sail: Remove Matrix from CF

2023-03-06 18:23:32 +01:00 · 2023-03-06 18:23:32 +01:00 · 0bc2169913
commit 0bc2169913
parent c088193e28
4 changed files with 78 additions and 64 deletions
--- a/system/nixos/freshrss.nix
+++ b/system/nixos/freshrss.nix
@ -20,33 +20,31 @@
  };
  # Based on: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/web-apps/freshrss.nix
-  services.nginx = {
+  services.nginx.virtualHosts."${secret.freshrss.virtualHost}" = {
-    virtualHosts."${secret.freshrss.virtualHost}" = {
+    http3 = true;
      http3 = true;
-      root = "${config.services.freshrss.package}/p";
+    root = "${config.services.freshrss.package}/p";
-      forceSSL = true;
+    forceSSL = true;
-      useACMEHost = "kempkens.io";
+    useACMEHost = "kempkens.io";
-      # php files handling
+    # php files handling
-      # this regex is mandatory because of the API
+    # this regex is mandatory because of the API
-      locations."~ ^.+?\.php(/.*)?$".extraConfig = ''
+    locations."~ ^.+?\.php(/.*)?$".extraConfig = ''
-        fastcgi_pass unix:${config.services.phpfpm.pools.${config.services.freshrss.pool}.socket};
+      fastcgi_pass unix:${config.services.phpfpm.pools.${config.services.freshrss.pool}.socket};
-        fastcgi_split_path_info ^(.+\.php)(/.*)$;
+      fastcgi_split_path_info ^(.+\.php)(/.*)$;
-        # By default, the variable PATH_INFO is not set under PHP-FPM
+      # By default, the variable PATH_INFO is not set under PHP-FPM
-        # But FreshRSS API greader.php need it. If you have a “Bad Request” error, double check this var!
+      # But FreshRSS API greader.php need it. If you have a “Bad Request” error, double check this var!
-        # NOTE: the separate $path_info variable is required. For more details, see:
+      # NOTE: the separate $path_info variable is required. For more details, see:
-        # https://trac.nginx.org/nginx/ticket/321
+      # https://trac.nginx.org/nginx/ticket/321
-        set $path_info $fastcgi_path_info;
+      set $path_info $fastcgi_path_info;
-        fastcgi_param PATH_INFO $path_info;
+      fastcgi_param PATH_INFO $path_info;
-        include ${config.services.nginx.package}/conf/fastcgi_params;
+      include ${config.services.nginx.package}/conf/fastcgi_params;
-        include ${config.services.nginx.package}/conf/fastcgi.conf;
+      include ${config.services.nginx.package}/conf/fastcgi.conf;
-      '';
+    '';
-      locations."/" = {
+    locations."/" = {
-        tryFiles = "$uri $uri/ index.php";
+      tryFiles = "$uri $uri/ index.php";
-        index = "index.php index.html index.htm";
+      index = "index.php index.html index.htm";
      };
    };
  };
 }
--- a/system/nixos/libreddit.nix
+++ b/system/nixos/libreddit.nix
@ -8,18 +8,16 @@
    port = 8002;
  };
-  services.nginx = {
+  services.nginx.virtualHosts."${secret.nginx.hostnames.libreddit}" = {
-    virtualHosts."${secret.nginx.hostnames.libreddit}" = {
+    http3 = true;
      http3 = true;
-      forceSSL = true;
+    forceSSL = true;
-      useACMEHost = "daniel.sx";
+    useACMEHost = "daniel.sx";
-      basicAuthFile = config.age.secrets.libreddit-auth.path;
+    basicAuthFile = config.age.secrets.libreddit-auth.path;
-      locations."/" = {
+    locations."/" = {
-        recommendedProxySettings = true;
+      recommendedProxySettings = true;
-        proxyPass = "http://127.0.0.1:8002";
+      proxyPass = "http://127.0.0.1:8002";
      };
    };
  };
 }
--- a/system/nixos/mastodon.nix
+++ b/system/nixos/mastodon.nix
@ -70,41 +70,41 @@ in
    extraEnvFiles = [ config.age.secrets.mastodon-extra-config.path ];
  };
-  services.nginx = {
+  services.nginx.virtualHosts."${web-domain}" = {
-    virtualHosts."${web-domain}" = {
+    http3 = true;
      http3 = true;
-      root = "${config.services.mastodon.package}/public/";
+    root = "${config.services.mastodon.package}/public/";
-      forceSSL = true;
+    forceSSL = true;
-      useACMEHost = "kempkens.io";
+    useACMEHost = "kempkens.io";
-      locations."/system/" = {
+    locations."/system/" = {
-        extraConfig = ''
+      extraConfig = ''
-          rewrite ^/system/?(.*)$ https://mastodon-cdn.kempkens.io/$1 permanent;
+        rewrite ^/system/?(.*)$ https://mastodon-cdn.kempkens.io/$1 permanent;
-        '';
+      '';
-      };
+    };
-      locations."/" = {
+    locations."/" = {
-        tryFiles = "$uri @proxy";
+      tryFiles = "$uri @proxy";
-      };
+    };
-      locations."@proxy" = {
+    locations."@proxy" = {
-        recommendedProxySettings = true;
+      recommendedProxySettings = true;
-        proxyPass = "http://unix:/run/mastodon-web/web.socket";
+      proxyPass = "http://unix:/run/mastodon-web/web.socket";
-        proxyWebsockets = true;
+      proxyWebsockets = true;
        extraConfig = ''
          proxy_force_ranges on;
        '';
      };
-      locations."/api/v1/streaming/" = {
+      extraConfig = ''
-        recommendedProxySettings = true;
+        proxy_force_ranges on;
-        proxyPass = "http://unix:/run/mastodon-streaming/streaming.socket";
+      '';
-        proxyWebsockets = true;
+    };
-        extraConfig = ''
+
-          proxy_force_ranges on;
+    locations."/api/v1/streaming/" = {
-        '';
+      recommendedProxySettings = true;
-      };
+      proxyPass = "http://unix:/run/mastodon-streaming/streaming.socket";
      proxyWebsockets = true;
      extraConfig = ''
        proxy_force_ranges on;
      '';
    };
  };
--- a/system/nixos/synapse.nix
+++ b/system/nixos/synapse.nix
@ -88,4 +88,22 @@
  };
  networking.firewall.interfaces."enp7s0".allowedTCPPorts = [ 8008 ];
  services.nginx.virtualHosts."matrix.kempkens.io" = {
    http3 = true;
    forceSSL = true;
    useACMEHost = "kempkens.io";
    locations."/" = {
      recommendedProxySettings = true;
      proxyPass = "http://127.0.0.1:8008";
      proxyWebsockets = true;
      extraConfig = ''
        client_max_body_size 50m;
        proxy_force_ranges on;
      '';
    };
  };
 }