forked from the-distro/infra
raito
6c237e8d40
proxy_buffering was the root cause. Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
41 lines
1.1 KiB
Nix
41 lines
1.1 KiB
Nix
{ config, lib, ... }:
|
|
let
|
|
inherit (lib) mkIf;
|
|
cfg = config.bagel.services.gerrit;
|
|
in
|
|
{
|
|
config = mkIf cfg.enable {
|
|
services.nginx = {
|
|
enable = true;
|
|
enableReload = true;
|
|
appendHttpConfig = ''
|
|
add_header Permissions-Policy "interest-cohort=()";
|
|
'';
|
|
recommendedProxySettings = false;
|
|
};
|
|
services.nginx.virtualHosts.gerrit = {
|
|
serverName = builtins.head cfg.domains;
|
|
serverAliases = builtins.tail cfg.domains;
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
extraConfig = ''
|
|
location / {
|
|
proxy_pass http://localhost:4778;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
# The :443 suffix is a workaround for https://b.tvl.fyi/issues/88.
|
|
proxy_set_header Host $host:443;
|
|
# Gerrit can throw a lot of data.
|
|
proxy_buffering off;
|
|
}
|
|
|
|
location = /robots.txt {
|
|
return 200 'User-agent: *\nAllow: /';
|
|
}
|
|
'';
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 443 80 ];
|
|
};
|
|
}
|