split nas and websites into modules

profiles/web/openspeedtest/default.nix

@@ -0,0 +1,94 @@
+{ config, pkgs, lib, mkDomain, ... }:
+{
+  # OpenSpeedtTest
+  # Pure HTML5 Network Performance Estimation Tool
+
+  /** /
+  services.nginx.virtualHosts.${mkDomain "openspeedtest"} = let
+    cfg = config.services.nginx.virtualHosts.${mkDomain "openspeedtest"};
+    openspeedtest = pkgs.fetchFromGitHub rec {
+      name = "${owner}-unstable-2022-07-02";
+
+      owner = "openspeedtest";
+      repo = "Speed-Test";
+      #rev = "v${version}";
+      rev = "59eb7367ede5555f7516ebb8eeeb65245bc5a6e5";
+      sha256 = "yzvulzgBUri+sU9WxZrLKH/T+mlZu9G2zucv8t/fZdY=";
+      postFetch = ''
+        rm $out/README.md
+        rm $out/License.md
+        rm $out/.gitignore
+        rm $out/hosted.html
+      '';
+    };
+  in {
+    forceSSL = true; # addSSL = true;
+    enableACME = true; #useACMEHost = acmeDomain;
+    http2 = false;
+    root = "${openspeedtest}";
+    extraConfig = ''
+      #access_log off;
+      #error_log /dev/null; #Disable this for Windows Nginx.
+      #log_not_found  off;
+      gzip off;
+      fastcgi_read_timeout 999;
+      server_tokens off;
+      tcp_nodelay on;
+      tcp_nopush on;
+      sendfile on;
+      open_file_cache max=200000 inactive=20s;
+      open_file_cache_valid 30s;
+      open_file_cache_min_uses 2;
+      open_file_cache_errors off;
+    '';
+
+    locations."/".extraConfig = lib.mkIf false ''
+      if_modified_since off;
+      expires off;
+      etag off;
+
+      if ($request_method != OPTIONS ) {
+        add_header 'Access-Control-Allow-Origin' "*" always;
+        add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With' always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+        #Very Very Important! You SHOULD send no-store from server for Google Chrome.
+        add_header 'Cache-Control' 'no-store, no-cache, max-age=0, no-transform';
+        add_header 'Last-Modified' $date_gmt;
+      }
+      if ($request_method = OPTIONS ) {
+        add_header 'Access-Control-Allow-Origin' "$http_origin" always;
+        add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With' always;
+        add_header 'Access-Control-Allow-Methods' "GET, POST, OPTIONS" always;
+        add_header 'Access-Control-Allow-Credentials' "true";
+        return 204;
+      }
+    '';
+    # IF and Only if you Enabled HTTP2 otherwise never enable the following
+    # HTTP2 will return 200 withot waiting for upload to complete. it's smart but we don't need that to happen here when testing upload speed on HTTP2.
+    locations."/upload.bin".extraConfig = ''
+      #proxy_set_header  Host              $host;
+      proxy_pass http://127.0.0.1:80/upload.bin;
+    '';
+    locations."~* ^.+\.(?:css|cur|js|jpe?g|gif|htc|ico|png|html|xml|otf|ttf|eot|woff|woff2|svg)$".extraConfig = lib.mkIf false ''
+      #access_log off;
+      expires 365d;
+      add_header 'Cache-Control' public;
+      add_header 'Vary' Accept-Encoding;
+      tcp_nodelay off;
+      open_file_cache max=3000 inactive=120s;
+      open_file_cache_valid 45s;
+      open_file_cache_min_uses 2;
+      open_file_cache_errors off;
+      gzip on;
+      gzip_disable "msie6";
+      gzip_vary on;
+      gzip_proxied any;
+      gzip_comp_level 6;
+      gzip_buffers 16 8k;
+      gzip_http_version 1.1;
+      gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
+    '';
+  };
+  /**/
+
+}