diff options
Diffstat (limited to 'hosts/kay/modules/www.nix')
| -rw-r--r-- | hosts/kay/modules/www.nix | 134 |
1 files changed, 0 insertions, 134 deletions
diff --git a/hosts/kay/modules/www.nix b/hosts/kay/modules/www.nix deleted file mode 100644 index 3891bf6..0000000 --- a/hosts/kay/modules/www.nix +++ /dev/null @@ -1,134 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - domain = config.userdata.domain; - fscusat = "fscusat.org"; - mark = "themark.ing"; - storage = "/hdd/users/sftp/shr"; -in -{ - imports = [ - ./dendrite.nix - ./matrix-sliding-sync.nix - ./cgit.nix - ]; - - security.acme.certs.${domain}.postRun = "systemctl reload nginx.service"; - networking.firewall = { - allowedTCPPorts = [ 80 443 ]; - allowedUDPPorts = [ 443 ]; - }; - - services.nginx = { - enable = true; - package = pkgs.nginxQuic; - enableQuicBPF = true; - - recommendedTlsSettings = true; - recommendedZstdSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - recommendedBrotliSettings = true; - eventsConfig = "worker_connections 1024;"; - - virtualHosts = let - defaultOpts = { - quic = true; - http3 = true; - forceSSL = true; - useACMEHost = domain; - }; - in { - "${domain}" = defaultOpts // { - default = true; - globalRedirect = "www.${domain}"; - - extraConfig = '' - client_max_body_size ${toString - config.services.dendrite.settings.media_api.max_file_size_bytes - }; - ''; - - locations = { - "/.well-known/matrix/server".return = '' - 200 '{ "m.server": "${domain}:443" }' - ''; - - "/.well-known/matrix/client".return = '' - 200 '${builtins.toJSON { - "m.homeserver".base_url = "https://${domain}"; - "org.matrix.msc3575.proxy".url = "https://${domain}"; - }}' - ''; - - "/_matrix".proxyPass = "http://127.0.0.1:${toString - config.services.dendrite.httpPort - }"; - - "/_matrix/client/unstable/org.matrix.msc3575/sync".proxyPass = - "http://${config.services.matrix-sliding-sync.settings.SYNCV3_BINDADDR}"; - }; - }; - - "www.${domain}" = defaultOpts // { - root = "/var/www/${domain}"; - }; - - "git.${domain}" = defaultOpts; - - "bin.${domain}" = defaultOpts // { - root = "${storage}/bin"; - locations."= /".return = "307 https://www.${domain}"; - }; - - "static.${domain}" = defaultOpts // { - root = "${storage}/static"; - locations."= /".return = "301 https://www.${domain}"; - }; - - "${fscusat}" = defaultOpts // { - useACMEHost = null; - enableACME = true; - - globalRedirect = "www.${fscusat}"; - }; - "www.${fscusat}" = defaultOpts // { - useACMEHost = null; - enableACME = true; - - locations."/" = { - return = "200 '<h1>under construction</h1>'"; - extraConfig = "add_header Content-Type text/html;"; - }; - }; - - "${mark}" = defaultOpts // { - useACMEHost = null; - enableACME = true; - - globalRedirect = "www.${mark}"; - }; - "www.${mark}" = defaultOpts // { - useACMEHost = null; - enableACME = true; - - locations."/" = { - return = "200 '<h1>under construction, see you soon</h1>'"; - extraConfig = "add_header Content-Type text/html;"; - }; - }; - - "mta-sts.${domain}" = defaultOpts // { - locations."= /.well-known/mta-sts.txt".return = ''200 "${ - lib.strings.concatStringsSep "\\n" [ - "version: STSv1" - "mode: enforce" - "mx: mail.${domain}" - "max_age: 86400" - ] - }"''; - }; - }; - }; -} |