Merge remote-tracking branch 'lass/master'

author: makefu <github@syntax-fehler.de> 2022-09-23 22:25:15 +0200
committer: makefu <github@syntax-fehler.de> 2022-09-23 22:25:15 +0200
commit: 3d0defb120132cb6bf43ca45d4bb926eb1ab8a19 (patch)
tree: 2c4adbd466537d833cdb059d7ddca62c2ac2fe54 /tv/2configs
parent: bb8be44848a549eeed9613714521855c836523e5 (diff)
parent: 75b4732dbe325dc64466e7643d464fcc7641d1d5 (diff)
4 files changed, 16 insertions, 27 deletions
diff --git a/tv/2configs/bash/default.nix b/tv/2configs/bash/default.nix
index 42914e0..92e2499 100644
--- a/tv/2configs/bash/default.nix
+++ b/tv/2configs/bash/default.nix
@@ -6,7 +6,7 @@ with import <stockholm/lib>;
   programs.bash = {
     interactiveShellInit = /* sh */ ''
       HISTCONTROL='erasedups:ignorespace'
-      HISTSIZE=65536
+      HISTSIZE=900001
       HISTFILESIZE=$HISTSIZE
       HISTTIMEFORMAT=
 
diff --git a/tv/2configs/binary-cache/default.nix b/tv/2configs/binary-cache/default.nix
index f6eaba3..58791f4 100644
--- a/tv/2configs/binary-cache/default.nix
+++ b/tv/2configs/binary-cache/default.nix
@@ -3,24 +3,15 @@
   environment.etc."binary-cache.pubkey".text =
     config.krebs.build.host.binary-cache.pubkey;
 
+  nixpkgs.overlays = [
+    (self: super: {
+      nix-serve = self.haskellPackages.nix-serve-ng;
+    })
+  ];
+
   services.nix-serve = {
     enable = true;
-    secretKeyFile = config.krebs.secret.files.binary-cache-seckey.path;
-  };
-
-  systemd.services.nix-serve = {
-    after = [
-      config.krebs.secret.files.binary-cache-seckey.service
-    ];
-    partOf = [
-      config.krebs.secret.files.binary-cache-seckey.service
-    ];
-  };
-
-  krebs.secret.files.binary-cache-seckey = {
-    path = "/run/secret/nix-serve.key";
-    owner.name = "nix-serve";
-    source-path = toString <secrets> + "/nix-serve.key";
+    secretKeyFile = toString <secrets> + "/nix-serve.key";
   };
 
   services.nginx = {
@@ -28,6 +19,7 @@
     virtualHosts.nix-serve = {
       serverAliases = [
         "cache.${config.krebs.build.host.name}.hkw"
+        "cache.${config.krebs.build.host.name}.r"
       ];
       locations."/".extraConfig = ''
         proxy_pass http://localhost:${toString config.services.nix-serve.port};
diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix
index 4d22fdf..50444c1 100644
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@@ -109,7 +109,6 @@ let {
     };
     q = {};
     reaktor2 = {};
-    regfish = {};
     stockholm = {
       cgit.desc = "NixOS configuration";
     };
@@ -156,6 +155,7 @@ let {
     painload = {};
     push = {};
     Reaktor = {};
+    regfish = {};
     with-tmpdir = {};
     get = {};
     load-env = {};
diff --git a/tv/2configs/nginx/default.nix b/tv/2configs/nginx/default.nix
index b0acb94..efea3a8 100644
--- a/tv/2configs/nginx/default.nix
+++ b/tv/2configs/nginx/default.nix
@@ -4,22 +4,19 @@ with import <stockholm/lib>;
 
 {
   services.nginx = {
+    enableReload = true;
+
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
     recommendedTlsSettings = true;
 
-    virtualHosts._http = {
+    virtualHosts.${toJSON ""} = {
       default = true;
       extraConfig = ''
-        return 404;
-      '';
-    };
-
-    virtualHosts.default = {
-      locations."= /etc/os-release".extraConfig = ''
-        default_type text/plain;
-        alias /etc/os-release;
+        error_page 400 =444 /;
+        return 444;
       '';
+      rejectSSL = true;
     };
   };
   tv.iptables = {
author	makefu <github@syntax-fehler.de>	2022-09-23 22:25:15 +0200
committer	makefu <github@syntax-fehler.de>	2022-09-23 22:25:15 +0200
commit	3d0defb120132cb6bf43ca45d4bb926eb1ab8a19 (patch)
tree	2c4adbd466537d833cdb059d7ddca62c2ac2fe54 /tv/2configs
parent	bb8be44848a549eeed9613714521855c836523e5 (diff)
parent	75b4732dbe325dc64466e7643d464fcc7641d1d5 (diff)