|
|
|
@ -238,33 +238,14 @@ in
|
|
|
|
|
services.nginx.virtualHosts = lib.mkIf (cfg.frontend.enable && cfg.frontend.useNginx) {
|
|
|
|
|
${cfg.domain} = {
|
|
|
|
|
locations."/".root = librespeedAssets;
|
|
|
|
|
locations."/backend/" = {
|
|
|
|
|
proxyPass = "http://${cfg.settings.bind_address}:${toString cfg.settings.listen_port}/backend/";
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
# add_header Cache-Control 'no-store, no-cache, max-age=0, no-transform';
|
|
|
|
|
# add_header Last-Modified $date_gmt;
|
|
|
|
|
if_modified_since off;
|
|
|
|
|
expires off;
|
|
|
|
|
etag off;
|
|
|
|
|
|
|
|
|
|
access_log off;
|
|
|
|
|
gzip off;
|
|
|
|
|
log_not_found off;
|
|
|
|
|
server_tokens off;
|
|
|
|
|
tcp_nodelay on;
|
|
|
|
|
tcp_nopush on;
|
|
|
|
|
sendfile on;
|
|
|
|
|
client_max_body_size 50M;
|
|
|
|
|
proxy_read_timeout 999;
|
|
|
|
|
proxy_buffers 16 128k;
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
locations."= /servers.json".return = "200 '${builtins.toJSON cfg.frontend.servers}'";
|
|
|
|
|
locations."/backend/".return = "301 https://$host:${toString cfg.settings.listen_port}$request_uri";
|
|
|
|
|
enableACME = true;
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
security.acme.certs = lib.mkIf (cfg.domain != null) {
|
|
|
|
|
${cfg.domain} = lib.mkIf (!cfg.frontend.useNginx) {
|
|
|
|
|
${cfg.domain} = {
|
|
|
|
|
reloadServices = [ "librespeed.service" ];
|
|
|
|
|
webroot = "/var/lib/acme/acme-challenge";
|
|
|
|
|
};
|
|
|
|
@ -273,7 +254,7 @@ in
|
|
|
|
|
services.librespeed.frontend.servers = lib.mkIf (cfg.frontend.enable && (cfg.domain != null)) [
|
|
|
|
|
{
|
|
|
|
|
name = cfg.domain;
|
|
|
|
|
server = "//${cfg.domain}${lib.optionalString (!cfg.frontend.useNginx) ":${toString cfg.settings.listen_port}"}";
|
|
|
|
|
server = "//${cfg.domain}:${toString cfg.settings.listen_port}";
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
@ -288,7 +269,7 @@ in
|
|
|
|
|
else
|
|
|
|
|
pkgs.writeTextDir "index.html" "";
|
|
|
|
|
|
|
|
|
|
bind_address = mkDefault "127.0.0.1";
|
|
|
|
|
bind_address = mkDefault "::";
|
|
|
|
|
listen_port = mkDefault 8989;
|
|
|
|
|
base_url = mkDefault "backend";
|
|
|
|
|
worker_threads = mkDefault "auto";
|
|
|
|
@ -300,17 +281,17 @@ in
|
|
|
|
|
ipinfo_api_key = mkIf (!cfg.secrets ? "ipinfo_api_key") "";
|
|
|
|
|
stats_password = mkIf (!cfg.secrets ? "stats_password") "";
|
|
|
|
|
tls_cert_file =
|
|
|
|
|
if (cfg.domain != null && !cfg.frontend.useNginx) then
|
|
|
|
|
if (cfg.domain != null) then
|
|
|
|
|
(mkDefault "/run/credentials/librespeed.service/cert.pem")
|
|
|
|
|
else
|
|
|
|
|
(mkDefault "");
|
|
|
|
|
tls_key_file =
|
|
|
|
|
if (cfg.domain != null && !cfg.frontend.useNginx) then
|
|
|
|
|
if (cfg.domain != null) then
|
|
|
|
|
(mkDefault "/run/credentials/librespeed.service/key.pem")
|
|
|
|
|
else
|
|
|
|
|
(mkDefault "");
|
|
|
|
|
|
|
|
|
|
enable_tls = mkDefault (cfg.domain != null && !cfg.frontend.useNginx);
|
|
|
|
|
enable_tls = mkDefault (cfg.domain != null);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemd.services =
|
|
|
|
@ -381,7 +362,7 @@ in
|
|
|
|
|
|
|
|
|
|
DynamicUser = true;
|
|
|
|
|
|
|
|
|
|
LoadCredential = lib.mkIf (cfg.domain != null && !cfg.frontend.useNginx) [
|
|
|
|
|
LoadCredential = lib.mkIf (cfg.domain != null) [
|
|
|
|
|
"cert.pem:${config.security.acme.certs.${cfg.domain}.directory}/cert.pem"
|
|
|
|
|
"key.pem:${config.security.acme.certs.${cfg.domain}.directory}/key.pem"
|
|
|
|
|
];
|
|
|
|
|