From 0c4f3acb281be6290c55a6e96bc29fab5b5c7a11 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 11 Sep 2023 18:24:28 +0200
Subject: stockholm -> hrm

---
 configs/nginx/default.nix     | 21 +++++++++++++++++++++
 configs/nginx/public_html.nix | 17 +++++++++++++++++
 2 files changed, 38 insertions(+)
 create mode 100644 configs/nginx/default.nix
 create mode 100644 configs/nginx/public_html.nix

(limited to 'configs/nginx')

diff --git a/configs/nginx/default.nix b/configs/nginx/default.nix
new file mode 100644
index 0000000..e288c52
--- /dev/null
+++ b/configs/nginx/default.nix
@@ -0,0 +1,21 @@
+{ config, ... }: {
+  services.nginx = {
+    enableReload = true;
+
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedTlsSettings = true;
+
+    virtualHosts.${builtins.toJSON ""} = {
+      default = true;
+      extraConfig = ''
+        error_page 400 =444 /;
+        return 444;
+      '';
+      rejectSSL = true;
+    };
+  };
+  tv.iptables = {
+    input-retiolum-accept-tcp = [ "http" ];
+  };
+}
diff --git a/configs/nginx/public_html.nix b/configs/nginx/public_html.nix
new file mode 100644
index 0000000..cd8e3c4
--- /dev/null
+++ b/configs/nginx/public_html.nix
@@ -0,0 +1,17 @@
+{ config, ... }: {
+  services.nginx = {
+    enable = true;
+    virtualHosts.default = {
+      serverAliases = [
+        "localhost"
+        "${config.krebs.build.host.name}"
+        "${config.krebs.build.host.name}.hkw"
+        "${config.krebs.build.host.name}.r"
+      ];
+      locations."~ ^/~([a-z]+)(?:/(.*))?\$" = {
+        alias = "/srv/$1/public_html/$2";
+      };
+    };
+  };
+  tv.iptables.input-internet-accept-tcp = [ "http" ];
+}
-- 
cgit v1.2.3