disabled quic

2024-04-04 14:42:48 +02:00 · 2024-04-04 14:42:48 +02:00 · 5b102f2be1
commit 5b102f2be1
parent 2839b1a2a8
3 changed files with 60 additions and 64 deletions
--- a/config/hosts/web-dus/configuration.nix
+++ b/config/hosts/web-dus/configuration.nix
@ -1,14 +1,4 @@
-{ config, inputs, pkgs, ... }: 
-let 
-  bmpPort = 11019;
-  kyouma-www = inputs.kyouma-www.packages.${config.nixpkgs.hostPlatform.system};
-  autoIndex = ''
-    autoindex on;
-    autoindex_exact_size off;
-    autoindex_format html;
-    autoindex_localtime on;
-  '';
-in { 
+{ config, inputs, pkgs, ... }: { 
  imports = [
    inputs.fernglas.nixosModules.default
    inputs.kyouma-www.nixosModules.default
@ -20,9 +10,8 @@ in {
  ];
  networking = {
    hostName = "web-dus";
-    # docker
    nftables.enable = mkForce false;
-    firewall.allowedTCPPorts = [ 80 443 bmpPort ];
+    firewall.allowedTCPPorts = [ 80 443 11019 ];
    firewall.allowedUDPPorts = [ 443 ];
  };
  systemd.network.networks."98-eth-default" = {
@ -48,7 +37,7 @@ in {
      collectors = {
        bmp_collector = {
          collector_type = "Bmp";
-          bind = "[::]:${toString bmpPort}";
+          bind = "[::]:11019";
          peers = {
            "45.150.123.0" = {};
          };
@ -56,56 +45,62 @@ in {
      }; 
    };
  };
-  services.nginx = {
-    createHost = {
-      "miau.zip" = { root = kyouma-www.default; };
-      "www.miau.zip" = { redirectTo = "miau.zip"; };
-      "www.kyouma.net" = { redirectTo = "kyouma.net"; };
-      "emily.cat" = { root = "/var/www/emily.cat/_site"; };
-      "www.emily.cat" = { redirectTo = "kyouma.net"; };
-      "www.cocaine.trade" = { redirectTo = "cocaine.trade"; };
+  kyouma.nginx.virtualHosts = let
+    kyouma-www = inputs.kyouma-www.packages.${config.nixpkgs.hostPlatform.system};
+    autoIndex = ''
+      autoindex on;
+      autoindex_exact_size off;
+      autoindex_format html;
+      autoindex_localtime on;
+    '';
+  in {
+    "miau.zip" = { root = kyouma-www.default; };
+    "www.miau.zip" = { redirectTo = "miau.zip"; };
+    "www.kyouma.net" = { redirectTo = "kyouma.net"; };
+    "emily.cat" = { root = "/var/www/emily.cat/_site"; };
+    "www.emily.cat" = { redirectTo = "kyouma.net"; };
+    "www.cocaine.trade" = { redirectTo = "cocaine.trade"; };

-      "redirect" = {
-        default = true;
-        reuseport = true;
-        useACMEHost = "kyouma.net";
-        extraConfig = ''
-          return 403;
-        '';
+    "redirect" = {
+      default = true;
+      reuseport = true;
+      useACMEHost = "kyouma.net";
+      extraConfig = ''
+        return 403;
+      '';
+    };
+    "cocaine.trade" = {
+      root = "/var/www/basti/cocaine.trade";
+      extraConfig = ''error_page 404 /404.html;'';
+      locations."/" = {
+        index = "index.html";
+        tryFiles = "$uri $uri.html =404";
      };
-      "cocaine.trade" = {
-        root = "/var/www/basti/cocaine.trade";
-        extraConfig = ''error_page 404 /404.html;'';
-        locations."/" = {
-          index = "index.html";
-          tryFiles = "$uri $uri.html =404";
+      locations."= /".extraConfig = ''rewrite ^ /index.html last;'';
+    };
+    "files.cocaine.trade" = {
+      useACMEHost = "cocaine.trade";
+      root = "/var/www/basti/files.cocaine.trade";
+      locations."/".extraConfig = autoIndex;
+    };
+    "kyouma.net" = {
+      root = kyouma-www.default; 
+      locations = {
+        "/assets/media/".root = kyouma-www.vid;
+        "/vyos/" = {
+          root = config.services.vyosBld.output;
+          extraConfig = autoIndex;
        };
-        locations."= /".extraConfig = ''rewrite ^ /index.html last;'';
-      };
-      "files.cocaine.trade" = {
-        useACMEHost = "cocaine.trade";
-        root = "/var/www/basti/files.cocaine.trade";
-        locations."/".extraConfig = autoIndex;
-      };
-      "kyouma.net" = {
-        root = kyouma-www.default; 
-        locations = {
-          "/assets/media/".root = kyouma-www.vid;
-          "/vyos/" = {
-            root = config.services.vyosBld.output;
-            extraConfig = autoIndex;
-          };
-          "/ihk/" = {
-            root = "/var/www/kyouma.net/ihk";
-            extraConfig = autoIndex;
-          };
+        "/ihk/" = {
+          root = "/var/www/kyouma.net/ihk";
+          extraConfig = autoIndex;
        };
      };
-      "lg.kyouma.net" = {
-        useACMEHost = "kyouma.net";
-        locations."/".root = inputs.fernglas.packages.${config.nixpkgs.hostPlatform.system}.fernglas-frontend;
-        locations."/api/".proxyPass = "http://${config.services.fernglas.settings.api.bind}";
-      };
+    };
+    "lg.kyouma.net" = {
+      useACMEHost = "kyouma.net";
+      locations."/".root = inputs.fernglas.packages.${config.nixpkgs.hostPlatform.system}.fernglas-frontend;
+      locations."/api/".proxyPass = "http://${config.services.fernglas.settings.api.bind}";
    };
  };
  security.acme.certs = {
--- a/config/services/nginx.nix
+++ b/config/services/nginx.nix
@ -11,7 +11,7 @@
  };
  services.nginx = {
    enable = true;
-    package = pkgs.nginxQuic;
+    #package = pkgs.nginxQuic;
    
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
--- a/modules/vhost/default.nix
+++ b/modules/vhost/default.nix
@ -1,7 +1,7 @@
 { config, lib, ... }:

 with lib; let
-  cfg = config.services.nginx.createHost;
+  cfg = config.kyouma.nginx.virtualHosts;
  extraConfig = ''
    add_header Strict-Transport-Security 	$hsts_header;
    #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
@ -12,8 +12,9 @@ with lib; let
  '';
  virtHostCfg = {
    forceSSL = true;
-    http3 = true;
-    quic = true; 
+    #kTLS = true;
+    #http3 = true;
+    #quic = true; 
  };
  createHostFunc = builtins.mapAttrs (vhostName: vhostCfg:
    with lib; let
@ -34,7 +35,7 @@ with lib; let
  );
 in {
  options = {
-    services.nginx.createHost = mkOption {
+    kyouma.nginx.virtualHosts = mkOption {
      type = with types; nullOr anything;
      default = null;
    };