mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-11-25 17:46:14 +01:00
ingress-tootpick
: switch to dinit
Signed-off-by: magic_rb <magic_rb@redalder.org>
This commit is contained in:
parent
e99c9e848f
commit
6a60fae8ac
|
@ -15,36 +15,7 @@
|
|||
singleton
|
||||
;
|
||||
in {
|
||||
dumb-init = {
|
||||
enable = true;
|
||||
sigell.entries = [
|
||||
{
|
||||
signal = "HUP";
|
||||
action = {
|
||||
type = "exec";
|
||||
environment = {
|
||||
PATH = "${pkgs.bash}/bin:${pkgs.busybox}/bin";
|
||||
};
|
||||
command = [
|
||||
"bash"
|
||||
"-c"
|
||||
"kill -s HUP \"$(cat /nginx.pid)\""
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
signal = "TERM";
|
||||
action = {
|
||||
type = "signal";
|
||||
rewrite = "TERM";
|
||||
selector = {
|
||||
type = "child";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
type.services = {};
|
||||
};
|
||||
dinit.enable = true;
|
||||
init.services.nginx.shutdownOnExit = true;
|
||||
|
||||
system.activation = {
|
||||
|
|
|
@ -216,8 +216,13 @@ ssl_prefer_server_ciphers off;
|
|||
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
|
||||
EOF
|
||||
destination = "local/ssl.conf"
|
||||
change_mode = "signal"
|
||||
change_signal = "SIGHUP"
|
||||
change_mode = "script"
|
||||
change_script {
|
||||
command = "/bin/sh"
|
||||
args = ["-lc", "kill -SIGHUP $(cat /service/nginx/pid)"]
|
||||
timeout = "5s"
|
||||
fail_on_error = false
|
||||
}
|
||||
}
|
||||
|
||||
template {
|
||||
|
@ -228,8 +233,13 @@ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
EOF
|
||||
destination = "local/headers.conf"
|
||||
change_mode = "signal"
|
||||
change_signal = "SIGHUP"
|
||||
change_mode = "script"
|
||||
change_script {
|
||||
command = "/bin/sh"
|
||||
args = ["-lc", "kill -SIGHUP $(cat /service/nginx/pid)"]
|
||||
timeout = "5s"
|
||||
fail_on_error = false
|
||||
}
|
||||
}
|
||||
|
||||
template {
|
||||
|
@ -238,8 +248,13 @@ add_header X-Frame-Options "SAMEORIGIN";
|
|||
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
|
||||
EOF
|
||||
destination = "local/security.conf"
|
||||
change_mode = "signal"
|
||||
change_signal = "SIGHUP"
|
||||
change_mode = "script"
|
||||
change_script {
|
||||
command = "/bin/sh"
|
||||
args = ["-c", "kill -SIGHUP $(cat /service/nginx/pid)"]
|
||||
timeout = "5s"
|
||||
fail_on_error = false
|
||||
}
|
||||
}
|
||||
|
||||
template {
|
||||
|
@ -265,15 +280,25 @@ server {
|
|||
}
|
||||
EOF
|
||||
destination = "local/streams.conf"
|
||||
change_mode = "signal"
|
||||
change_signal = "SIGHUP"
|
||||
change_mode = "script"
|
||||
change_script {
|
||||
command = "/bin/sh"
|
||||
args = ["-c", "kill -SIGHUP $(cat /service/nginx/pid)"]
|
||||
timeout = "5s"
|
||||
fail_on_error = false
|
||||
}
|
||||
}
|
||||
|
||||
template {
|
||||
data = var.upstreams
|
||||
destination = "local/upstreams.conf"
|
||||
change_mode = "signal"
|
||||
change_signal = "SIGHUP"
|
||||
change_mode = "script"
|
||||
change_script {
|
||||
command = "/bin/sh"
|
||||
args = ["-c", "kill -SIGHUP $(cat /service/nginx/pid)"]
|
||||
timeout = "5s"
|
||||
fail_on_error = false
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue