update nginx config (ngx-realip-module, lua-resty-websocket)

disable registration, remove unused inputs
2023-08-11 19:19:49 -07:00 · 2023-08-11 19:13:54 -07:00
3 changed files with 27 additions and 9 deletions
--- a/flake.lock
+++ b/flake.lock
@ -2,11 +2,11 @@
  "nodes": {
    "nixpkgs": {
      "locked": {
-        "lastModified": 1691368598,
-        "narHash": "sha256-ia7li22keBBbj02tEdqjVeLtc7ZlSBuhUk+7XTUFr14=",
+        "lastModified": 1691654369,
+        "narHash": "sha256-gSILTEx1jRaJjwZxRlnu3ZwMn1FVNk80qlwiCX8kmpo=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "5a8e9243812ba528000995b294292d3b5e120947",
+        "rev": "ce5e4a6ef2e59d89a971bc434ca8ca222b9c7f5e",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -3,11 +3,9 @@

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
-
-    vscode-server.url = "github:nix-community/nixos-vscode-server";
  };

-  outputs = { self, nixpkgs, vscode-server }:
+  outputs = { self, nixpkgs }:
  let
    system = "aarch64-linux";

@ -21,7 +19,6 @@
        specialArgs = { inherit system; };

        modules = [
-          vscode-server.nixosModules.default
          ./hosts/server/configuration.nix
        ];
      };
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@ -84,9 +84,30 @@
      rev = "v0.29";
      sha256 = "089ishx4482ybfsv10ig8h3cpsdw6rvgy0w874h1c7m1gk2fd7r9";
    };
+    lua-resty-websocket = pkgs.fetchFromGitHub {
+      owner = "openresty";
+      repo = "lua-resty-websocket";
+      rev = "v0.10";
+      sha256 = "0zpprfi5qc3066ab7g7nyr18jwlk3n8y0006maj4nlx38rl24vfh";
+    };
+    realIpsFromList = lib.strings.concatMapStringsSep "\n" (x: "set_real_ip_from  ${x};");
+    fileToList = x: lib.strings.splitString "\n" (builtins.readFile x);
+    cfipv4 = fileToList (pkgs.fetchurl {
+      url = "https://www.cloudflare.com/ips-v4";
+      sha256 = "0ywy9sg7spafi3gm9q5wb59lbiq0swvf0q3iazl0maq1pj1nsb7h";
+    });
+    cfipv6 = fileToList (pkgs.fetchurl {
+      url = "https://www.cloudflare.com/ips-v6";
+      sha256 = "1ad09hijignj6zlqvdjxv7rjj8567z357zfavv201b9vx3ikk7cy";
+    });
  in ''
    # Lua path
-    lua_package_path "/var/www/reidlab.online/lua/?.lua;;${lua-resty-template}/lib/?.lua;;${lua-resty-redis}/lib/?.lua;;";
+    lua_package_path "/var/www/reidlab.online/lua/?.lua;;${lua-resty-template}/lib/?.lua;;${lua-resty-redis}/lib/?.lua;;${lua-resty-websocket}/lib/?.lua;;";
+
+    # Realip
+    ${realIpsFromList cfipv4}
+    ${realIpsFromList cfipv6}
+    real_ip_header CF-Connecting-IP;

    # Add HSTS header with preloading to HTTPS requests.
    # Adding this header to HTTP requests is discouraged
@ -179,7 +200,7 @@
        REGISTER_EMAIL_CONFIRM = false;
        DEFAULT_KEEP_EMAIL_PRIVATE = true;
        DEFAULT_ENABLE_TIMETRACKING = true;
-#        DISABLE_REGISTRATION = true;
+        DISABLE_REGISTRATION = true;
      };
    };
  };
Author	SHA1	Message	Date
reidlab	42ed88bb94	update nginx config (ngx-realip-module, lua-resty-websocket)	2023-08-11 19:19:49 -07:00
reidlab	1d6b3b8092	disable registration, remove unused inputs	2023-08-11 19:13:54 -07:00