From 4f9e6225341a273eca9866fe65911afb8b99bb41 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 20 Aug 2022 19:03:06 +0200 Subject: tv gitrepos: move regfish to museum --- tv/2configs/gitrepos.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tv/2configs') diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 4d22fdff5..50444c1ee 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -109,7 +109,6 @@ let { }; q = {}; reaktor2 = {}; - regfish = {}; stockholm = { cgit.desc = "NixOS configuration"; }; @@ -156,6 +155,7 @@ let { painload = {}; push = {}; Reaktor = {}; + regfish = {}; with-tmpdir = {}; get = {}; load-env = {}; -- cgit v1.2.3 From 587015b9d7d3955d8e1c8d89ef95047078492f9a Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 20 Aug 2022 21:50:48 +0200 Subject: tv nginx: close requests with bad Host header --- tv/2configs/nginx/default.nix | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) (limited to 'tv/2configs') diff --git a/tv/2configs/nginx/default.nix b/tv/2configs/nginx/default.nix index b0acb9435..e68fc714f 100644 --- a/tv/2configs/nginx/default.nix +++ b/tv/2configs/nginx/default.nix @@ -8,18 +8,13 @@ with import ; recommendedOptimisation = true; recommendedTlsSettings = true; - virtualHosts._http = { + virtualHosts.${toJSON ""} = { default = true; extraConfig = '' - return 404; - ''; - }; - - virtualHosts.default = { - locations."= /etc/os-release".extraConfig = '' - default_type text/plain; - alias /etc/os-release; + error_page 400 =444 /; + return 444; ''; + rejectSSL = true; }; }; tv.iptables = { -- cgit v1.2.3 From b00873ffa73fdee8473158be7de11557ab4e36b7 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 20 Aug 2022 22:32:00 +0200 Subject: tv nginx: enable reload --- tv/2configs/nginx/default.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'tv/2configs') diff --git a/tv/2configs/nginx/default.nix b/tv/2configs/nginx/default.nix index e68fc714f..efea3a844 100644 --- a/tv/2configs/nginx/default.nix +++ b/tv/2configs/nginx/default.nix @@ -4,6 +4,8 @@ with import ; { services.nginx = { + enableReload = true; + recommendedGzipSettings = true; recommendedOptimisation = true; recommendedTlsSettings = true; -- cgit v1.2.3 From 9b37b535f43f361a7f57a5aebf89c139d33de01e Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 1 Apr 2022 22:46:35 +0200 Subject: tv: bump HISTSIZE --- tv/2configs/bash/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tv/2configs') diff --git a/tv/2configs/bash/default.nix b/tv/2configs/bash/default.nix index 42914e060..92e2499a9 100644 --- a/tv/2configs/bash/default.nix +++ b/tv/2configs/bash/default.nix @@ -6,7 +6,7 @@ with import ; programs.bash = { interactiveShellInit = /* sh */ '' HISTCONTROL='erasedups:ignorespace' - HISTSIZE=65536 + HISTSIZE=900001 HISTFILESIZE=$HISTSIZE HISTTIMEFORMAT= -- cgit v1.2.3 From 707c6b640dca086634581220614c6094ebbcccbf Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 15 Sep 2022 20:35:43 +0200 Subject: tv binary-cache: use nix-serve-ng --- tv/2configs/binary-cache/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'tv/2configs') diff --git a/tv/2configs/binary-cache/default.nix b/tv/2configs/binary-cache/default.nix index f6eaba36f..e5342cd54 100644 --- a/tv/2configs/binary-cache/default.nix +++ b/tv/2configs/binary-cache/default.nix @@ -3,6 +3,12 @@ environment.etc."binary-cache.pubkey".text = config.krebs.build.host.binary-cache.pubkey; + nixpkgs.overlays = [ + (self: super: { + nix-serve = self.haskellPackages.nix-serve-ng; + }) + ]; + services.nix-serve = { enable = true; secretKeyFile = config.krebs.secret.files.binary-cache-seckey.path; -- cgit v1.2.3 From 3e6f01c3003558a7db1094742fc2cbedf985cd23 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 15 Sep 2022 20:51:27 +0200 Subject: tv binary-cache: drop krebs.secert --- tv/2configs/binary-cache/default.nix | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) (limited to 'tv/2configs') diff --git a/tv/2configs/binary-cache/default.nix b/tv/2configs/binary-cache/default.nix index e5342cd54..6ef7a3850 100644 --- a/tv/2configs/binary-cache/default.nix +++ b/tv/2configs/binary-cache/default.nix @@ -11,22 +11,7 @@ services.nix-serve = { enable = true; - secretKeyFile = config.krebs.secret.files.binary-cache-seckey.path; - }; - - systemd.services.nix-serve = { - after = [ - config.krebs.secret.files.binary-cache-seckey.service - ]; - partOf = [ - config.krebs.secret.files.binary-cache-seckey.service - ]; - }; - - krebs.secret.files.binary-cache-seckey = { - path = "/run/secret/nix-serve.key"; - owner.name = "nix-serve"; - source-path = toString + "/nix-serve.key"; + secretKeyFile = toString + "/nix-serve.key"; }; services.nginx = { -- cgit v1.2.3 From d76cf33d1f000389558da8c8f5e17db966b8a5a7 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 15 Sep 2022 20:52:00 +0200 Subject: tv binary-cache: add retiolum alias --- tv/2configs/binary-cache/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'tv/2configs') diff --git a/tv/2configs/binary-cache/default.nix b/tv/2configs/binary-cache/default.nix index 6ef7a3850..58791f4f6 100644 --- a/tv/2configs/binary-cache/default.nix +++ b/tv/2configs/binary-cache/default.nix @@ -19,6 +19,7 @@ virtualHosts.nix-serve = { serverAliases = [ "cache.${config.krebs.build.host.name}.hkw" + "cache.${config.krebs.build.host.name}.r" ]; locations."/".extraConfig = '' proxy_pass http://localhost:${toString config.services.nix-serve.port}; -- cgit v1.2.3