From dcfd2ba0054c110a982e8276f224d84954ca135f Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Mon, 29 Jul 2024 20:51:57 +0300 Subject: 2024-07-29 --- configurations/eonwe/default.nix | 2 +- flake.lock | 42 ++++++++++++++++++++-------------------- modules/nginx.nix | 36 +++++++++++++++++++++++----------- 3 files changed, 47 insertions(+), 33 deletions(-) diff --git a/configurations/eonwe/default.nix b/configurations/eonwe/default.nix index 74e12af..ca20140 100644 --- a/configurations/eonwe/default.nix +++ b/configurations/eonwe/default.nix @@ -23,7 +23,7 @@ with lib; incus.enable = true; libvirtd.enable = true; mpd.enable = true; - qutebrowser.enable = false; # FIXME https://github.com/NixOS/nixpkgs/pull/325773 + qutebrowser.enable = true; }; hm = { diff --git a/flake.lock b/flake.lock index b9ad685..35e4908 100644 --- a/flake.lock +++ b/flake.lock @@ -278,11 +278,11 @@ ] }, "locked": { - "lastModified": 1722028105, - "narHash": "sha256-0ButnGQ1bCMIDblzC6NBSL71Wi6JmHGweI3scoV8CgM=", + "lastModified": 1722217815, + "narHash": "sha256-8r5AJ3n8WEDw3rsZLALSuFQ5kJyWOcssNZvPxYLr2yc=", "owner": "nix-community", "repo": "disko", - "rev": "5b01cea8b5753de9c2febd27203c530be14745ff", + "rev": "1e6f8a7b4634fc051cc9361959bf414fcf17e094", "type": "github" }, "original": { @@ -453,11 +453,11 @@ ] }, "locked": { - "lastModified": 1722119539, - "narHash": "sha256-2kU90liMle0vKR8exJx1XM4hZh9CdNgZGHCTbeA9yzY=", + "lastModified": 1722203588, + "narHash": "sha256-91V5FMSQ4z9bkhTCf0f86Zjw0bh367daSf0mzCIW0vU=", "owner": "nix-community", "repo": "home-manager", - "rev": "d0240a064db3987eb4d5204cf2400bc4452d9922", + "rev": "792757f643cedc13f02098d8ed506d82e19ec1da", "type": "github" }, "original": { @@ -535,11 +535,11 @@ ] }, "locked": { - "lastModified": 1722130825, - "narHash": "sha256-wT3ujK3g3Ybqj2F7fNIBrEHY4SbEtoiI/mrUUPr//Fs=", + "lastModified": 1722217035, + "narHash": "sha256-VbKRSpzdC9KZ7JW/g2taP88WcBVZZXthbHQ/Ik3jDHE=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "c04c517fc3d5f0d3e577b09b8bc527a18a95b79b", + "rev": "c24ecb1841d927bafde547c3d62fcb8c8da29a96", "type": "github" }, "original": { @@ -643,11 +643,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1722177403, - "narHash": "sha256-X1wtgrkgLNHLOvOe8deNlQyuFIJKsiBdphTG36DZde4=", + "lastModified": 1722273041, + "narHash": "sha256-NpKImX5XaOVvedRtn6MHuXtYJhiMS5aOXKl7e0ipOyk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "480aa424113bfef080198fcdbc0ca3cdd38a6168", + "rev": "fb89aa5757d11dcbf6a29e3051cc572183469ff4", "type": "github" }, "original": { @@ -659,11 +659,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1722176734, - "narHash": "sha256-sB+glJWgjypDGUXWO88FSpd6UEuROlQ5y5I63BH1rfE=", + "lastModified": 1722272837, + "narHash": "sha256-iHO942tXSkiZ0ZhWkfqCvqo9/67+S6WYfphXSJogEmM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ed739215d981ac5071ba6d7d568865c43aa2c29f", + "rev": "89526a7d969e38fe8c30253170d44d0f131882de", "type": "github" }, "original": { @@ -741,11 +741,11 @@ ] }, "locked": { - "lastModified": 1721888498, - "narHash": "sha256-O5/s8e6CL99AQoKEn8k6F99UoJdAzQ8z9LZ7SxFJ3c4=", + "lastModified": 1722263926, + "narHash": "sha256-xhuXR7hKOM4dQwDvHyZYn+aHbUDHnpi4+yPhsyP+mwU=", "owner": "nix-community", "repo": "srvos", - "rev": "27b3a9b23847cb2e716334ee6ad58b82ddc3f7a7", + "rev": "1f867a5658bfc4318ea6f83304b2a1bc4a0b28ee", "type": "github" }, "original": { @@ -846,11 +846,11 @@ ] }, "locked": { - "lastModified": 1722130475, - "narHash": "sha256-VT2GvIRL8+nNSQ/XS9N6m42VDBiNDy7Luz3wMHoPLBk=", + "lastModified": 1722216590, + "narHash": "sha256-O55w/XIIwheC9m1xGeQ28fajcJQh7x/EtfvL9p+B/ak=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "25a36236f5051034e2085fb3414493c921bb1994", + "rev": "84c2c64bef5f00bfcab73780801f1b270a1c5869", "type": "github" }, "original": { diff --git a/modules/nginx.nix b/modules/nginx.nix index 2ac6d1b..6cb47b4 100644 --- a/modules/nginx.nix +++ b/modules/nginx.nix @@ -29,13 +29,16 @@ in config = mkIf cfg.enable { _module.args.libNginx.config = { internalOnly = '' + add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet"; + access_log off; if ($internal != 1) { return 403; } - access_log off; ''; - # FIXME This stopped working. appendHead = text: '' + brotli off; + gzip off; + zstd off; sub_filter '' '${lib.concatStrings text}'; sub_filter_once on; ''; @@ -48,25 +51,36 @@ in services = { nginx = { enable = true; + enableReload = true; package = pkgs.nginxMainline; - statusPage = true; + statusPage = mkDefault true; + + recommendedOptimisation = mkDefault true; + recommendedProxySettings = mkDefault true; + recommendedTlsSettings = mkDefault true; - serverTokens = false; + recommendedBrotliSettings = mkDefault true; + recommendedGzipSettings = mkDefault true; + recommendedZstdSettings = mkDefault true; - recommendedBrotliSettings = lib.mkDefault true; - recommendedGzipSettings = lib.mkDefault true; - recommendedOptimisation = lib.mkDefault true; - recommendedProxySettings = lib.mkDefault true; - recommendedTlsSettings = lib.mkDefault true; - recommendedZstdSettings = lib.mkDefault true; + resolver.addresses = + let + isIPv6 = addr: builtins.match ".*:.*:.*" addr != null; + escapeIPv6 = addr: if isIPv6 addr then "[${addr}]" else addr; + resolvers = + if config.networking.nameservers != [ ] then + config.networking.nameservers + else + dns.const.quad9.default; + in + map escapeIPv6 resolvers; commonHttpConfig = concatStrings [ '' access_log syslog:server=unix:/dev/log; - add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet"; '' (optionalString (hasAttr "wireguard" this) ( with config.nixfiles.modules.wireguard; -- cgit v1.2.3