ivabus/nixos
1
0
Fork 0
mirror of https://github.com/ivabus/nixos synced 2024-09-20 00:30:48 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Enable http/3 on all websites

Browse source 
Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>
This commit is contained in:
Ivan Bushchik 2023-12-10 09:36:24 +03:00
parent a2143c22ab
commit 89c283ee99
No known key found for this signature in database
GPG key ID: 2F16FBF3262E090C
3 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
machines/rubusidaeus/default.nix
View file

@ -61,33 +61,39 @@ in {
locations."/".proxyPass = "http://${secrets.maas-address}:8081"; locations."/".proxyPass = "http://${secrets.maas-address}:8081";
enableACME = true; enableACME = true;
addSSL = true; addSSL = true;
http3 = true;
serverAliases = [ "www.iva.bz" ]; serverAliases = [ "www.iva.bz" ];
}; };
virtualHosts."xn--80acbx2cl.xn--p1ai" = { virtualHosts."xn--80acbx2cl.xn--p1ai" = {
locations."/".proxyPass = "http://${secrets.maas-address}:8083"; locations."/".proxyPass = "http://${secrets.maas-address}:8083";
enableACME = true; enableACME = true;
addSSL = true; addSSL = true;
http3 = true;
serverAliases = [ "ивабус.рф" ]; serverAliases = [ "ивабус.рф" ];
}; };
virtualHosts."music.ivabus.dev" = { virtualHosts."music.ivabus.dev" = {
locations."/".proxyPass = "http://${secrets.maas-address}:4533"; locations."/".proxyPass = "http://${secrets.maas-address}:4533";
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
http3 = true;
}; };
virtualHosts."storage.ivabus.dev" = { virtualHosts."storage.ivabus.dev" = {
locations."/".proxyPass = "http://${secrets.maas-address}:80"; locations."/".proxyPass = "http://${secrets.maas-address}:80";
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
http3 = true;
}; };
virtualHosts."slides.ivabus.dev" = { virtualHosts."slides.ivabus.dev" = {
locations."/".proxyPass = "http://${secrets.maas-address}:80"; locations."/".proxyPass = "http://${secrets.maas-address}:80";
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
http3 = true;
}; };
virtualHosts."git.ivabus.dev" = { virtualHosts."git.ivabus.dev" = {
locations."/".proxyPass = "http://${secrets.maas-address}:3000"; locations."/".proxyPass = "http://${secrets.maas-address}:3000";
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
http3 = true;
}; };
}; };

1
roles/server/ivabus-dev.nix
View file

@ -9,6 +9,7 @@ in {
virtualHosts."ivabus.dev" = { virtualHosts."ivabus.dev" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
http3 = true;
root = pkgs.callPackage ../../pkgs/ivabus-dev.nix { }; root = pkgs.callPackage ../../pkgs/ivabus-dev.nix { };

2
roles/server/nginx.nix
View file

@ -7,6 +7,7 @@ in {
config = lib.mkIf (cfg.enable) { config = lib.mkIf (cfg.enable) {
services.nginx = { services.nginx = {
enable = true; enable = true;
package = pkgs.nginxQuic;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
@ -18,5 +19,6 @@ in {
defaults.email = "ivabus@ivabus.dev"; defaults.email = "ivabus@ivabus.dev";
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 80 443 ];
}; };
} }