config

NixOS config
Log | Files | Refs | README | LICENSE
commit 95dfd6d14347faff8184b942dbac2f4d68926a4c (tree)
parent 23347f6952f2dba92b47d1151ebfe27c0aaf2a61
Author: Motiejus Jakštys <motiejus@jakstys.lt>
Date:   Fri, 25 Aug 2023 17:03:01 +0300

caddy: disable on hel1-a, enable logrotate on vno1-oh2

Diffstat:

Mhosts/hel1-a/configuration.nix | 48------------------------------------------------


Mhosts/vno1-oh2/configuration.nix | 17+++++++++++++++++


2 files changed, 17 insertions(+), 48 deletions(-)

diff --git a/hosts/hel1-a/configuration.nix b/hosts/hel1-a/configuration.nix
@@ -116,54 +116,6 @@
       };
     };
 
-    caddy = {
-      enable = true;
-      email = "motiejus+acme@jakstys.lt";
-      virtualHosts."fwmine.jakstys.lt".extraConfig = ''
-        reverse_proxy fwmine.motiejus.jakst:8080
-      '';
-      virtualHosts."www.jakstys.lt".extraConfig = ''
-        redir https://jakstys.lt
-      '';
-      virtualHosts."jakstys.lt" = {
-        logFormat = ''
-          output file ${config.services.caddy.logDir}/access-jakstys.lt.log {
-            roll_disabled
-          }
-        '';
-        extraConfig = ''
-          header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
-
-          header /_/* Cache-Control "public, max-age=31536000, immutable"
-
-          root * /var/www/jakstys.lt
-          file_server {
-            precompressed br gzip
-          }
-
-          @matrixMatch {
-            path /.well-known/matrix/client
-            path /.well-known/matrix/server
-          }
-          header @matrixMatch Content-Type application/json
-          header @matrixMatch Access-Control-Allow-Origin *
-          header @matrixMatch Cache-Control "public, max-age=3600, immutable"
-
-          handle /.well-known/matrix/client {
-            respond "{\"m.homeserver\": {\"base_url\": \"https://jakstys.lt\"}}" 200
-          }
-          handle /.well-known/matrix/server {
-            respond "{\"m.server\": \"jakstys.lt:443\"}" 200
-          }
-
-          handle /_matrix/* {
-            encode gzip
-            reverse_proxy http://${myData.hosts."vno1-oh2.servers.jakst".jakstIP}:${toString myData.ports.matrix-synapse}
-          }
-        '';
-      };
-    };
-
     logrotate = {
       settings = {
         "/var/log/caddy/access-jakstys.lt.log" = {
diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix
@@ -202,6 +202,23 @@
       };
     };
 
+    logrotate = {
+      settings = {
+        "/var/log/caddy/access-jakstys.lt.log" = {
+          rotate = -1;
+          frequency = "daily";
+          dateext = true;
+          dateyesterday = true;
+          compress = true;
+          compresscmd = "${pkgs.zstd}/bin/zstd";
+          compressext = ".zst";
+          compressoptions = "--long -19";
+          uncompresscmd = "${pkgs.zstd}/bin/unzstd";
+          postrotate = "${pkgs.systemd}/bin/systemctl restart caddy";
+        };
+      };
+    };
+
     grafana = {
       enable = true;
       provision = {