Fachschaft/nixConfig
7
2
Fork 2
Code Issues 12 Pull requests 4 Projects Wiki Activity

WIP: nix cthulhu config #91

Draft
nerf wants to merge 2 commits from nerf/nixConfig:cthulhu into main
pull from: nerf/nixConfig:cthulhu
merge into: Fachschaft:main
Conversation 2 Commits 2 Files changed 5 +356
nerf commented 2025-06-25 13:47:35 +00:00
Owner
Copy link
No description provided.
nerf added 1 commit 2025-06-25 13:47:36 +00:00
nerf force-pushed cthulhu from 91763734ee to 41d7652cb4 2025-06-25 13:58:39 +00:00 Compare
nerf force-pushed cthulhu from 41d7652cb4 to a7c1e37375 2025-06-26 15:20:15 +00:00 Compare
nerf added 1 commit 2025-07-01 13:52:56 +00:00
nerf force-pushed cthulhu from 42b0d35691 to bdcb962b53 2025-07-02 18:52:15 +00:00 Compare
Gonne reviewed 2025-07-02 19:20:58 +00:00
nixos/machines/cthulhu/redirects.nix
@ -0,0 +46,4 @@
# # Hosting
# download.mathebau.de Hosting
# theateraufnahmen.mathebau.de
#
Gonne commented 2025-07-02 19:20:58 +00:00
Owner
Copy link

Also https://mathebau.de/protokolle and possibly more

Also https://mathebau.de/protokolle and possibly more
Gonne reviewed 2025-07-03 13:17:49 +00:00
nixos/machines/cthulhu/hardware-configuration.nix
@ -0,0 +30,4 @@
fsType = "ext4";
};
# nix puts the caching folder under /var/cache/nginx
fileSystems."/var/cache/nginx" = {
Gonne commented 2025-07-03 13:00:07 +00:00
Owner
Copy link

Should we have on disk caching? I think we should just supply more RAM.

Should we have on disk caching? I think we should just supply more RAM.
nixos/modules/reverseProxy.nix
@ -0,0 +1,211 @@
# All our domains fall in one or more of three categories
# proxyPass, basically handle the tls and pass the http traffick on
Gonne commented 2025-07-03 13:03:17 +00:00
Owner
Copy link

traffick -> traffic

traffick -> traffic
nixos/modules/reverseProxy.nix
@ -0,0 +23,4 @@
# notice that nix will also parse this string and we need to escape \
# so after nix processing "~ /\.git/" will end up in the nginx config,
# with the proper regex escape.
# I find this behaiviour unexpected and a bit weird, but it catches some footguns
Gonne commented 2025-07-03 13:06:09 +00:00
Owner
Copy link

Does 'this' reference the line before or the setting afterwards?

Does 'this' reference the line before or the setting afterwards?
nixos/modules/reverseProxy.nix
@ -0,0 +41,4 @@
}
// virtualHostConfig.locations;
}
// virtualHostConfig;
Gonne commented 2025-07-03 13:10:51 +00:00
Owner
Copy link

This order of update kills the default locations settings from above as soon as there are any locations settings present.

This order of update kills the default locations settings from above as soon as there are any locations settings present.
nixos/modules/reverseProxy.nix
@ -0,0 +57,4 @@
cacheHelper = targetData:
proxyHelper targetData
// {
extraConfig = ''
Gonne commented 2025-07-03 13:14:33 +00:00
Owner
Copy link

How does this compare to the services.nginx.recommendedGzipSettings setting?
See also services.nginx.recommendedOptimisation

How does this compare to the `services.nginx.recommendedGzipSettings` setting? See also `services.nginx.recommendedOptimisation`
nixos/modules/reverseProxy.nix
@ -0,0 +174,4 @@
};
# TODO: we need to rebuild this for dns challenges,
# this does not work with our proxy pass challenge hand through things.
security.acme = {
Gonne commented 2025-07-03 13:17:43 +00:00
Owner
Copy link

Also, can we deduplicate the list of hostnames?

Also, can we deduplicate the list of hostnames?
This pull request is marked as a work in progress.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u cthulhu:nerf-cthulhu
git checkout nerf-cthulhu
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
Kind/Breaking

Breaking change that won't be backward compatible

  
Kind/Bug

Something is not working

  
Kind/Documentation

Documentation changes

  
Kind/Enhancement

Improve existing functionality

  
Kind/Feature

New functionality

  
Kind/Security

This is security issue

  
Kind/Testing

Issue or pull request related to testing

  
Priority
Critical
The priority is critical

  
Priority
High
The priority is high

  
Priority
Low
The priority is low

  
Priority
Medium
The priority is medium

  
Reviewed
Confirmed
Issue has been confirmed

  
Reviewed
Duplicate
This issue or pull request already exists

  
Reviewed
Invalid
Invalid issue

  
Reviewed
Won't Fix
This issue won't be fixed

  
Status
Abandoned
Somebody has started to work on this but abandoned work

  
Status
Blocked
Something is blocking this issue or pull request

  
Status
Need More Info
Feedback is required to reproduce issue or to continue work

No labels
Kind/Breaking
Kind/Bug
Kind/Documentation
Kind/Enhancement
Kind/Feature
Kind/Security
Kind/Testing
Priority
Critical
Priority
High
Priority
Low
Priority
Medium
Reviewed
Confirmed
Reviewed
Duplicate
Reviewed
Invalid
Reviewed
Won't Fix
Status
Abandoned
Status
Blocked
Status
Need More Info
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Fachschaft/nixConfig#91
No description provided.
Delete branch "nerf/nixConfig:cthulhu"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?