dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
30c8913c08
nixfiles/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix

92 lines
2.3 KiB
Nix
Raw Blame History

{ lib, pkgs, config, ... }:
let
inherit (builtins) mapAttrs;
inherit (lib) mkMerge mkDefault genAttrs;
in
{
services.nginx.virtualHosts =
let
hosts = {
"_" = {
default = true;
forceSSL = true;
onlySSL = false;
};
"pass.nul.ie" =
let
upstream = "http://vaultwarden-ctr.${config.networking.domain}";
in
{
locations = {
"/".proxyPass = upstream;
"/notifications/hub" = {
proxyPass = upstream;
proxyWebsockets = true;
};
"/notifications/hub/negotiate".proxyPass = upstream;
};
useACMEHost = lib.my.pubDomain;
};
"matrix.nul.ie" = {
globalRedirect = "element.nul.ie";
useACMEHost = lib.my.pubDomain;
};
"element.nul.ie" =
let
headers = ''
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "frame-ancestors 'none'";
'';
in
{
extraConfig = ''
${headers}
'';
root = pkgs.element-web.override {
conf = {
brand = "/dev/player0's Matrix";
showLabsSettings = true;
disable_guests = true;
default_server_config = {
"m.homeserver" = {
base_url = "https://matrix.nul.ie";
server_name = "nul.ie";
};
};
roomDirectory.servers = [
"nul.ie"
"netsoc.ie"
"matrix.org"
];
};
};
locations = mkMerge [
{ }
(genAttrs [ "= /index.html" "= /version" "/config" ] (_: {
extraConfig = ''
# Gotta duplicate the headers...
# https://github.com/yandex/gixy/blob/master/docs/en/plugins/addheaderredefinition.md
${headers}
add_header Cache-Control "no-cache";
'';
}))
];
useACMEHost = lib.my.pubDomain;
};
};
in
mkMerge [
hosts
(mapAttrs (n: _: {
onlySSL = mkDefault true;
useACMEHost = mkDefault "${config.networking.domain}";
kTLS = mkDefault true;
http2 = mkDefault true;
}) hosts)
];
}
Reference in New Issue View Git Blame Copy Permalink