modules/nixos/hellohtml.linus.onl/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

{
  lib,
  config,
  ...
}: let
  inherit (lib) mkEnableOption mkIf;

  cfg = config.modules."hellohtml.linus.onl";
in {
  options.modules."hellohtml.linus.onl" = {
    enable = mkEnableOption "hellohtml.linus.onl site";

    useACME = mkEnableOption "built-in HTTPS stuff";
  };

  config = mkIf cfg.enable {
    # Start service listening on socket /tmp/hellohtml.sock
    services.hellohtml = {
      enable = true;
    };

    # Register domain name.
    services.cloudflare-dyndns.domains = ["hellohtml.linus.onl"];

    # Use NGINX as reverse proxy.
    services.nginx.virtualHosts."hellohtml.linus.onl" = {
      enableACME = cfg.useACME;
      forceSSL = cfg.useACME;
      locations."/" = rec {
        proxyPass = "http://localhost:8538";
        # Disable settings that might mess with the text/event-stream response of the /listen/:id endpoint.
        # NOTE: These settings work in tanden with Cloudflare Proxy settings descibed here:
        #       https://blog.devops.dev/implementing-server-sent-events-with-fastapi-nginx-and-cloudflare-10ede1dffc18
        extraConfig = ''
            location /listen/ {
              # Have to duplicate this here, as this directive is not inherited.
              # See: https://blog.martinfjordvald.com/understanding-the-nginx-configuration-inheritance-model/
              # See: https://serverfault.com/q/1082562
              proxy_pass ${proxyPass};
              # Disable connection header.
              # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Connection
              # See: https://www.nginx.com/blog/avoiding-top-10-nginx-configuration-mistakes/#no-keepalives
              proxy_set_header Connection \'\';
              # Disable buffering. This is crucial for SSE to ensure that
              # messages are sent immediately without waiting for a buffer to
              # fill.
              proxy_buffering off;
              # Disable caching to ensure that all messages are sent and received
              # in real-time without being cached by the proxy.
              proxy_cache off;
              # Set a long timeout for reading from the proxy to prevent the
              # connection from timing out. You may need to adjust this value
              # based on your specific requirements.
              proxy_read_timeout 86400;
            }
        '';
      };
    };
  };
}