configuration
flake
hosts
_iso
aluminium
astatine
backup-4
beryllium
carbon
clerie-backup
dn42-il-gw1
dn42-il-gw5
dn42-il-gw6
dn42-ildix-clerie
dn42-ildix-service
gatekeeper
hydra-1
hydra-2
krypton
mail-2
monitoring-3
nonat
osmium
palladium
porter
storage-2
tungsten
web-2
blog.nix
bula22.nix
chaosevents.nix
clerie.nix
configuration.nix
drop.nix
etebase.nix
feeds.nix
fieldpoc.nix
gitea.nix
hardware-configuration.nix
ip.nix
legal.nix
meow.nix
milchinsel.nix
mitel-ommclient2.nix
nix-install.nix
nurausstieg.nix
ping.nix
public.nix
radicale.nix
reichartstrasse.nix
secrets.json
ssh.pub
uptimestatus.nix
wetter.nix
zinc
lib
modules
pkgs
users
.gitignore
README.md
flake.lock
flake.nix
42 lines
1.0 KiB
Nix
42 lines
1.0 KiB
Nix
{ pkgs, ... }:
|
|
|
|
{
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"d /var/cache/nginx/nurausstieg - nginx nginx - -"
|
|
];
|
|
|
|
services.nginx = {
|
|
commonHttpConfig = ''
|
|
proxy_cache_path /var/cache/nginx/nurausstieg levels=1:2 use_temp_path=off keys_zone=nurausstieg:1m max_size=10m;
|
|
'';
|
|
|
|
virtualHosts."nurausstieg.clerie.de" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/" = {
|
|
proxyPass = "http://[::1]:44384";
|
|
extraConfig = ''
|
|
proxy_cache nurausstieg;
|
|
# Ignore upstream cache hints
|
|
proxy_ignore_headers Cache-Control;
|
|
# Force cache 200 and 500 responses for one minute
|
|
proxy_cache_valid 200 500 1m;
|
|
# Only do a single fetch for missing entries and let other sessions wait
|
|
proxy_cache_lock on;
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
|
|
systemd.services.nurausstieg = {
|
|
wantedBy = [ "multi-user.target" ];
|
|
serviceConfig = {
|
|
DynamicUser = true;
|
|
};
|
|
path = with pkgs; [ nurausstieg ];
|
|
script = "nurausstieg --listen [::1]:44384";
|
|
};
|
|
|
|
}
|