Nginx updates

.gitattributes

@@ -1,2 +1,3 @@
 secrets.nix filter=git-crypt diff=git-crypt
 secrets.yml filter=git-crypt diff=git-crypt
+secrets.txt filter=git-crypt diff=git-crypt

flake.nix

@@ -40,10 +40,12 @@
       # we only want nix hosts for this part, not all of the defined ones...
       nixHosts = (builtins.filter ({ nix ? true, ... }: nix) hosts');
 
+      # We can't do partial application with //, so this solves it i guess...
+      merge = a: b: a // b;
+
       # Convert a host from hosts.nix to something nixosConfigurations understands
       hostToConfig = z@{ hostname, nixname ? hostname, lxc ? true, ... }:
-        a:
+        merge {
-        a // {
           ${nixname} = mkConfig {
             name = nixname;
             lxc = lxc;
@@ -52,14 +54,11 @@
 
       # Same as above, but for the nodes part of deploy.
       hostToDeploy = z@{ hostname, nixname ? hostname, lxc ? true, ... }:
-        a:
+        merge { ${nixname} = mkDeploy nixname; };
-        a // {
-          ${nixname} = mkDeploy nixname;
-        };
 
       # And actually make the two sets.
-      configs = nixpkgs.lib.fold hostToConfig { } nixHosts;
+      configs = nixpkgs.lib.foldr hostToConfig { } nixHosts;
-      nodes = nixpkgs.lib.fold hostToDeploy { } nixHosts;
+      nodes = nixpkgs.lib.foldr hostToDeploy { } nixHosts;
     in {
 
       nixosConfigurations = configs;

hosts/gitea/configuration.nix

@@ -18,7 +18,9 @@ in {
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
   system.stateVersion = "21.11"; # Did you read the comment?
 
-  environment.systemPackages = with pkgs; [ ];
+  environment.systemPackages = with pkgs; [
+    gnupg
+  ];
 
   networking.firewall.enable = false;
   networking.firewall.allowedTCPPorts = [ 3000 ];
@@ -28,7 +30,6 @@ in {
   environment.etc.giteaPass = {
     enable = true;
     text = "x";
-    user = "gitea2";
   };
 
   services.gitea = {

hosts/nginx/configuration.nix

@@ -3,12 +3,25 @@ let
   proxy = url: {
     forceSSL = true;
     enableACME = true;
+    http2 = true;
     locations."/" = {
       proxyPass = url;
       proxyWebsockets = true;
     };
   };
   k8s_proxy = proxy "http://10.42.20.5:80/";
+  big_proxy = url: {
+    forceSSL = true;
+    enableACME = true;
+    http2 = true;
+    locations."/" = {
+      proxyPass = url;
+      proxyWebsockets = true;
+      extraConfig = ''
+      client_max_body_size 0;
+      '';
+    };
+  };
 in {
   imports = [
     # Import common config
@@ -42,6 +55,13 @@ in {
 
     virtualHosts."git.voidcorp.nl" = proxy "http://gitea.voidlocal:3000/";
 
+    virtualHosts."www.galerievanslagmaat.nl" = {
+      forceSSL = true;
+      enableACME = true;
+      http2 = true;
+      globalRedirect = "galerievanslagmaat.nl";
+    };
+
     virtualHosts."galerievanslagmaat.nl" = k8s_proxy;
     virtualHosts."staging.galerievanslagmaat.nl" = k8s_proxy;
     virtualHosts."groenehartansichtkaarten.nl" = k8s_proxy;
@@ -49,7 +69,7 @@ in {
 
     virtualHosts."vaultwarden.voidcorp.nl" = proxy "http://10.42.20.4:8000/";
 
-    virtualHosts."s3.voidcorp.nl" = proxy "http://10.42.20.6:9000/";
+    virtualHosts."s3.voidcorp.nl" = big_proxy "http://10.42.20.6:9000/";
     virtualHosts."explore.s3.voidcorp.nl" = proxy "http://10.42.20.6:9001/";
     virtualHosts."registry.voidcorp.nl" = proxy "http://10.42.20.7:5000/";
     virtualHosts."grafana.voidcorp.nl" = proxy "http://10.42.20.9:3000/";