From 9c1e96db8dcb70b55ad091c1619ab5ba8de2ea37 Mon Sep 17 00:00:00 2001 From: clerie Date: Sat, 9 Sep 2023 18:35:08 +0200 Subject: [PATCH] configuration/common: Move web config to seperate file --- configuration/common/default.nix | 47 ++---------------------------- configuration/common/web.nix | 50 ++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+), 45 deletions(-) create mode 100644 configuration/common/web.nix diff --git a/configuration/common/default.nix b/configuration/common/default.nix index da366bd..efebb33 100644 --- a/configuration/common/default.nix +++ b/configuration/common/default.nix @@ -3,6 +3,8 @@ { imports = [ ../../modules + + ./web.nix ]; networking.domain = "net.clerie.de"; @@ -64,51 +66,6 @@ options = "--delete-older-than 30d"; }; - services.nginx = { - enableReload = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - commonHttpConfig = '' - server_names_hash_bucket_size 64; - map $remote_addr $remote_addr_anon { - ~(?P\d+\.\d+\.\d+)\. $ip.0; - ~(?P[^:]*:[^:]*(:[^:]*)?): $ip::; - default ::; - } - log_format combined_anon '$remote_addr_anon - $remote_user [$time_local] ' - '"$request" $status $body_bytes_sent ' - '"$http_referer" "$http_user_agent"'; - log_format vcombined_anon '$host: $remote_addr_anon - $remote_user [$time_local] ' - '"$request" $status $body_bytes_sent ' - '"$http_referer" "$http_user_agent"'; - access_log /var/log/nginx/access.log vcombined_anon; - ''; - - virtualHosts = { - "default" = { - default = true; - rejectSSL = true; - locations."/" = { - return = ''200 "Some piece of infrastructure\n"''; - extraConfig = '' - types { } default_type "text/plain; charset=utf-8"; - ''; - }; - }; - }; - }; - services.logrotate.settings.nginx = { - frequency = "daily"; - maxage = 14; - }; - - security.acme = { - defaults.email = "letsencrypt@clerie.de"; - acceptTerms = true; - }; nix.settings = { experimental-features = [ diff --git a/configuration/common/web.nix b/configuration/common/web.nix new file mode 100644 index 0000000..360d950 --- /dev/null +++ b/configuration/common/web.nix @@ -0,0 +1,50 @@ +{ ... }: + +{ + services.nginx = { + enableReload = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + commonHttpConfig = '' + server_names_hash_bucket_size 64; + map $remote_addr $remote_addr_anon { + ~(?P\d+\.\d+\.\d+)\. $ip.0; + ~(?P[^:]*:[^:]*(:[^:]*)?): $ip::; + default ::; + } + log_format combined_anon '$remote_addr_anon - $remote_user [$time_local] ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent"'; + log_format vcombined_anon '$host: $remote_addr_anon - $remote_user [$time_local] ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent"'; + access_log /var/log/nginx/access.log vcombined_anon; + ''; + + virtualHosts = { + "default" = { + default = true; + rejectSSL = true; + locations."/" = { + return = ''200 "Some piece of infrastructure\n"''; + extraConfig = '' + types { } default_type "text/plain; charset=utf-8"; + ''; + }; + }; + }; + }; + + services.logrotate.settings.nginx = { + frequency = "daily"; + maxage = 14; + }; + + security.acme = { + defaults.email = "letsencrypt@clerie.de"; + acceptTerms = true; + }; +}