From 2ad85ea8b893c903adc344b7a800aa9be58de348 Mon Sep 17 00:00:00 2001 From: "quentin@aristote.fr" Date: Sat, 24 Jan 2026 21:56:28 +0100 Subject: nginx: include default config MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'my-nixpkgs': 'github:qaristote/my-nixpkgs/920d3342d55312937fed357f9abe165bb2aa281b' (2026-01-17) → 'github:qaristote/my-nixpkgs/aa8af127cef35820a05a9d2c3ab371fa3ddc4795' (2026-01-24) • Updated input 'my-nixpkgs/flake-parts': 'github:hercules-ci/flake-parts/52a2caecc898d0b46b2b905f058ccc5081f842da' (2025-11-12) → 'github:hercules-ci/flake-parts/80daad04eddbbf5a4d883996a73f3f542fa437ac' (2026-01-11) • Updated input 'my-nixpkgs/flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/719359f4562934ae99f5443f20aa06c2ffff91fc' (2025-10-29) → 'github:nix-community/nixpkgs.lib/2075416fcb47225d9b68ac469a5c4801a9c4dd85' (2025-12-14) • Updated input 'my-nixpkgs/nixpkgs': 'github:NixOS/nixpkgs/6f374686605df381de8541c072038472a5ea2e2d' (2025-11-18) → 'github:NixOS/nixpkgs/523257564973361cc3e55e3df3e77e68c20b0b80' (2026-01-24) • Updated input 'my-nixpkgs/nur': 'github:nix-community/NUR/05225766ee3843d0720554ab1c930606092c24c5' (2025-11-19) → 'github:nix-community/NUR/c80cf01f7985ce8e1f6e50104b4dcff5c97f2d26' (2026-01-24) • Updated input 'my-nixpkgs/nur/nixpkgs': 'github:nixos/nixpkgs/89c2b2330e733d6cdb5eae7b899326930c2c0648' (2025-11-17) → 'github:nixos/nixpkgs/88d3861acdd3d2f0e361767018218e51810df8a1' (2026-01-21) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d4fa45dc2d4d32c10cb7c6b530a6b4b7d2429442' (2026-01-15) → 'github:NixOS/nixpkgs/078d69f03934859a181e81ba987c2bb033eebfc5' (2026-01-22) --- config/services/mesh/default.nix | 3 --- config/services/web/default.nix | 29 ++--------------------------- config/services/web/searx/default.nix | 3 --- 3 files changed, 2 insertions(+), 33 deletions(-) (limited to 'config/services') diff --git a/config/services/mesh/default.nix b/config/services/mesh/default.nix index 445c262..168f7db 100644 --- a/config/services/mesh/default.nix +++ b/config/services/mesh/default.nix @@ -40,9 +40,6 @@ in proxy_set_header Host $server_name; proxy_redirect http:// https://; proxy_buffering off; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; ''; }; diff --git a/config/services/web/default.nix b/config/services/web/default.nix index 920d1e7..f6d51db 100644 --- a/config/services/web/default.nix +++ b/config/services/web/default.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ ... }: { imports = [ @@ -13,31 +13,6 @@ defaults.email = "quentin@aristote.fr"; }; - services.nginx = { - enable = true; - additionalModules = [ pkgs.nginxModules.brotli ]; - # return 444 when trying to connect directly through the IP address - virtualHosts."_" = { - default = true; - extraConfig = '' - return 444; - ''; - }; - appendHttpConfig = '' - types_hash_bucket_size 128; - access_log /dev/null; - - # compression - gzip on; - gzip_vary on; - gzip_proxied any; - gzip_comp_level 6; - gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss application/atom+xml image/svg+xml; - brotli on; - brotli_comp_level 6; - brotli_types text/xml image/svg+xml application/x-font-ttf image/vnd.microsoft.icon application/x-font-opentype application/json font/eot application/vnd.ms-fontobject application/javascript font/otf application/xml application/xhtml+xml text/javascript application/x-javascript text/plain application/x-font-truetype application/xml+rss image/x-icon font/opentype text/css image/x-win-bitmap; - ''; - }; - + services.nginx.enable = true; systemd.services.nginx.personal.monitor = true; } diff --git a/config/services/web/searx/default.nix b/config/services/web/searx/default.nix index da4cf88..46afcd8 100644 --- a/config/services/web/searx/default.nix +++ b/config/services/web/searx/default.nix @@ -22,10 +22,7 @@ in "/" = { proxyPass = "http://${cfg.filtron.listen.address}:${toString cfg.filtron.listen.port}"; extraConfig = '' - proxy_set_header Host $host; proxy_set_header Connection $http_connection; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; # proxy_set_header X-Script-Name /; ''; -- cgit v1.2.3