forked from SEbbaDK/maptogether
-
Notifications
You must be signed in to change notification settings - Fork 0
/
server.nix
59 lines (52 loc) · 1.56 KB
/
server.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
let
pkgs = import ./nixpkgs.nix { };
apiPort = 3000;
cacheDir = "/var/nginx-cache";
in
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
systemd.services.mkcachedir = {
serviceConfig = {
Type = "oneshot";
User = "root";
Group = "root";
ExecStart = "/bin/sh -c 'rm -rf ${cacheDir} && mkdir ${cacheDir} && chown -R nginx:nginx ${cacheDir} && chmod +w ${cacheDir}'";
};
before = [ "nginx.service" ];
wantedBy = [ "default.target" ];
};
systemd.services.nginx.serviceConfig.ReadWritePaths = [ "${cacheDir}" ];
services.nginx = {
enable = true;
virtualHosts."maptogether.sebba.dk" = {
default = true;
forceSSL = true;
enableACME = true;
locations = {
"/".return = "200 'Welcome to MapTogether\n'";
"/login".extraConfig = ''
default_type text/html;
return 200 'You should now be logged in. The browser should close shortly.';
'';
"/api".extraConfig = ''
rewrite ^/api/(.*) /$1 break;
proxy_cache api_cache;
proxy_ignore_headers Cache-Control;
proxy_cache_valid any 30s;
proxy_pass http://localhost:${builtins.toString apiPort};
'';
};
};
appendHttpConfig = ''
proxy_cache_path ${cacheDir} levels=1:2 keys_zone=api_cache:2m max_size=1g inactive=60m use_temp_path=off;
'';
eventsConfig = ''
worker_connections 50000;
'';
};
containers.api = {
config = import ./api-server.nix { port = apiPort; inherit pkgs; };
autoStart = true;
ephemeral = true;
};
}