summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorquentin@aristote.fr <quentin@aristote.fr>2026-01-24 21:56:28 +0100
committerquentin@aristote.fr <quentin@aristote.fr>2026-01-24 22:23:03 +0100
commit2ad85ea8b893c903adc344b7a800aa9be58de348 (patch)
treebe19ef99fbea62666d92a9ae1769a1c34dc8154c
parent65c8dfd0ba92d65421c1f6beddc685cf0b08dc67 (diff)
nginx: include default config
Flake lock file updates: • Updated input 'my-nixpkgs': 'github:qaristote/my-nixpkgs/920d3342d55312937fed357f9abe165bb2aa281b' (2026-01-17) → 'github:qaristote/my-nixpkgs/aa8af127cef35820a05a9d2c3ab371fa3ddc4795' (2026-01-24) • Updated input 'my-nixpkgs/flake-parts': 'github:hercules-ci/flake-parts/52a2caecc898d0b46b2b905f058ccc5081f842da' (2025-11-12) → 'github:hercules-ci/flake-parts/80daad04eddbbf5a4d883996a73f3f542fa437ac' (2026-01-11) • Updated input 'my-nixpkgs/flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/719359f4562934ae99f5443f20aa06c2ffff91fc' (2025-10-29) → 'github:nix-community/nixpkgs.lib/2075416fcb47225d9b68ac469a5c4801a9c4dd85' (2025-12-14) • Updated input 'my-nixpkgs/nixpkgs': 'github:NixOS/nixpkgs/6f374686605df381de8541c072038472a5ea2e2d' (2025-11-18) → 'github:NixOS/nixpkgs/523257564973361cc3e55e3df3e77e68c20b0b80' (2026-01-24) • Updated input 'my-nixpkgs/nur': 'github:nix-community/NUR/05225766ee3843d0720554ab1c930606092c24c5' (2025-11-19) → 'github:nix-community/NUR/c80cf01f7985ce8e1f6e50104b4dcff5c97f2d26' (2026-01-24) • Updated input 'my-nixpkgs/nur/nixpkgs': 'github:nixos/nixpkgs/89c2b2330e733d6cdb5eae7b899326930c2c0648' (2025-11-17) → 'github:nixos/nixpkgs/88d3861acdd3d2f0e361767018218e51810df8a1' (2026-01-21) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d4fa45dc2d4d32c10cb7c6b530a6b4b7d2429442' (2026-01-15) → 'github:NixOS/nixpkgs/078d69f03934859a181e81ba987c2bb033eebfc5' (2026-01-22)
Diffstat
-rw-r--r--config/services/mesh/default.nix3
-rw-r--r--config/services/web/default.nix29
-rw-r--r--config/services/web/searx/default.nix3
-rw-r--r--flake.lock42
4 files changed, 23 insertions, 54 deletions
diff --git a/config/services/mesh/default.nix b/config/services/mesh/default.nix
index 445c262..168f7db 100644
--- a/config/services/mesh/default.nix
+++ b/config/services/mesh/default.nix
@@ -40,9 +40,6 @@ in
proxy_set_header Host $server_name;
proxy_redirect http:// https://;
proxy_buffering off;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
'';
};
diff --git a/config/services/web/default.nix b/config/services/web/default.nix
index 920d1e7..f6d51db 100644
--- a/config/services/web/default.nix
+++ b/config/services/web/default.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ ... }:
{
imports = [
@@ -13,31 +13,6 @@
defaults.email = "quentin@aristote.fr";
};
- services.nginx = {
- enable = true;
- additionalModules = [ pkgs.nginxModules.brotli ];
- # return 444 when trying to connect directly through the IP address
- virtualHosts."_" = {
- default = true;
- extraConfig = ''
- return 444;
- '';
- };
- appendHttpConfig = ''
- types_hash_bucket_size 128;
- access_log /dev/null;
-
- # compression
- gzip on;
- gzip_vary on;
- gzip_proxied any;
- gzip_comp_level 6;
- gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss application/atom+xml image/svg+xml;
- brotli on;
- brotli_comp_level 6;
- brotli_types text/xml image/svg+xml application/x-font-ttf image/vnd.microsoft.icon application/x-font-opentype application/json font/eot application/vnd.ms-fontobject application/javascript font/otf application/xml application/xhtml+xml text/javascript application/x-javascript text/plain application/x-font-truetype application/xml+rss image/x-icon font/opentype text/css image/x-win-bitmap;
- '';
- };
-
+ services.nginx.enable = true;
systemd.services.nginx.personal.monitor = true;
}
diff --git a/config/services/web/searx/default.nix b/config/services/web/searx/default.nix
index da4cf88..46afcd8 100644
--- a/config/services/web/searx/default.nix
+++ b/config/services/web/searx/default.nix
@@ -22,10 +22,7 @@ in
"/" = {
proxyPass = "http://${cfg.filtron.listen.address}:${toString cfg.filtron.listen.port}";
extraConfig = ''
- proxy_set_header Host $host;
proxy_set_header Connection $http_connection;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
# proxy_set_header X-Script-Name /;
'';
diff --git a/flake.lock b/flake.lock
index 5feda63..f666c7a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -62,11 +62,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
- "lastModified": 1762980239,
- "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=",
+ "lastModified": 1768135262,
+ "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
"owner": "hercules-ci",
"repo": "flake-parts",
- "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da",
+ "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac",
"type": "github"
},
"original": {
@@ -270,11 +270,11 @@
"nur": "nur"
},
"locked": {
- "lastModified": 1768680671,
- "narHash": "sha256-c/6oJfgBW5WNDlloaQtR1+QbiTGnHicMopTAiCy/FhY=",
+ "lastModified": 1769288185,
+ "narHash": "sha256-ExHHRT4BeUdOc/wbAuLn7iC8AU3z5yr5GlOxzaudaG4=",
"owner": "qaristote",
"repo": "my-nixpkgs",
- "rev": "920d3342d55312937fed357f9abe165bb2aa281b",
+ "rev": "aa8af127cef35820a05a9d2c3ab371fa3ddc4795",
"type": "github"
},
"original": {
@@ -353,11 +353,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1763464769,
- "narHash": "sha256-AJHrsT7VoeQzErpBRlLJM1SODcaayp0joAoEA35yiwM=",
+ "lastModified": 1769237874,
+ "narHash": "sha256-saOixpqPT4fiE/M8EfHv9I98f3sSEvt6nhMJ/z0a7xI=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "6f374686605df381de8541c072038472a5ea2e2d",
+ "rev": "523257564973361cc3e55e3df3e77e68c20b0b80",
"type": "github"
},
"original": {
@@ -367,11 +367,11 @@
},
"nixpkgs-lib": {
"locked": {
- "lastModified": 1761765539,
- "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=",
+ "lastModified": 1765674936,
+ "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
- "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc",
+ "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
"type": "github"
},
"original": {
@@ -480,11 +480,11 @@
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1763421233,
- "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=",
+ "lastModified": 1769018530,
+ "narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648",
+ "rev": "88d3861acdd3d2f0e361767018218e51810df8a1",
"type": "github"
},
"original": {
@@ -496,11 +496,11 @@
},
"nixpkgs_3": {
"locked": {
- "lastModified": 1768484090,
- "narHash": "sha256-HBIfbB9MF9oqQTxs/W5440mzVaYDBWU9tuX95aZ8h64=",
+ "lastModified": 1769089682,
+ "narHash": "sha256-9yA/LIuAVQq0lXelrZPjLuLVuZdm03p8tfmHhnDIkms=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "d4fa45dc2d4d32c10cb7c6b530a6b4b7d2429442",
+ "rev": "078d69f03934859a181e81ba987c2bb033eebfc5",
"type": "github"
},
"original": {
@@ -590,11 +590,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
- "lastModified": 1763548027,
- "narHash": "sha256-Y6ql4MrEMqZOtqYW/1361v47X0FMV37Ae4a5o2fFuyA=",
+ "lastModified": 1769286133,
+ "narHash": "sha256-CmIT44+3TM5amukQCKK4jnuhLSfes181OGaePBqpKZY=",
"owner": "nix-community",
"repo": "NUR",
- "rev": "05225766ee3843d0720554ab1c930606092c24c5",
+ "rev": "c80cf01f7985ce8e1f6e50104b4dcff5c97f2d26",
"type": "github"
},
"original": {
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-18 23:11:34 +0000