soopy.moe / gensokyo
nixos config
fork atom

host(koumakan): fix nginx stream config

Sophie Cheung 8f3aa830 f443353f

options
unified split
Changed files
+20
systems
koumakan
services
proxies
nginx-stream.nix
+20
systems/koumakan/services/proxies/nginx-stream.nix
··· 1 1 { 2 + systemd.tmpfiles.settings."nginx-stream-log"."/var/log/nginx/stream"."d" = { 3 + user = "nginx"; 4 + group = "nginx"; 5 + mode = "0750"; 6 + }; 7 + systemd.services.nginx.serviceConfig = { 8 + # needed for transparent proxying 9 + CapabilityBoundingSet = ["CAP_NET_RAW"]; 10 + AmbientCapabilities = ["CAP_NET_RAW"]; 11 + }; 12 + 2 13 services.nginx.streamConfig = '' 14 + resolver 100.100.100.100; 15 + proxy_bind $remote_addr transparent; 3 16 proxy_connect_timeout 1s; 4 17 proxy_timeout 30s; 18 + 19 + log_format basic_stream '$remote_addr [$time_local] ' 20 + '$protocol $status $bytes_sent $bytes_received ' 21 + '$session_time'; 22 + 23 + error_log /var/log/nginx/stream/error.log; 24 + access_log /var/log/nginx/stream/access.log basic_stream; 5 25 6 26 # data 7 27 server {