2022-10-17 22:40:48 +02:00
|
|
|
{ config, pkgs, ... }:
|
|
|
|
|
|
|
|
let
|
|
|
|
lib = pkgs.lib;
|
|
|
|
domain = "${config.networking.hostName}.${config.networking.domain}";
|
|
|
|
mkDomain = subname: "${subname}.${domain}";
|
|
|
|
|
|
|
|
in {
|
|
|
|
|
|
|
|
#services.nginx.enable = true;
|
|
|
|
|
|
|
|
imports = [
|
|
|
|
./services/pdoc.nix
|
2023-02-24 21:36:30 +01:00
|
|
|
#../services/tt-rss.nix
|
2022-10-17 22:40:48 +02:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
|
|
# links.pbsds.net
|
|
|
|
|
|
|
|
services.nginx.virtualHosts."links.pbsds.net" = let
|
|
|
|
links-pbsds-net = pkgs.fetchFromGitea rec {
|
|
|
|
name = repo;
|
|
|
|
domain = "gitea.noximilien.pbsds.net";
|
|
|
|
owner = "pbsds";
|
|
|
|
repo = "links.pbsds.net";
|
2023-02-24 21:36:30 +01:00
|
|
|
rev = "61cd605f198a22db87af087fda34c378b03d4306";
|
|
|
|
hash = "sha256-dx19aTy8K9xkL+cO4r4huYKrlVBZMUkDcbjqxLKe8W4=";
|
2022-10-17 22:40:48 +02:00
|
|
|
};
|
|
|
|
in {
|
|
|
|
#serverAliases = map mkDomain [ "links" ];
|
|
|
|
forceSSL = true; # addSSL = true;
|
|
|
|
enableACME = true; #useACMEHost = acmeDomain;
|
|
|
|
root = "${links-pbsds-net}";
|
|
|
|
};
|
|
|
|
|
|
|
|
# refleksjon.no
|
|
|
|
|
|
|
|
services.nginx.virtualHosts.${mkDomain "refleksjon"} = let
|
|
|
|
refleksjon-net = pkgs.fetchFromGitea rec {
|
|
|
|
name = repo;
|
|
|
|
domain = "gitea.noximilien.pbsds.net";
|
|
|
|
owner = "pbsds";
|
|
|
|
repo = "refleksjon.net";
|
|
|
|
rev = "c1b91e369bf411e44534334595d4481cb59bd129";
|
|
|
|
sha256 = "O+lNqD2LuESKM+S+AljF2SzIxzK05xdZqiLhylTQ2ls=";
|
|
|
|
};
|
|
|
|
in {
|
|
|
|
forceSSL = true; # addSSL = true;
|
|
|
|
enableACME = true; #useACMEHost = acmeDomain;
|
|
|
|
root = "${refleksjon-net}/www.refleksjon.net";
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
# roroslyd.no
|
|
|
|
|
|
|
|
services.nginx.virtualHosts.${mkDomain "roroslyd"} = let
|
|
|
|
roroslyd-no = pkgs.fetchFromGitea rec {
|
|
|
|
name = repo;
|
|
|
|
domain = "gitea.noximilien.pbsds.net";
|
|
|
|
owner = "pbsds";
|
|
|
|
repo = "roroslyd.no";
|
|
|
|
#rev = "v${version}";
|
|
|
|
rev = "fb7b0a7e70754cf368de7d7c469dabe71b2f1c78";
|
|
|
|
sha256 = "Rud5bBUuPgIC5UAGtyuYhUtXhN174UCWDoLUWWc/n6U=";
|
|
|
|
};
|
|
|
|
in {
|
|
|
|
forceSSL = true; # addSSL = true;
|
|
|
|
enableACME = true; #useACMEHost = acmeDomain;
|
|
|
|
root = "${roroslyd-no}/www.roroslyd.no";
|
|
|
|
};
|
|
|
|
|
|
|
|
# trivial gradios
|
|
|
|
|
|
|
|
/** /
|
|
|
|
systemd.services.trivial-gradios-heritage-graph = {
|
|
|
|
description = pkgs.python3Packages.trivial-gradios.meta.description;
|
|
|
|
after = [ "network.target" ];
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
serviceConfig = rec {
|
|
|
|
User = "trivial-gradios";
|
|
|
|
Group = "trivial-gradios";
|
|
|
|
DynamicUser = true;
|
|
|
|
StateDirectory = "trivial-gradios-heritage-graph";
|
|
|
|
WorkingDirectory = "/var/lib/${StateDirectory}";
|
|
|
|
ExecStart = "${pkgs.python3Packages.trivial-gradios}/bin/trivial-gradios-heritage-graph --port 37001";
|
|
|
|
Restart = "on-failure";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
services.nginx.virtualHosts.${mkDomain "gradio"} = {
|
|
|
|
forceSSL = true; # addSSL = true;
|
|
|
|
enableACME = true; #useACMEHost = acmeDomain;
|
|
|
|
locations."/" = {
|
|
|
|
root = pkgs.writeTextDir "index.html" ''
|
|
|
|
<table>
|
|
|
|
<tr>
|
|
|
|
<th>name
|
|
|
|
<th>description
|
|
|
|
<tr>
|
|
|
|
<td><a href="heritage-graph/">heritage-graph</a>
|
|
|
|
<td>A simple tool to greate a directed ancestry graph.
|
|
|
|
</table>
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
locations."/heritage-graph/" = {
|
|
|
|
proxyPass = "http://127.0.0.1:37001";
|
|
|
|
proxyWebsockets = true;
|
|
|
|
extraConfig = ''
|
|
|
|
rewrite ^/heritage-graph(/.*)$ $1 break;
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
};
|
|
|
|
/**/
|
|
|
|
|
|
|
|
|
|
|
|
# CensorDodge
|
|
|
|
# A lightweight and customisable web proxy
|
|
|
|
/** /
|
|
|
|
services.phpfpm.pools.censordodge = {
|
|
|
|
user = "censordodge";
|
|
|
|
group = "censordodge";
|
|
|
|
settings = {
|
|
|
|
"listen.owner" = config.services.nginx.user;
|
|
|
|
"listen.group" = config.services.nginx.group;
|
|
|
|
"pm" = "dynamic";
|
|
|
|
"pm.max_children" = "32";
|
|
|
|
"pm.start_servers" = "2";
|
|
|
|
"pm.min_spare_servers" = "2";
|
|
|
|
"pm.max_spare_servers" = "4";
|
|
|
|
"pm.max_requests" = "500";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
services.nginx.virtualHosts.${mkDomain "censordodge"} = {
|
|
|
|
forceSSL = true; # addSSL = true;
|
|
|
|
enableACME = true; #useACMEHost = acmeDomain;
|
|
|
|
root = pkgs.fetchFromGitHub {
|
|
|
|
owner = "ryanmab";
|
|
|
|
repo = "CensorDodge";
|
|
|
|
rev = "2480e8269190ca8618e41dc581f9d55f4ce9f333";
|
|
|
|
sha256 = "8R3lyxF22HXui4pJytMcqwwa5TDXIJb6fWII934IhEA=";
|
|
|
|
};
|
|
|
|
extraConfig = ''
|
|
|
|
index index.php;
|
|
|
|
'';
|
|
|
|
locations."/".extraConfig = ''
|
|
|
|
try_files $uri $uri/ /index.php?$args;
|
|
|
|
'';
|
|
|
|
locations."~ \.php$".extraConfig = ''
|
|
|
|
include ${config.services.nginx.package}/conf/fastcgi.conf;
|
|
|
|
fastcgi_pass unix:${config.services.phpfpm.pools.censordodge.socket};
|
|
|
|
fastcgi_buffers 16 16k;
|
|
|
|
fastcgi_buffer_size 32k;
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
users.users.censordodge = {
|
|
|
|
isSystemUser = true;
|
|
|
|
group = "censordodge";
|
|
|
|
};
|
|
|
|
users.groups.censordodge = {};
|
|
|
|
/**/
|
|
|
|
|
|
|
|
|
|
|
|
# OpenSpeedtTest
|
|
|
|
# Pure HTML5 Network Performance Estimation Tool
|
|
|
|
|
|
|
|
/** /
|
|
|
|
services.nginx.virtualHosts.${mkDomain "openspeedtest"} = let
|
|
|
|
cfg = config.services.nginx.virtualHosts.${mkDomain "openspeedtest"};
|
|
|
|
openspeedtest = pkgs.fetchFromGitHub rec {
|
|
|
|
name = "${owner}-unstable-2022-07-02";
|
|
|
|
|
|
|
|
owner = "openspeedtest";
|
|
|
|
repo = "Speed-Test";
|
|
|
|
#rev = "v${version}";
|
|
|
|
rev = "59eb7367ede5555f7516ebb8eeeb65245bc5a6e5";
|
|
|
|
sha256 = "yzvulzgBUri+sU9WxZrLKH/T+mlZu9G2zucv8t/fZdY=";
|
|
|
|
postFetch = ''
|
|
|
|
rm $out/README.md
|
|
|
|
rm $out/License.md
|
|
|
|
rm $out/.gitignore
|
|
|
|
rm $out/hosted.html
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
in {
|
|
|
|
forceSSL = true; # addSSL = true;
|
|
|
|
enableACME = true; #useACMEHost = acmeDomain;
|
|
|
|
http2 = false;
|
|
|
|
root = "${openspeedtest}";
|
|
|
|
extraConfig = ''
|
|
|
|
#access_log off;
|
|
|
|
#error_log /dev/null; #Disable this for Windows Nginx.
|
|
|
|
#log_not_found off;
|
|
|
|
gzip off;
|
|
|
|
fastcgi_read_timeout 999;
|
|
|
|
server_tokens off;
|
|
|
|
tcp_nodelay on;
|
|
|
|
tcp_nopush on;
|
|
|
|
sendfile on;
|
|
|
|
open_file_cache max=200000 inactive=20s;
|
|
|
|
open_file_cache_valid 30s;
|
|
|
|
open_file_cache_min_uses 2;
|
|
|
|
open_file_cache_errors off;
|
|
|
|
'';
|
|
|
|
|
|
|
|
locations."/".extraConfig = lib.mkIf false ''
|
|
|
|
if_modified_since off;
|
|
|
|
expires off;
|
|
|
|
etag off;
|
|
|
|
|
|
|
|
if ($request_method != OPTIONS ) {
|
|
|
|
add_header 'Access-Control-Allow-Origin' "*" always;
|
|
|
|
add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With' always;
|
|
|
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
|
|
|
|
#Very Very Important! You SHOULD send no-store from server for Google Chrome.
|
|
|
|
add_header 'Cache-Control' 'no-store, no-cache, max-age=0, no-transform';
|
|
|
|
add_header 'Last-Modified' $date_gmt;
|
|
|
|
}
|
|
|
|
if ($request_method = OPTIONS ) {
|
|
|
|
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
|
|
|
|
add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With' always;
|
|
|
|
add_header 'Access-Control-Allow-Methods' "GET, POST, OPTIONS" always;
|
|
|
|
add_header 'Access-Control-Allow-Credentials' "true";
|
|
|
|
return 204;
|
|
|
|
}
|
|
|
|
'';
|
|
|
|
# IF and Only if you Enabled HTTP2 otherwise never enable the following
|
|
|
|
# HTTP2 will return 200 withot waiting for upload to complete. it's smart but we don't need that to happen here when testing upload speed on HTTP2.
|
|
|
|
locations."/upload.bin".extraConfig = ''
|
|
|
|
#proxy_set_header Host $host;
|
|
|
|
proxy_pass http://127.0.0.1:80/upload.bin;
|
|
|
|
'';
|
|
|
|
locations."~* ^.+\.(?:css|cur|js|jpe?g|gif|htc|ico|png|html|xml|otf|ttf|eot|woff|woff2|svg)$".extraConfig = lib.mkIf false ''
|
|
|
|
#access_log off;
|
|
|
|
expires 365d;
|
|
|
|
add_header 'Cache-Control' public;
|
|
|
|
add_header 'Vary' Accept-Encoding;
|
|
|
|
tcp_nodelay off;
|
|
|
|
open_file_cache max=3000 inactive=120s;
|
|
|
|
open_file_cache_valid 45s;
|
|
|
|
open_file_cache_min_uses 2;
|
|
|
|
open_file_cache_errors off;
|
|
|
|
gzip on;
|
|
|
|
gzip_disable "msie6";
|
|
|
|
gzip_vary on;
|
|
|
|
gzip_proxied any;
|
|
|
|
gzip_comp_level 6;
|
|
|
|
gzip_buffers 16 8k;
|
|
|
|
gzip_http_version 1.1;
|
|
|
|
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
/**/
|
|
|
|
|
|
|
|
|
|
|
|
}
|