heartles/nixos-flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

turn off egirls qa

Browse source
This commit is contained in:
jaina heartles 2024-08-12 07:57:51 -04:00
parent 47161357f7
commit cefba42cee
2 changed files with 64 additions and 71 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

72
configuration.nix
View file

@ -14,7 +14,7 @@ let
in {
imports = [ # Include the results of the hardware scan.
./hardware-configuration.nix
./egirls-qa.nix
#./egirls-qa.nix
./postfix.nix
./nebula.nix
#./stalwart.nix
@ -345,76 +345,6 @@ in {
21027
];
services.nginx = {
enable = true;
package = pkgs.openresty;
proxyCachePath."media_cache" = {
enable = true;
maxSize = "1g";
inactive = "10m";
keysZoneName = "media_cache";
};
virtualHosts."media.dev.egirls.gay" = {
listen = [
{
port = 443;
addr = "0.0.0.0";
ssl = true;
}
{
port = 80;
addr = "0.0.0.0";
}
];
useACMEHost = "ANY.dev.egirls.gay";
forceSSL = true;
extraConfig = ''
proxy_cache media_cache;
proxy_cache_valid 200 10m;
proxy_cache_lock on;
add_header X-Cache $upstream_cache_status;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
proxy_hide_header X-Amz-ID-2;
proxy_hide_header X-Amz-Request-ID;
proxy_hide_header X-Wasabi-CM-Reference-ID;
proxy_hide_header Set-Cookie;
proxy_ignore_headers Set-Cookie;
'';
locations."/".extraConfig = "return 404;";
locations."/misskey/" = {
#recommendedProxySettings = true;
extraConfig = ''
proxy_http_version 1.1;
include /etc/nixos-secrets/s3-access-nginx.conf;
set $s3_bucket 'egirls-gay-misskey';
set $path_full '/$s3_bucket$request_uri';
set_by_lua $now "return ngx.http_time(ngx.time())";
set $signature_string "GET\n\n\n\nx-amz-date:''${now}\n$path_full";
set_hmac_sha1 $s3_signature $s3_secret $signature_string;
set_encode_base64 $s3_signature_b64 $s3_signature;
proxy_set_header x-amz-date $now;
proxy_set_header Authorization "AWS $s3_access:$s3_signature_b64";
proxy_ssl_session_reuse on;
rewrite .* $path_full break;
proxy_pass https://s3.us-west-1.wasabisys.com;
'';
};
};
};
# networking.nat = {
# enable = true;
# internalInterfaces = [ "ve-vpn" ];

63
egirls-qa.nix
View file

@ -12,6 +12,13 @@
services.nginx = {
enable = true;
recommendedProxySettings = true;
package = pkgs.openresty;
proxyCachePath."media_cache" = {
enable = true;
maxSize = "1g";
inactive = "10m";
keysZoneName = "media_cache";
};
virtualHosts = let
mkHost = upstream: {
listen = [
@ -54,6 +61,62 @@
};
"eg.dev.egirls.gay" = mkHost "http://127.0.0.1:3000";
"goto.dev.egirls.gay" = mkHost "http://127.0.0.1:8080";
"media.dev.egirls.gay" = {
listen = [
{
port = 443;
addr = "0.0.0.0";
ssl = true;
}
{
port = 80;
addr = "0.0.0.0";
}
];
useACMEHost = "ANY.dev.egirls.gay";
forceSSL = true;
extraConfig = ''
proxy_cache media_cache;
proxy_cache_valid 200 10m;
proxy_cache_lock on;
add_header X-Cache $upstream_cache_status;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
proxy_hide_header X-Amz-ID-2;
proxy_hide_header X-Amz-Request-ID;
proxy_hide_header X-Wasabi-CM-Reference-ID;
proxy_hide_header Set-Cookie;
proxy_ignore_headers Set-Cookie;
'';
locations."/".extraConfig = "return 404;";
locations."/misskey/" = {
#recommendedProxySettings = true;
extraConfig = ''
proxy_http_version 1.1;
include /etc/nixos-secrets/s3-access-nginx.conf;
set $s3_bucket 'egirls-gay-misskey';
set $path_full '/$s3_bucket$request_uri';
set_by_lua $now "return ngx.http_time(ngx.time())";
set $signature_string "GET\n\n\n\nx-amz-date:''${now}\n$path_full";
set_hmac_sha1 $s3_signature $s3_secret $signature_string;
set_encode_base64 $s3_signature_b64 $s3_signature;
proxy_set_header x-amz-date $now;
proxy_set_header Authorization "AWS $s3_access:$s3_signature_b64";
proxy_ssl_session_reuse on;
rewrite .* $path_full break;
proxy_pass https://s3.us-west-1.wasabisys.com;
'';
};
};
};