diff --git a/configs/sputnik/nginx.nix b/configs/sputnik/nginx.nix index 00545a8..275fed7 100644 --- a/configs/sputnik/nginx.nix +++ b/configs/sputnik/nginx.nix @@ -1,4 +1,32 @@ -{ config, lib, pkgs, ... }: { +{ config, lib, pkgs, ... }: +let + + errorPages = pkgs.fetchgit { + url = "https://git.ingolf-wagner.de/palo/http-errors.git"; + rev = "66948c13b9bbe5f3fe7a5146eceb76b97c436069"; + sha256 = "0qkw7nb883fna0qgvhky20c3dagxph56aiy2rrf359w7lxch1k1h"; + }; + error = { + extraConfig = '' + error_page 400 /errors/400.html; + error_page 401 /errors/401.html; + error_page 402 /errors/402.html; + error_page 403 /errors/403.html; + error_page 404 /errors/404.html; + error_page 405 /errors/405.html; + error_page 406 /errors/406.html; + error_page 500 /errors/500.html; + error_page 501 /errors/501.html; + error_page 502 /errors/502.html; + error_page 503 /errors/503.html; + error_page 504 /errors/504.html; + ''; + locations."^~ /errors/" = { + extraConfig = "internal;"; + root = "${errorPages}/"; + }; + }; +in { networking.firewall.allowedTCPPorts = [ 80 443 4443 ]; networking.firewall.allowedUDPPorts = [ 80 443 4443 ]; @@ -23,7 +51,11 @@ ]; forceSSL = true; enableACME = true; - locations."/" = { proxyPass = "http://workhorse.private:3000"; }; + extraConfig = error.extraConfig; + + locations = { + "/" = { proxyPass = "http://workhorse.private:3000"; }; + } // error.locations; }; "paste.ingolf-wagner.de" = { @@ -41,22 +73,12 @@ ]; forceSSL = true; enableACME = true; - locations."/" = { proxyPass = "http://workhorse.private:8000"; }; + extraConfig = error.extraConfig; + locations = { + "/" = { proxyPass = "http://workhorse.private:8000"; }; + } // error.locations; }; - #"landing.ingolf-wagner.de" = { - # default = true; - # listen = [ - # { addr = "0.0.0.0"; port = 4443; ssl = true; } - # { addr = "0.0.0.0"; port = 80; ssl = false; } - # ]; - # forceSSL = true; - # enableACME = true; - # locations."/" = { - # root = "/srv/www/ingolf-wagner.de"; - # }; - #}; - "travel.ingolf-wagner.de" = { listen = [ { @@ -72,14 +94,17 @@ ]; forceSSL = true; enableACME = true; - locations."/" = { - root = "/srv/www/travel"; - extraConfig = '' - if (-d $request_filename) { - rewrite [^/]$ $scheme://$http_host$request_uri/ permanent; - } - ''; - }; + extraConfig = error.extraConfig; + locations = { + "/" = { + root = "/srv/www/travel"; + extraConfig = '' + if (-d $request_filename) { + rewrite [^/]$ $scheme://$http_host$request_uri/ permanent; + } + ''; + }; + } // error.locations; }; "tech.ingolf-wagner.de" = { @@ -97,14 +122,17 @@ ]; forceSSL = true; enableACME = true; - locations."/" = { - root = "/srv/www/tech"; - extraConfig = '' - if (-d $request_filename) { - rewrite [^/]$ $scheme://$http_host$request_uri/ permanent; - } - ''; - }; + extraConfig = error.extraConfig; + locations = { + "/" = { + root = "/srv/www/tech"; + extraConfig = '' + if (-d $request_filename) { + rewrite [^/]$ $scheme://$http_host$request_uri/ permanent; + } + ''; + }; + } // error.locations; }; "terranix.org" = { @@ -122,14 +150,17 @@ ]; forceSSL = true; enableACME = true; - locations."/" = { - root = "/srv/www/terranix"; - extraConfig = '' - if (-d $request_filename) { - rewrite [^/]$ $scheme://$http_host$request_uri/ permanent; - } - ''; - }; + extraConfig = error.extraConfig; + locations = { + "/" = { + root = "/srv/www/terranix"; + extraConfig = '' + if (-d $request_filename) { + rewrite [^/]$ $scheme://$http_host$request_uri/ permanent; + } + ''; + }; + } // error.locations; }; "chat.ingolf-wagner.de" = { @@ -147,6 +178,7 @@ ]; forceSSL = true; enableACME = true; + extraConfig = error.extraConfig; locations = { "/" = { proxyPass = "http://chat.workhorse.private"; @@ -156,7 +188,7 @@ sub_filter "chat.workhorse.private" "chat.ingolf-wagner.de"; ''; }; - }; + } // error.locations; }; "nextcloud.ingolf-wagner.de" = { @@ -174,6 +206,7 @@ ]; forceSSL = true; enableACME = true; + extraConfig = error.extraConfig; locations = { "/" = { proxyPass = "http://nextcloud.workhorse.private"; @@ -193,7 +226,7 @@ extraConfig = "return 301 $scheme://$host/remote.php/dav;"; }; - }; + } // error.locations; }; "gaykraft.com" = { @@ -211,7 +244,10 @@ ]; forceSSL = true; enableACME = true; - locations."/" = { root = "/srv/www/gaykraft"; }; + extraConfig = error.extraConfig; + locations = { + "/" = { root = "/srv/www/gaykraft"; }; + } // error.locations; }; }; diff --git a/pkgs/navi/default.nix b/pkgs/navi/default.nix index 71cb1c2..f1b99e4 100644 --- a/pkgs/navi/default.nix +++ b/pkgs/navi/default.nix @@ -26,7 +26,6 @@ rustPlatform.buildRustPackage rec { ''; nativeBuildInputs = [ makeWrapper ]; - meta = with stdenv.lib; { description = "An interactive cheatsheet tool for the command-line"; homepage = "https://github.com/denisidoro/navi"; diff --git a/system/all/nginx.nix b/system/all/nginx.nix index 421f2fc..1f1de20 100644 --- a/system/all/nginx.nix +++ b/system/all/nginx.nix @@ -12,8 +12,8 @@ in { recommendedProxySettings = lib.mkDefault true; recommendedTlsSettings = lib.mkDefault true; - # for graylog logging commonHttpConfig = '' + # for graylog logging log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", ' '"facility": "nginx", ' '"src_addr": "$remote_addr", ' @@ -28,9 +28,9 @@ in { '"http_x_forwarded_for": "$http_x_forwarded_for",' '"http_referrer": "$http_referer", ' '"http_user_agent": "$http_user_agent" }'; - access_log syslog:server=${access_log_sink} graylog2_json; error_log syslog:server=${error_log_sink}; + ''; };