1
0
Fork 0

sail: Remove Matrix from CF

This commit is contained in:
Daniel Kempkens 2023-03-06 18:23:32 +01:00
parent c088193e28
commit 0bc2169913
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
4 changed files with 78 additions and 64 deletions

View file

@ -20,33 +20,31 @@
};
# Based on: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/web-apps/freshrss.nix
services.nginx = {
virtualHosts."${secret.freshrss.virtualHost}" = {
http3 = true;
services.nginx.virtualHosts."${secret.freshrss.virtualHost}" = {
http3 = true;
root = "${config.services.freshrss.package}/p";
forceSSL = true;
useACMEHost = "kempkens.io";
root = "${config.services.freshrss.package}/p";
forceSSL = true;
useACMEHost = "kempkens.io";
# php files handling
# this regex is mandatory because of the API
locations."~ ^.+?\.php(/.*)?$".extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools.${config.services.freshrss.pool}.socket};
fastcgi_split_path_info ^(.+\.php)(/.*)$;
# By default, the variable PATH_INFO is not set under PHP-FPM
# But FreshRSS API greader.php need it. If you have a “Bad Request” error, double check this var!
# NOTE: the separate $path_info variable is required. For more details, see:
# https://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
include ${config.services.nginx.package}/conf/fastcgi_params;
include ${config.services.nginx.package}/conf/fastcgi.conf;
'';
# php files handling
# this regex is mandatory because of the API
locations."~ ^.+?\.php(/.*)?$".extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools.${config.services.freshrss.pool}.socket};
fastcgi_split_path_info ^(.+\.php)(/.*)$;
# By default, the variable PATH_INFO is not set under PHP-FPM
# But FreshRSS API greader.php need it. If you have a “Bad Request” error, double check this var!
# NOTE: the separate $path_info variable is required. For more details, see:
# https://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
include ${config.services.nginx.package}/conf/fastcgi_params;
include ${config.services.nginx.package}/conf/fastcgi.conf;
'';
locations."/" = {
tryFiles = "$uri $uri/ index.php";
index = "index.php index.html index.htm";
};
locations."/" = {
tryFiles = "$uri $uri/ index.php";
index = "index.php index.html index.htm";
};
};
}

View file

@ -8,18 +8,16 @@
port = 8002;
};
services.nginx = {
virtualHosts."${secret.nginx.hostnames.libreddit}" = {
http3 = true;
services.nginx.virtualHosts."${secret.nginx.hostnames.libreddit}" = {
http3 = true;
forceSSL = true;
useACMEHost = "daniel.sx";
basicAuthFile = config.age.secrets.libreddit-auth.path;
forceSSL = true;
useACMEHost = "daniel.sx";
basicAuthFile = config.age.secrets.libreddit-auth.path;
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8002";
};
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8002";
};
};
}

View file

@ -70,41 +70,41 @@ in
extraEnvFiles = [ config.age.secrets.mastodon-extra-config.path ];
};
services.nginx = {
virtualHosts."${web-domain}" = {
http3 = true;
services.nginx.virtualHosts."${web-domain}" = {
http3 = true;
root = "${config.services.mastodon.package}/public/";
forceSSL = true;
useACMEHost = "kempkens.io";
root = "${config.services.mastodon.package}/public/";
forceSSL = true;
useACMEHost = "kempkens.io";
locations."/system/" = {
extraConfig = ''
rewrite ^/system/?(.*)$ https://mastodon-cdn.kempkens.io/$1 permanent;
'';
};
locations."/system/" = {
extraConfig = ''
rewrite ^/system/?(.*)$ https://mastodon-cdn.kempkens.io/$1 permanent;
'';
};
locations."/" = {
tryFiles = "$uri @proxy";
};
locations."/" = {
tryFiles = "$uri @proxy";
};
locations."@proxy" = {
recommendedProxySettings = true;
proxyPass = "http://unix:/run/mastodon-web/web.socket";
proxyWebsockets = true;
extraConfig = ''
proxy_force_ranges on;
'';
};
locations."@proxy" = {
recommendedProxySettings = true;
proxyPass = "http://unix:/run/mastodon-web/web.socket";
proxyWebsockets = true;
locations."/api/v1/streaming/" = {
recommendedProxySettings = true;
proxyPass = "http://unix:/run/mastodon-streaming/streaming.socket";
proxyWebsockets = true;
extraConfig = ''
proxy_force_ranges on;
'';
};
extraConfig = ''
proxy_force_ranges on;
'';
};
locations."/api/v1/streaming/" = {
recommendedProxySettings = true;
proxyPass = "http://unix:/run/mastodon-streaming/streaming.socket";
proxyWebsockets = true;
extraConfig = ''
proxy_force_ranges on;
'';
};
};

View file

@ -88,4 +88,22 @@
};
networking.firewall.interfaces."enp7s0".allowedTCPPorts = [ 8008 ];
services.nginx.virtualHosts."matrix.kempkens.io" = {
http3 = true;
forceSSL = true;
useACMEHost = "kempkens.io";
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8008";
proxyWebsockets = true;
extraConfig = ''
client_max_body_size 50m;
proxy_force_ranges on;
'';
};
};
}