WIP: nix cthulhu config #91

nerf · 2025-06-25T13:47:35Z

nerf commented

2025-06-25 13:47:35 +00:00

No description provided.

nerf added 1 commit

2025-06-25 13:47:36 +00:00

hardware config 91763734ee

nerf force-pushed cthulhu from 91763734ee to 41d7652cb4

2025-06-25 13:58:39 +00:00

Compare

nerf force-pushed cthulhu from 41d7652cb4 to a7c1e37375

2025-06-26 15:20:15 +00:00

Compare

nerf added 1 commit

2025-07-01 13:52:56 +00:00

redirects and proxy passes working (except for ssl which needs to migrate to dns) 42b0d35691

nerf force-pushed cthulhu from 42b0d35691 to bdcb962b53

2025-07-02 18:52:15 +00:00

Compare

Gonne reviewed

2025-07-02 19:20:58 +00:00

nixos/machines/cthulhu/redirects.nix

					
				@ -0,0 +46,4 @@

				# # Hosting

				# download.mathebau.de Hosting

				# theateraufnahmen.mathebau.de

				#

Gonne commented

2025-07-02 19:20:58 +00:00

Also https://mathebau.de/protokolle and possibly more

Gonne reviewed

2025-07-03 13:17:49 +00:00

nixos/machines/cthulhu/hardware-configuration.nix

					
				@ -0,0 +30,4 @@

				    fsType = "ext4";

				  };

				  # nix puts the caching folder under /var/cache/nginx

				  fileSystems."/var/cache/nginx" = {

Gonne commented

2025-07-03 13:00:07 +00:00

Should we have on disk caching? I think we should just supply more RAM.

nerf commented

2025-08-01 13:28:05 +00:00

this is replicating current behaviour

nixos/modules/reverseProxy.nix

					
				@ -0,0 +1,211 @@

				# All our domains fall in one or more of three categories

				# proxyPass, basically handle the tls and pass the http traffick on

Gonne commented

2025-07-03 13:03:17 +00:00

traffick -> traffic

nixos/modules/reverseProxy.nix

					
				@ -0,0 +23,4 @@

				          # notice that nix will also parse this string and we need to escape \

				          # so after nix processing "~ /\.git/" will end up in the nginx config,

				          # with the proper regex escape.

				          # I find this behaiviour unexpected and a bit weird, but it catches some footguns

Gonne commented

2025-07-03 13:06:09 +00:00

Does 'this' reference the line before or the setting afterwards?

nerf commented

2025-08-01 13:33:09 +00:00

I think it is unexpected that after configuring a proxy pass that some two specific kinds of version control directories are filtered

nixos/modules/reverseProxy.nix

					
				@ -0,0 +41,4 @@

				        }

				        // virtualHostConfig.locations;

				    }

				    // virtualHostConfig;

Gonne commented

2025-07-03 13:10:51 +00:00

This order of update kills the default locations settings from above as soon as there are any locations settings present.

nixos/modules/reverseProxy.nix

					
				@ -0,0 +57,4 @@

				    cacheHelper = targetData:

				      proxyHelper targetData

				      // {

				        extraConfig = ''

Gonne commented

2025-07-03 13:14:33 +00:00

How does this compare to the services.nginx.recommendedGzipSettings setting?
See also services.nginx.recommendedOptimisation

How does this compare to the `services.nginx.recommendedGzipSettings` setting? See also `services.nginx.recommendedOptimisation`

nerf commented

2025-08-01 13:38:48 +00:00

As context where these settings are coming from, this is what is currently configured on cthulhu.
I didn't compared them but there is some overlap for sure. At least expires max is not in the recommended sittings. For the rest I would need to check the nixpkgs nginx unit

As context where these settings are coming from, this is what is currently configured on cthulhu. I didn't compared them but there is some overlap for sure. At least `expires max` is not in the recommended sittings. For the rest I would need to check the nixpkgs nginx unit

nixos/modules/reverseProxy.nix

					
				@ -0,0 +174,4 @@

				    };

				    # TODO: we need to rebuild this for dns challenges,

				    # this does not work with our proxy pass challenge hand through things.

				    security.acme = {