diff --git a/hosts/nixos-server-reid/default.nix b/hosts/nixos-server-reid/default.nix index 07c804d..f52f42d 100755 --- a/hosts/nixos-server-reid/default.nix +++ b/hosts/nixos-server-reid/default.nix @@ -38,8 +38,6 @@ in { ssh.enableMoshSupport = true; postgres.enable = true; - - redis.enable = true; }; security.useDoas = true; diff --git a/hosts/nixos-server-reid/webapps/default.nix b/hosts/nixos-server-reid/webapps/default.nix index 824c11e..a0ebdee 100755 --- a/hosts/nixos-server-reid/webapps/default.nix +++ b/hosts/nixos-server-reid/webapps/default.nix @@ -16,13 +16,10 @@ in { # actually enables nginx, configures acme, # gzip, optimization, proxy, ssl config, # opens ports, and adds some Headers - nginx-config = { - enable = true; - defaultLuaPackagePath = /var/www/reidlab.online/lua; - }; + nginx-config.enable = true; staticSites = { - "v2.reidlab.online".dataDir = "/var/www/v2.reidlab.online"; + "reidlab.online".dataDir = "/var/www/reidlab.online"; }; metrics = { @@ -36,30 +33,12 @@ in { services = { nginx.virtualHosts = { "reidlab.online" = { - forceSSL = true; - enableACME = true; - root = "/var/www/reidlab.online/public"; + locations."/f/".extraConfig = '' + add_header Access-Control-Allow-Origin "*"; + ''; + # we should perhaps add something to help with this in staticsites? extraConfig = '' - error_page 404 /errors/404.html; - error_page 403 /errors/403.html; - error_page 500 /errors/500.html; - location = /errors/404.html { root /var/www/reidlab.online/public/; internal; } - location = /errors/403.html { root /var/www/reidlab.online/public/; internal; } - location = /errors/500.html { root /var/www/reidlab.online/public/; internal; } - - location / { - try_files $uri @main; - } - - location /chat { - access_by_lua_file /var/www/reidlab.online/lua/chat.lua; - } - - location @main { - content_by_lua ' - require("main").handle_request() - '; - } + error_page 404 /404.html; ''; }; }; diff --git a/modules/services/nginx-conf.nix b/modules/services/nginx-conf.nix index 2a92d9a..152297a 100755 --- a/modules/services/nginx-conf.nix +++ b/modules/services/nginx-conf.nix @@ -5,26 +5,10 @@ let cfg = config.modules.services.nginx-config; in { options.modules.services.nginx-config = { - enable = mkEnableOption "enable and configure nginx, a high performance web server"; - - package = mkOption { - type = types.package; - default = pkgs.openresty; - }; - - defaultLuaPackagePath = mkOption { - type = types.path; - default = null; - }; + enable = mkEnableOption "enable and configure nginx, a high performance web server"; }; config = mkIf cfg.enable { - assertions = [ - { assertion = cfg.defaultLuaPackagePath != null; - description = "The defaultLuaPackagePath property *must* be explicitly specified."; - } - ]; - security.acme = { acceptTerms = true; defaults.email = "reidlab325@gmail.com"; @@ -34,36 +18,13 @@ in { services.nginx = { enable = true; - package = cfg.package; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; recommendedProxySettings = true; - # TODO: clean this up oh my god like everything here :sob: im vomiting shaking and crying looking at this. commonHttpConfig = let - # lua - lua-resty-template = pkgs.fetchFromGitHub { - owner = "bungle"; - repo = "lua-resty-template"; - rev = "v2.0"; - sha256 = "1gpyjq3ms5ib8xiz6k9z97cjifx9zp1dyjkr58b2s034xksy2vb1"; - }; - lua-resty-redis = pkgs.fetchFromGitHub { - owner = "openresty"; - repo = "lua-resty-redis"; - rev = "v0.29"; - sha256 = "089ishx4482ybfsv10ig8h3cpsdw6rvgy0w874h1c7m1gk2fd7r9"; - }; - lua-resty-websocket = pkgs.fetchFromGitHub { - owner = "openresty"; - repo = "lua-resty-websocket"; - rev = "v0.10"; - sha256 = "0zpprfi5qc3066ab7g7nyr18jwlk3n8y0006maj4nlx38rl24vfh"; - }; - - # cloudflare realIpsFromList = lib.strings.concatMapStringsSep "\n" (x: "set_real_ip_from ${x};"); fileToList = x: lib.strings.splitString "\n" (builtins.readFile x); cfipv4 = fileToList (pkgs.fetchurl { @@ -75,17 +36,15 @@ in { sha256 = "1ad09hijignj6zlqvdjxv7rjj8567z357zfavv201b9vx3ikk7cy"; }); in '' - lua_package_path "${toString cfg.defaultLuaPackagePath}/?.lua;;${lua-resty-template}/lib/?.lua;;${lua-resty-redis}/lib/?.lua;;${lua-resty-websocket}/lib/?.lua;;"; - # add hsts header with preloading to https reqeusts - # adding this header to http requests is + # adding this header to http requests is discouraged map $scheme $hsts_header { https "max-age=31536000; includeSubdomains; preload"; } add_header Strict-Transport-Security $hsts_header; # Enable CSP for your services. - # add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; + #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; # Minimize information leaked to other domains add_header 'Referrer-Policy' 'origin-when-cross-origin'; diff --git a/modules/services/redis.nix b/modules/services/redis.nix deleted file mode 100755 index 30f1888..0000000 --- a/modules/services/redis.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, lib, pkgs, options, ... }: - -with lib; -let - cfg = config.modules.services.redis; -in { - options.modules.services.redis = { - enable = mkEnableOption "enable redis, a speedy cache database"; - }; - - config = mkIf cfg.enable { - services.redis.servers."" = { - enable = true; - }; - }; -}