Remove ci endpoint from vancouver nginx

Add compression config to vancouver nginx, ci endpoint
Use statically generated env file rather than dynamic
2023-07-15 12:03:39 +01:00 · 2023-07-15 12:03:11 +01:00 · 2023-07-15 12:01:59 +01:00
4 changed files with 26 additions and 8 deletions
--- a/.env.age
+++ b/.env.age
@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> piv-p256 Vmeusg Apk0u/z04skt4ktJsHDslOrOrwEVcBFzcORCAhbCS48I
+WbCYJz5qY0fWslurJUKUc5Coa1mnZejTd9iNubBYWv8
+-> hxTct-grease F
+Nsg4ckSmYxQxGekmQjq6ipcIKgxvRoh4S8Jud45XOjKKQG4vLvdrFtwhf+5MqgjP
+SbvzIs9J1w
+--- acYQQSnX0IY7NpTZiPQrtR5S7SIY5PrKrRbBRZl7Glo
+Z²\Vl;Øýá³<C3A1>håò<C3A5>»ÿÚ‚G¨ehÖo„‰Þu¯Ó\ðåg+“ÈkP1+"ziŽI\Æ<01>nùJr´ÚOÂOÙ4íYÐËèÇ3:MAÚèµÌ®á‘õ˜ÄÜ©N·Ë®q=gÐˆ¦¿³i4‹P§‡ÝpMQµâÆðXD<Ò1@èM¨™9ˆô9‚çd$2ÔKtâî¡ÝRÙ<52>c"1”Nèžl4+J÷Ç<10>wÆ/³N_\«„M·UÇ©(·ÞÖba?0[†sÑCq¸Û@•C`"cXçË,WúªÌî2[ˆÛ²=ç|Í•"šÎ½Æp<y"Náco’Šéqø7ê²<C3AA>kÕÌò”rÝ;=KQu¬ÉÏ=Œ–~ÛMØÁ>÷T
--- a/.gitignore
+++ b/.gitignore
@ -41,3 +41,4 @@ terraform.rc
 output/
 result
 .direnv/
+.env
--- a/flake.nix
+++ b/flake.nix
@ -14,13 +14,9 @@
      devShells.default = pkgs.mkShell {
        shellHook =
          ''
-            bw sync
-            export BW_SESSION=$(bw unlock --raw)
-            export VERCEL_API_TOKEN=$(bw list items --search "Vercel API" | jq -r '.[0].notes')
-            export HCLOUD_TOKEN=$(bw list items --search "Hetzner" | jq -r '.[0].fields[] | select(.name | contains("API")) | .value')
-            export TF_VAR_tailscale_key=$(bw list items --search "Tailscale Key" | jq -r '.[0].notes')
-            export CLOUDFLARE_API_TOKEN=$(bw list items --search "CloudFlare" | jq -r '.[0].fields[] | select(.name | contains("Zone API Key")) | .value')
-            # alias terraform='terraform -chdir=terraform'
+            set -o allexport
+            source .env  set
+            +o allexport
          '';
        nativeBuildInputs = [
          pkgs.jq
--- a/krops/nas/configuration.nix
+++ b/krops/nas/configuration.nix
@ -100,12 +100,22 @@
    };
    nginx = {
      enable = true;
-      logError = "/var/log/nginx/debug.log info";
+      recommendedGzipSettings = true;
+      recommendedBrotliSettings = true;
+      recommendedZstdSettings = true;
+      recommendedOptimisation = true;
+
      # We can only proxy one port with Tailscale Funnel so we abuse locations instead.
      virtualHosts."vancouver.gmem.ca" =  {
        default = true;
        enableACME = false;
        forceSSL = false;
+        locations."/" = {
+          root = "/var/www/";
+          extraConfig = ''
+            error_page 404 /404.html;
+          '';
+        };
        locations."/git/" = {
          proxyWebsockets = false; # needed if you need to use WebSocket
          extraConfig =
@ -140,6 +150,9 @@
          DISABLE_REGISTRATION = true;
          COOKIE_SECURE = true;
        };
+        actions = {
+          ENABLED = true;
+        };
      };
    };
  };
Author	SHA1	Message	Date
Gabriel Simmer	312b6bc852	Remove ci endpoint from vancouver nginx	2023-07-15 12:03:39 +01:00
Gabriel Simmer	5cf1be37a3	Add compression config to vancouver nginx, ci endpoint	2023-07-15 12:03:11 +01:00
Gabriel Simmer	e07c3921f4	Use statically generated env file rather than dynamic The original approach ensured secrets were always up to date but really slowed down cd'ing into the directory or opening files in emacs.	2023-07-15 12:01:59 +01:00