = "/var/lib/acme/acme-challenge";
|
||||
};
|
||||
|
|
@ -273,7 +254,7 @@ in
|
|||
services.librespeed.frontend.servers = lib.mkIf (cfg.frontend.enable && (cfg.domain != null)) [
|
||||
{
|
||||
name = cfg.domain;
|
||||
server = "//${cfg.domain}${lib.optionalString (!cfg.frontend.useNginx) ":${toString cfg.settings.listen_port}"}";
|
||||
server = "//${cfg.domain}:${toString cfg.settings.listen_port}";
|
||||
}
|
||||
];
|
||||
|
||||
|
|
@ -288,7 +269,7 @@ in
|
|||
else
|
||||
pkgs.writeTextDir "index.html" "";
|
||||
|
||||
bind_address = mkDefault "127.0.0.1";
|
||||
bind_address = mkDefault "::";
|
||||
listen_port = mkDefault 8989;
|
||||
base_url = mkDefault "backend";
|
||||
worker_threads = mkDefault "auto";
|
||||
|
|
@ -300,17 +281,17 @@ in
|
|||
ipinfo_api_key = mkIf (!cfg.secrets ? "ipinfo_api_key") "";
|
||||
stats_password = mkIf (!cfg.secrets ? "stats_password") "";
|
||||
tls_cert_file =
|
||||
if (cfg.domain != null && !cfg.frontend.useNginx) then
|
||||
if (cfg.domain != null) then
|
||||
(mkDefault "/run/credentials/librespeed.service/cert.pem")
|
||||
else
|
||||
(mkDefault "");
|
||||
tls_key_file =
|
||||
if (cfg.domain != null && !cfg.frontend.useNginx) then
|
||||
if (cfg.domain != null) then
|
||||
(mkDefault "/run/credentials/librespeed.service/key.pem")
|
||||
else
|
||||
(mkDefault "");
|
||||
|
||||
enable_tls = mkDefault (cfg.domain != null && !cfg.frontend.useNginx);
|
||||
enable_tls = mkDefault (cfg.domain != null);
|
||||
};
|
||||
|
||||
systemd.services =
|
||||
|
|
@ -381,7 +362,7 @@ in
|
|||
|
||||
DynamicUser = true;
|
||||
|
||||
LoadCredential = lib.mkIf (cfg.domain != null && !cfg.frontend.useNginx) [
|
||||
LoadCredential = lib.mkIf (cfg.domain != null) [
|
||||
"cert.pem:${config.security.acme.certs.${cfg.domain}.directory}/cert.pem"
|
||||
"key.pem:${config.security.acme.certs.${cfg.domain}.directory}/key.pem"
|
||||
];
|
||||
|
|
|
|||
Loading…
Reference in a new issue