nginx

Author: randomizedcoder

hp/hp4/nginx.nix

@@ -9,104 +9,54 @@
   # https://github.com/nixinator/cardano-ops/blob/8a7be334a476a80829e17c8a0ca6ec374347a937/roles/explorer.nix#L313
   # grep ExecStartPre /etc/systemd/system/nginx.service
   services.nginx = {
-
     enable = true;
-
-    # package = mkOption {
-    # default = pkgs.nginxStable;
-
     defaultHTTPListenPort = 8080;
-    defaultSSLListenPort = 8443;
-
-    #openFirewall = true; # doesn't exist
-
     statusPage = true;
 
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
-
     recommendedZstdSettings = true;
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
     recommendedBrotliSettings = true;
 
-    resolver = {
-      addresses = [ "127.0.0.1" ]; # Point to local pdns-recursor
-      # valid = "30s"; # Optional: Override DNS cache TTL
-      # ipv6 = false; # Optional: Disable IPv6 lookups if desired
-    };
-
-    # proxyCachePath = {
-    #   "main_cache" = {
-    #     # Path will be /var/cache/nginx/main_cache
-    #     levels = "1:2";
-    #     keysZoneName = "my_proxy_zone";
-    #     keysZoneSize = "10m";
-    #     maxSize = "10g";
-    #     inactive = "60m";
-    #     useTempPath = false;
-    #   };
-    # };
-
-    eventsConfig = ''
-      worker_connections 4096;
-    '';
-
-    appendHttpConfig = ''
-      proxy_cache_path /var/cache/nginx/main_cache levels=1:2 keys_zone=my_proxy_zone:10m max_size=10g inactive=60m use_temp_path=off;
-    '';
-
+    # Minimal configuration for serving files
     virtualHosts."_" = {
-      #listen = [{ addr = "0.0.0.0"; port = 3128; }];
-      listen = [{ addr = "0.0.0.0"; port = 8080; }];
-
-      extraConfig = ''
-        #resolver 127.0.0.1;
-
-        location / {
-            proxy_http_version 1.1;
-            proxy_pass $request_uri;
-            #proxy_pass http://$host$uri$is_args$args;
-
-            proxy_set_header Host $host;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Real-IP $remote_addr;
-
-            proxy_cache my_proxy_zone;
-            proxy_cache_key "$scheme$request_method$host$request_uri";
-            proxy_cache_valid 200 302 10m;
-            proxy_cache_valid 404 1m;
-            proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
-        }
-      '';
+      serverName = "_";
+      root = "/var/www/html";
+      default = true;
+
+      locations."/" = {
+        extraConfig = ''
+          autoindex on;
+          autoindex_exact_size on;
+          autoindex_localtime on;
+          #index index.html;
+        '';
+      };
+
+      locations."/nginx_status" = {
+        extraConfig = ''
+          stub_status on;
+          access_log off;
+          allow 127.0.0.1;
+          allow ::1;
+          allow 172.16.50.0/24;
+          deny all;
+        '';
+      };
     };
   };
+
+  # Ensure the docRoot directory exists and has correct permissions
+  systemd.tmpfiles.rules = [
+    "d /var/www/html 0755 nginx nginx - -"
+  ];
+
   # journalctl --follow --namespace nginx
 
   systemd.services.nginx.serviceConfig.LogNamespace = "nginx";
 
-  # systemd.tmpfiles.rules = [
-  #   "d /var/cache/nginx 0700 nginx nginx - -"
-  #   "d /var/log/nginx   0755 nginx nginx - -"
-  # ];
-  systemd.tmpfiles.settings."nginx-dirs" = {
-    "/var/cache/nginx"."d" = {
-      mode = "0700";
-      user = "nginx";
-      group = "nginx";
-    };
-    "/var/log/nginx"."d" = {
-      mode = "0755";
-      user = "nginx";
-      group = "nginx";
-    };
-    "/run/nginx"."d" = {
-      mode = "0755";
-      user = "nginx";
-      group = "nginx";
-    };
-  };
-
   services.prometheus.exporters.nginx = {
     enable = true;
     openFirewall = true;

laptops/t/Makefile

@@ -54,4 +54,7 @@ update_oldm.:
 	sudo nixos-rebuild switch
 	#nix-shell -p vim
 
+restart_display_manager:
+	sudo systemctl restart display-manager.service
+
 # end

laptops/t/configuration.nix

@@ -1,6 +1,6 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
+# and in the NixOS manual (accessible by running 'nixos-help').
 
 # sudo nixos-rebuild switch
 # sudo nix-channel --update
@@ -46,7 +46,6 @@
     ];
 
   boot = {
-
     loader.systemd-boot = {
       enable = true;
       consoleMode = "max";
@@ -63,8 +62,8 @@
 
     # https://github.com/tolgaerok/nixos-2405-gnome/blob/main/core/boot/efi/efi.nix#L56C5-L56C21
     kernelParams = [
-      #"nvidia-drm.modeset=1"
-      #"nvidia-drm.fbdev=1"
+      "nvidia-drm.modeset=1"
+      "nvidia-drm.fbdev=1"
       # https://www.reddit.com/r/NixOS/comments/u5l3ya/cant_start_x_in_nixos/?rdt=56160
       #"nomodeset"
     ];
@@ -78,50 +77,34 @@
     # https://nixos.org/manual/nixos/stable/options#opt-boot.binfmt.emulatedSystems
     binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ];
 
-    extraModulePackages = with config.boot.kernelPackages; [
-      v4l2loopback
-      #nvidia_x11
+    extraModulePackages = [
+      config.boot.kernelPackages.v4l2loopback
+      pkgs.unstable.linuxPackages.nvidiaPackages.production
     ];
 
-    # https://nixos.wiki/wiki/Libvirt#Nested_virtualization
-    #extraModprobeConfig = "options kvm_intel nested=1";
-    # https://gist.github.com/chrisheib/162c8cad466638f568f0fb7e5a6f4f6b#file-config_working-nix-L19
-    extraModprobeConfig =
-      "options nvidia "
-      #""
-      + lib.concatStringsSep " " [
-      # nvidia assume that by default your CPU does not support PAT,
-      # but this is effectively never the case in 2023
-      "NVreg_UsePageAttributeTable=1"
-      # This is sometimes needed for ddc/ci support, see
-      # https://www.ddcutil.com/nvidia/
-      #
-      # Current monitor does not support it, but this is useful for
-      # the future
-      "NVreg_RegistryDwords=RMUseSwI2c=0x01;RMI2cSpeed=100"
-      "options kvm_intel nested=1"
-      # # https://nixos.wiki/wiki/OBS_Studio
-      ''
-        options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1
-      ''
-      ];
+    extraModprobeConfig = ''
+      options nvidia NVreg_UsePageAttributeTable=1
+      options nvidia NVreg_RegistryDwords=RMUseSwI2c=0x01;RMI2cSpeed=100
+      options kvm_intel nested=1
+      options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1
+    '';
   };
 
   # For OBS
   security.polkit.enable = true;
 
   nix = {
-    gc = {
-      automatic = true;                  # Enable automatic execution of the task
-      dates = "weekly";                  # Schedule the task to run weekly
-      options = "--delete-older-than 10d";  # Specify options for the task: delete files older than 10 days
-      randomizedDelaySec = "14m";        # Introduce a randomized delay of up to 14 minutes before executing the task
-    };
     settings = {
       auto-optimise-store = true;
       experimental-features = [ "nix-command" "flakes" ];
       download-buffer-size = "500000000";
     };
+    gc = {
+      automatic = true;                  # Enable automatic execution of the task
+      dates = "daily";                   # Schedule the task to run daily
+      options = "--delete-older-than 10d";  # Specify options for the task: delete files older than 10 days
+      randomizedDelaySec = "14m";        # Introduce a randomized delay of up to 14 minutes before executing the task
+    };
   };
 
   # https://nixos.wiki/wiki/Networking
@@ -280,7 +263,7 @@
 
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # on your system were taken. It's perfectly fine and recommended to leave
   # this value at the release version of the first install of this system.
   # Before changing this value read the documentation for this option
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
@@ -290,10 +273,20 @@
 
   nixpkgs.config = {
     allowUnfree = true;
-    allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
-      "nvidia-x11"
-      "nvidia-settings"
-      "nvidia-persistenced"
-    ];
+    # allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+    #   "nvidia-x11"
+    #   "nvidia-settings"
+    #   "nvidia-persistenced"
+    # ];
   };
+
+  # hardware.opengl = {
+  #   enable = true;
+  #   driSupport = true;
+  #   driSupport32Bit = true;
+  #   extraPackages = with pkgs; [
+  #     vaapiVdpau
+  #     libvdpau-va-gl
+  #   ];
+  # };
 }