1
0
Fork 0
forked from emily/nixfiles

disabled quic

This commit is contained in:
emily 2024-04-04 14:42:48 +02:00
parent 2839b1a2a8
commit 5b102f2be1
Signed by untrusted user: emily
GPG key ID: F6F4C66207FCF995
3 changed files with 60 additions and 64 deletions

View file

@ -1,14 +1,4 @@
{ config, inputs, pkgs, ... }:
let
bmpPort = 11019;
kyouma-www = inputs.kyouma-www.packages.${config.nixpkgs.hostPlatform.system};
autoIndex = ''
autoindex on;
autoindex_exact_size off;
autoindex_format html;
autoindex_localtime on;
'';
in {
{ config, inputs, pkgs, ... }: {
imports = [
inputs.fernglas.nixosModules.default
inputs.kyouma-www.nixosModules.default
@ -20,9 +10,8 @@ in {
];
networking = {
hostName = "web-dus";
# docker
nftables.enable = mkForce false;
firewall.allowedTCPPorts = [ 80 443 bmpPort ];
firewall.allowedTCPPorts = [ 80 443 11019 ];
firewall.allowedUDPPorts = [ 443 ];
};
systemd.network.networks."98-eth-default" = {
@ -48,7 +37,7 @@ in {
collectors = {
bmp_collector = {
collector_type = "Bmp";
bind = "[::]:${toString bmpPort}";
bind = "[::]:11019";
peers = {
"45.150.123.0" = {};
};
@ -56,8 +45,15 @@ in {
};
};
};
services.nginx = {
createHost = {
kyouma.nginx.virtualHosts = let
kyouma-www = inputs.kyouma-www.packages.${config.nixpkgs.hostPlatform.system};
autoIndex = ''
autoindex on;
autoindex_exact_size off;
autoindex_format html;
autoindex_localtime on;
'';
in {
"miau.zip" = { root = kyouma-www.default; };
"www.miau.zip" = { redirectTo = "miau.zip"; };
"www.kyouma.net" = { redirectTo = "kyouma.net"; };
@ -107,7 +103,6 @@ in {
locations."/api/".proxyPass = "http://${config.services.fernglas.settings.api.bind}";
};
};
};
security.acme.certs = {
"miau.zip" = { extraDomainNames = [ "www.miau.zip" "lg.miau.zip" ]; };
"kyouma.net" = { extraDomainNames = [ "www.kyouma.net" "lg.kyouma.net" ]; };

View file

@ -11,7 +11,7 @@
};
services.nginx = {
enable = true;
package = pkgs.nginxQuic;
#package = pkgs.nginxQuic;
recommendedGzipSettings = true;
recommendedOptimisation = true;

View file

@ -1,7 +1,7 @@
{ config, lib, ... }:
with lib; let
cfg = config.services.nginx.createHost;
cfg = config.kyouma.nginx.virtualHosts;
extraConfig = ''
add_header Strict-Transport-Security $hsts_header;
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
@ -12,8 +12,9 @@ with lib; let
'';
virtHostCfg = {
forceSSL = true;
http3 = true;
quic = true;
#kTLS = true;
#http3 = true;
#quic = true;
};
createHostFunc = builtins.mapAttrs (vhostName: vhostCfg:
with lib; let
@ -34,7 +35,7 @@ with lib; let
);
in {
options = {
services.nginx.createHost = mkOption {
kyouma.nginx.virtualHosts = mkOption {
type = with types; nullOr anything;
default = null;
};