deploy http3

This commit is contained in:
Charlotte 🦝 Delenk 2022-02-09 15:24:07 +01:00
parent ffee2ace01
commit 388afba8de
Signed by: darkkirb
GPG key ID: AB2BD8DAF2E37122
8 changed files with 46 additions and 51 deletions

View file

@ -10,9 +10,6 @@
wantedBy = [ "multi-user.target" ];
};
services.nginx.virtualHosts."api.chir.rs" = {
forceSSL = true;
http2 = true;
listenAddresses = [ "0.0.0.0" "[::]" ];
sslCertificate = "/var/lib/acme/chir.rs/cert.pem";
sslCertificateKey = "/var/lib/acme/chir.rs/key.pem";
locations."/" = {

View file

@ -49,9 +49,6 @@
};
services.nginx.virtualHosts."git.chir.rs" = {
forceSSL = true;
http2 = true;
listenAddresses = [ "0.0.0.0" "[::]" ];
sslCertificate = "/var/lib/acme/chir.rs/cert.pem";
sslCertificateKey = "/var/lib/acme/chir.rs/key.pem";
locations."/" = {

View file

@ -14,9 +14,6 @@ in
};
services.nginx.virtualHosts.${config.services.grafana.domain} = {
forceSSL = true;
http2 = true;
# http3 = true;
listenAddresses = listenIPs;
sslCertificate = "/var/lib/acme/int.chir.rs/cert.pem";
sslCertificateKey = "/var/lib/acme/int.chir.rs/key.pem";

View file

@ -8,8 +8,6 @@ in
rootCredentialsFile = "/run/secrets/security/minio/credentials_file";
};
services.nginx.virtualHosts."minio.int.chir.rs" = {
forceSSL = true;
http2 = true;
listenAddresses = listenIPs;
sslCertificate = "/var/lib/acme/int.chir.rs/cert.pem";
sslCertificateKey = "/var/lib/acme/int.chir.rs/key.pem";
@ -19,8 +17,6 @@ in
};
};
services.nginx.virtualHosts."minio-console.int.chir.rs" = {
forceSSL = true;
http2 = true;
listenAddresses = listenIPs;
sslCertificate = "/var/lib/acme/int.chir.rs/cert.pem";
sslCertificateKey = "/var/lib/acme/int.chir.rs/key.pem";

View file

@ -1,29 +1,44 @@
{ pkgs, ... }: {
services.nginx = {
additionalModules = [ pkgs.nginxModules.brotli ];
clientMaxBodySize = "10g";
enable = true;
appendHttpConfig = ''
brotli on;
brotli_types
application/atom+xml
application/javascript
application/json
application/xml
application/xml+rss
image/svg+xml
text/css
text/javascript
text/plain
text/xml;
'';
# package = pkgs.nginxQuic;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
resolver.addresses = [ "127.0.0.1" "[::1]" ];
sslProtocols = "TLSv1.3";
{ lib, pkgs, ... }:
{
config = {
services.nginx = {
additionalModules = [ pkgs.nginxModules.brotli ];
clientMaxBodySize = "10g";
enable = true;
appendHttpConfig = ''
brotli on;
brotli_types
application/atom+xml
application/javascript
application/json
application/xml
application/xml+rss
image/svg+xml
text/css
text/javascript
text/plain
text/xml;
'';
package = pkgs.nginxQuic;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
resolver.addresses = [ "127.0.0.1" "[::1]" ];
sslProtocols = "TLSv1.3";
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 443 ];
};
options.services.nginx.virtualHosts = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule {
config.listenAddresses = lib.mkDefault [
"0.0.0.0"
"[::]"
];
config.forceSSL = lib.mkDefault true;
config.http2 = lib.mkDefault true;
config.http3 = lib.mkDefault true;
});
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 443 ];
}

View file

@ -14,9 +14,6 @@ in
wantedBy = [ "multi-user.target" ];
};
services.nginx.virtualHosts."darkkirb.de" = {
forceSSL = true;
http2 = true;
listenAddresses = [ "0.0.0.0" "[::]" ];
sslCertificate = "/var/lib/acme/darkkirb.de/cert.pem";
sslCertificateKey = "/var/lib/acme/darkkirb.de/key.pem";
serverAliases = [ "www.darkkirb.de" ];
@ -29,9 +26,8 @@ in
};
};
services.nginx.virtualHosts."static.darkkirb.de" = {
forceSSL = false;
addSSL = true;
http2 = true;
listenAddresses = [ "0.0.0.0" "[::]" ];
sslCertificate = "/var/lib/acme/darkkirb.de/cert.pem";
sslCertificateKey = "/var/lib/acme/darkkirb.de/key.pem";
locations."/" = {

View file

@ -31,9 +31,6 @@
}
];
services.nginx.virtualHosts."mail.chir.rs" = {
forceSSL = true;
http2 = true;
listenAddresses = [ "0.0.0.0" "[::]" ];
sslCertificate = "/var/lib/acme/chir.rs/cert.pem";
sslCertificateKey = "/var/lib/acme/chir.rs/key.pem";
};

View file

@ -294,11 +294,11 @@
},
"nur": {
"locked": {
"lastModified": 1644379669,
"narHash": "sha256-w6/mDLvfG6YeiGsHy2r6gXBBozKJwjpkChIAk3gyR1I=",
"lastModified": 1644416136,
"narHash": "sha256-Hfoad1e15/LgdsN6G1vPUiOrDgNSYoBTDWrac0EUnx8=",
"owner": "nix-community",
"repo": "NUR",
"rev": "925ae10cc7bbeaba05f0a0da14a001265233dc2e",
"rev": "4195163bf9388b999a690c3bcf0763cfeb20b059",
"type": "github"
},
"original": {