73 lines
1.7 KiB
Nix
73 lines
1.7 KiB
Nix
|
# Edit this configuration file to define what should be installed on
|
|||
|
# your system. Help is available in the configuration.nix(5) man page
|
|||
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
|||
|
|
|||
|
{ config, pkgs, lib, ... }:
|
|||
|
|
|||
|
let
|
|||
|
secrets = import <secrets>;
|
|||
|
yoricc = import ../packages/yori-cc.nix;
|
|||
|
in
|
|||
|
{
|
|||
|
imports = [
|
|||
|
./hardware-configuration.nix
|
|||
|
../roles/common.nix
|
|||
|
];
|
|||
|
|
|||
|
networking.hostName = secrets.hostnames.pennyworth;
|
|||
|
|
|||
|
services.openssh.enable = true;
|
|||
|
networking.enableIPv6 = lib.mkOverride 30 true;
|
|||
|
|
|||
|
system.stateVersion = "16.03";
|
|||
|
|
|||
|
# root password is useful from console, ssh has password logins disabled
|
|||
|
users.extraUsers.root.hashedPassword = secrets.pennyworth_hashedPassword;
|
|||
|
|
|||
|
|
|||
|
services.nginx = {
|
|||
|
enable = true;
|
|||
|
httpConfig = ''
|
|||
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|||
|
'$status $body_bytes_sent "$http_referer" '
|
|||
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|||
|
|
|||
|
access_log logs/access.log main;
|
|||
|
sendfile on;
|
|||
|
#tcp_nopush on;
|
|||
|
|
|||
|
#keepalive_timeout 0;
|
|||
|
keepalive_timeout 65;
|
|||
|
|
|||
|
|
|||
|
gzip on;
|
|||
|
|
|||
|
server {
|
|||
|
listen 80;
|
|||
|
server_name "";
|
|||
|
|
|||
|
location / {
|
|||
|
root ${pkgs.nginx}/usr/share/nginx/html;
|
|||
|
index index.html index.htm;
|
|||
|
}
|
|||
|
|
|||
|
location = /50x.html {
|
|||
|
root ${pkgs.nginx}/usr/share/nginx/html;
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
server {
|
|||
|
listen 80;
|
|||
|
server_name yori.cc;
|
|||
|
server_tokens off;
|
|||
|
location / {
|
|||
|
root ${yoricc}/web;
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
'';
|
|||
|
};
|
|||
|
networking.firewall.allowedTCPPorts = [80];
|
|||
|
|
|||
|
}
|