v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Projects Releases Packages Activity Actions

nginx: enable brotli

Browse source
This commit is contained in:
Vivian 2022-05-08 02:13:44 +02:00
parent 099ca92437
commit e2c10eb08b
4 changed files with 133 additions and 80 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

107
flake.lock generated
View file

@ -20,6 +20,25 @@
"type": "github" "type": "github"
} }
}, },
"deploy-rs_2": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": "nixpkgs_4",
"utils": "utils_3"
},
"locked": {
"lastModified": 1648475189,
"narHash": "sha256-gAGAS6IagwoUr1B0ohE3iR6sZ8hP4LSqzYLC8Mq3WGU=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "83e0c78291cd08cb827ba0d553ad9158ae5a95c3",
"type": "github"
},
"original": {
"id": "deploy-rs",
"type": "indirect"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -37,6 +56,22 @@
} }
}, },
"flake-compat_2": { "flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1648199409,
"narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "64a525ee38886ab9028e6f61790de0832aa3ef03",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1627913399, "lastModified": 1627913399,
@ -51,7 +86,7 @@
"type": "indirect" "type": "indirect"
} }
}, },
"flake-compat_3": { "flake-compat_4": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1627913399, "lastModified": 1627913399,
@ -163,11 +198,11 @@
"utils": "utils_2" "utils": "utils_2"
}, },
"locked": { "locked": {
"lastModified": 1651799536, "lastModified": 1651886476,
"narHash": "sha256-+y4oD+E3PseG5jRhlfpBCSLOs1TKKtCWL/AsFCPXQYU=", "narHash": "sha256-fSPA5BEsoHx6ab5c2sK1apHcFbTs86SjwT63zXSuj/E=",
"owner": "jyooru", "owner": "jyooru",
"repo": "nix-minecraft-servers", "repo": "nix-minecraft-servers",
"rev": "1d9335ce68b66262a25037c81e81f49363e5cb04", "rev": "bbd8bc980d45d910f2673d3abfcc6617f2c3d122",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -179,7 +214,7 @@
"nix": { "nix": {
"inputs": { "inputs": {
"lowdown-src": "lowdown-src", "lowdown-src": "lowdown-src",
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_5"
}, },
"locked": { "locked": {
"lastModified": 1633098935, "lastModified": 1633098935,
@ -197,7 +232,7 @@
"nix_2": { "nix_2": {
"inputs": { "inputs": {
"lowdown-src": "lowdown-src_2", "lowdown-src": "lowdown-src_2",
"nixpkgs": "nixpkgs_6" "nixpkgs": "nixpkgs_7"
}, },
"locked": { "locked": {
"lastModified": 1633098935, "lastModified": 1633098935,
@ -246,21 +281,37 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1651827164, "lastModified": 1651934509,
"narHash": "sha256-w1niZCq4rhXX+23xLvrA5KR9OqT/72e5Mx/pfz/bZYU=", "narHash": "sha256-xofDh2dBoE9s4Lx2h815/qdULHlFRjdDvp0jDk2OHp8=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "98000933d72a97632caf0db0027ea3eb2e5e7f29", "rev": "c7a2979f4cec15b45e6a052b77ae590631426c9f",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-unstable-small", "ref": "master",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": {
"lastModified": 1648219316,
"narHash": "sha256-Ctij+dOi0ZZIfX5eMhgwugfvB+WZSrvVNAyAuANOsnQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "30d3d79b7d3607d56546dd2a6b49e156ba0ec634",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1632864508, "lastModified": 1632864508,
"narHash": "sha256-d127FIvGR41XbVRDPVvozUPQ/uRHbHwvfyKHwEt5xFM=", "narHash": "sha256-d127FIvGR41XbVRDPVvozUPQ/uRHbHwvfyKHwEt5xFM=",
@ -275,7 +326,7 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs_5": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1632495107, "lastModified": 1632495107,
"narHash": "sha256-4NGE56r+FJGBaCYu3CTH4O83Ys4TrtnEPXrvdwg1TDs=", "narHash": "sha256-4NGE56r+FJGBaCYu3CTH4O83Ys4TrtnEPXrvdwg1TDs=",
@ -289,7 +340,7 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs_6": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1632864508, "lastModified": 1632864508,
"narHash": "sha256-d127FIvGR41XbVRDPVvozUPQ/uRHbHwvfyKHwEt5xFM=", "narHash": "sha256-d127FIvGR41XbVRDPVvozUPQ/uRHbHwvfyKHwEt5xFM=",
@ -304,7 +355,7 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs_7": { "nixpkgs_8": {
"locked": { "locked": {
"lastModified": 1632495107, "lastModified": 1632495107,
"narHash": "sha256-4NGE56r+FJGBaCYu3CTH4O83Ys4TrtnEPXrvdwg1TDs=", "narHash": "sha256-4NGE56r+FJGBaCYu3CTH4O83Ys4TrtnEPXrvdwg1TDs=",
@ -329,18 +380,19 @@
}, },
"serokell-nix": { "serokell-nix": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "deploy-rs": "deploy-rs_2",
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_2",
"gitignore-nix": "gitignore-nix", "gitignore-nix": "gitignore-nix",
"nix": "nix", "nix": "nix",
"nixpkgs": "nixpkgs_5" "nixpkgs": "nixpkgs_6"
}, },
"locked": { "locked": {
"lastModified": 1651674183, "lastModified": 1651884062,
"narHash": "sha256-voNo/SzDmjXdk77gq2PRe7E+yJlw/zNuyHij8lNiZDE=", "narHash": "sha256-gr3BGy0yJL4Qx2NdbzEUAI3+Hi558AAVUAczaz6423w=",
"owner": "serokell", "owner": "serokell",
"repo": "serokell.nix", "repo": "serokell.nix",
"rev": "826a2c4c8987766640885f4dc8af344e90abb149", "rev": "3d533eb5b37142d6a3a8dea5ea3c159ad6595eb7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -382,12 +434,27 @@
"type": "github" "type": "github"
} }
}, },
"utils_3": {
"locked": {
"lastModified": 1648297722,
"narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"vault-secrets": { "vault-secrets": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_4",
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_3",
"nix": "nix_2", "nix": "nix_2",
"nixpkgs": "nixpkgs_7" "nixpkgs": "nixpkgs_8"
}, },
"locked": { "locked": {
"lastModified": 1633626134, "lastModified": 1633626134,

44
flake.nix
View file

@ -7,7 +7,7 @@
inputs = { inputs = {
deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.url = "github:serokell/deploy-rs";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; nixpkgs.url = "github:nixos/nixpkgs/master";
serokell-nix.url = "github:serokell/serokell.nix"; serokell-nix.url = "github:serokell/serokell.nix";
vault-secrets.url = "github:serokell/vault-secrets"; vault-secrets.url = "github:serokell/vault-secrets";
minecraft-servers.url = "github:jyooru/nix-minecraft-servers"; minecraft-servers.url = "github:jyooru/nix-minecraft-servers";
@ -44,40 +44,43 @@
fastConnection = true; fastConnection = true;
profiles.system = { profiles.system = {
user = "root"; user = "root";
path = deploy-rs.lib.${system}.activate.nixos path = deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.${profile};
self.nixosConfigurations.${profile};
}; };
}; };
}; };
# Generates hosts.auto.tfvars.json for Terraform # Generates hosts.auto.tfvars.json for Terraform
genTFVars = let genTFVars =
hostToVar = z@{ hostname, mac, ... }: { let
"${hostname}" = { inherit mac; }; hostToVar = z@{ hostname, mac, ... }: {
}; "${hostname}" = { inherit mac; };
hostSet = lib.foldr (el: acc: acc // hostToVar el) { } hosts; };
json = builtins.toJSON { hosts = hostSet; }; hostSet = lib.foldr (el: acc: acc // hostToVar el) { } hosts;
in pkgs.writeScriptBin "gen-tf-vars" '' json = builtins.toJSON { hosts = hostSet; };
echo '${json}' | ${pkgs.jq}/bin/jq > terraform/hosts.auto.tfvars.json; in
echo "Generated Terraform Variables"; pkgs.writeScriptBin "gen-tf-vars" ''
''; echo '${json}' | ${pkgs.jq}/bin/jq > terraform/hosts.auto.tfvars.json;
echo "Generated Terraform Variables";
'';
# Import all nixos host definitions that are actual nix machines # Import all nixos host definitions that are actual nix machines
nixHosts = filter ({ nix ? true, ... }: nix) hosts; nixHosts = filter ({ nix ? true, ... }: nix) hosts;
pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} [ vault-secrets.overlay ];
[ vault-secrets.overlay ];
deployChecks = deployChecks = mapAttrs (_: lib: lib.deployChecks self.deploy) deploy-rs.lib;
mapAttrs (_: lib: lib.deployChecks self.deploy) deploy-rs.lib;
checks = { }; checks = { };
in { in
{
# Make the config and deploy sets # Make the config and deploy sets
nixosConfigurations = nixosConfigurations = lib.foldr (el: acc: acc // mkConfig el) { } nixHosts;
lib.foldr (el: acc: acc // mkConfig el) { } nixHosts;
deploy.nodes = lib.foldr (el: acc: acc // mkDeploy el) { } nixHosts; deploy.nodes = lib.foldr (el: acc: acc // mkDeploy el) { } nixHosts;
apps.${system} = { apps.${system} = {
# deploy = {
# type = "app";
# program = "${deploy-rs.packages.${system}.deploy-rs}/bin/deploy";
# };
vault-push-approles = { vault-push-approles = {
type = "app"; type = "app";
program = "${pkgs.vault-push-approles self}/bin/vault-push-approles"; program = "${pkgs.vault-push-approles self}/bin/vault-push-approles";
@ -97,6 +100,7 @@
devShells.${system}.default = pkgs.mkShell { devShells.${system}.default = pkgs.mkShell {
VAULT_ADDR = "http://vault.olympus:8200/"; VAULT_ADDR = "http://vault.olympus:8200/";
# This only support bash so just execute zsh in bash as a workaround :/ # This only support bash so just execute zsh in bash as a workaround :/
shellHook = "zsh";
buildInputs = with pkgs; [ buildInputs = with pkgs; [
deploy-rs.packages.${system}.deploy-rs deploy-rs.packages.${system}.deploy-rs
fluxcd fluxcd

44
nixos/hosts/nginx/configuration.nix
View file

@ -31,6 +31,10 @@ in
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
package = pkgs.nginxMainline.override {
modules = with pkgs.nginxModules; [ brotli ];
};
# Reverse Proxies # Reverse Proxies
virtualHosts."ha.0x76.dev" = proxy "http://home-assistant.olympus:8123/"; virtualHosts."ha.0x76.dev" = proxy "http://home-assistant.olympus:8123/";
virtualHosts."zookeeper-dev.0x76.dev" = proxy "http://eevee.olympus:8085/"; virtualHosts."zookeeper-dev.0x76.dev" = proxy "http://eevee.olympus:8085/";
@ -43,46 +47,6 @@ in
virtualHosts."wooloofan.club" = k8s_proxy; virtualHosts."wooloofan.club" = k8s_proxy;
virtualHosts."whoami.wooloofan.club" = k8s_proxy; virtualHosts."whoami.wooloofan.club" = k8s_proxy;
# Headscale
virtualHosts."vpn.0x76.dev" = {
enableACME = true;
forceSSL = true;
locations = {
"/headscale." = {
extraConfig = ''
grpc_pass grpc://headscale.olympus:50443;
'';
priority = 1;
};
# "/metrics" = {
# proxyPass = "http://plausible.olympus:9090";
# extraConfig = ''
# allow 10.0.0.0/8;
# allow 100.64.0.0/16;
# deny all;
# '';
# priority = 2;
# };
"/" = {
proxyPass = "http://headscale.olympus:8080";
proxyWebsockets = true;
extraConfig = ''
keepalive_requests 100000;
keepalive_timeout 160s;
proxy_buffering off;
proxy_connect_timeout 75;
proxy_ignore_client_abort on;
proxy_read_timeout 900s;
proxy_send_timeout 600;
send_timeout 600;
'';
priority = 99;
};
};
};
}; };
security.acme.defaults.email = "victorheld12@gmail.com"; security.acme.defaults.email = "victorheld12@gmail.com";

18
terraform/hosts.auto.tfvars.json
View file

@ -24,12 +24,18 @@
"eevee": { "eevee": {
"mac": "34:97:f6:93:9A:AA" "mac": "34:97:f6:93:9A:AA"
}, },
"gitea": {
"mac": "DE:5F:B0:83:6F:34"
},
"home-assistant": { "home-assistant": {
"mac": "9E:60:78:ED:81:B4" "mac": "9E:60:78:ED:81:B4"
}, },
"k3s-node1": { "k3s-node1": {
"mac": "2E:F8:55:23:D9:9B" "mac": "2E:F8:55:23:D9:9B"
}, },
"minecraft": {
"mac": "EA:30:73:E4:B6:69"
},
"minio": { "minio": {
"mac": "0A:06:5E:E7:9A:0C" "mac": "0A:06:5E:E7:9A:0C"
}, },
@ -42,6 +48,12 @@
"nuc": { "nuc": {
"mac": "1C:69:7A:62:30:88" "mac": "1C:69:7A:62:30:88"
}, },
"plausible": {
"mac": "82:34:70:FA:44:6F"
},
"unifi": {
"mac": "1A:88:A0:B0:65:B4"
},
"unifi-ap": { "unifi-ap": {
"mac": "b4:fb:e4:f3:ff:1b" "mac": "b4:fb:e4:f3:ff:1b"
}, },
@ -50,6 +62,12 @@
}, },
"victoriametrics": { "victoriametrics": {
"mac": "9E:91:61:35:84:1F" "mac": "9E:91:61:35:84:1F"
},
"wireguard": {
"mac": "1E:ED:97:2C:C3:9D"
},
"zmeura": {
"mac": "b8:27:eb:d5:e0:f5"
} }
} }
} }