diff options
Diffstat (limited to 'Biz/Cloud')
| -rw-r--r-- | Biz/Cloud/Chat.nix | 10 | ||||
| -rw-r--r-- | Biz/Cloud/Web.nix | 82 |
2 files changed, 68 insertions, 24 deletions
diff --git a/Biz/Cloud/Chat.nix b/Biz/Cloud/Chat.nix index bc97973..6f8ac3a 100644 --- a/Biz/Cloud/Chat.nix +++ b/Biz/Cloud/Chat.nix @@ -2,6 +2,9 @@ # # a homeserver for matrix.org. # +# this uses the config.networking.domain as the ACME host. be sure to add the +# fqdn and element subdomains to security.acme.certs.<name>.extraDomainNames +# # - nixos manual: https://nixos.org/nixos/manual/index.html#module-services-matrix # # to create new users: @@ -72,8 +75,8 @@ in { }; # reverse proxy for matrix client-server and server-server communication "${fqdn}" = { - enableACME = true; forceSSL = true; + useACMEHost = config.networking.domain; locations."/".extraConfig = '' return 404; ''; @@ -90,11 +93,8 @@ in { # https://github.com/vector-im/element-web#important-security-note # services.nginx.virtualHosts."${element}" = { - enableACME = true; + useACMEHost = config.networking.domain; forceSSL = true; - serverAliases = [ - "chat.${config.networking.domain}" - ]; root = pkgs.element-web; }; } diff --git a/Biz/Cloud/Web.nix b/Biz/Cloud/Web.nix index acd5c2f..56eeb2d 100644 --- a/Biz/Cloud/Web.nix +++ b/Biz/Cloud/Web.nix @@ -1,6 +1,7 @@ -{ ... }: +{ config, ... }: let + rootDomain = config.networking.domain; bensIp = "24.140.84.23"; in { @@ -11,31 +12,74 @@ in recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; + + group = "users"; + virtualHosts = { - "bsima.me".root = "/home/ben/public_html/"; - "www.bsima.me".root = "/home/ben/public_html/"; - "simatime.com".locations."/".root = "/srv/www/"; - "firefoxsync.simatime.com".locations."/".proxyPass = "http://localhost:5001"; - "hero.simatime.com".locations."/".proxyPass = "http://${bensIp}:3001"; - "tv.simatime.com".locations."/".proxyPass = "http://${bensIp}:8096"; # emby runs on port 8096 - "deluge.simatime.com".locations."/".proxyPass = "http://${bensIp}:8112"; - - "notebook.simatime.com".locations = { - "/" = { - proxyPass = "http://${bensIp}:3099"; - proxyWebsockets = true; - extraConfig = '' - proxy_buffering off; - proxy_read_timeout 86400; + ${rootDomain} = { + locations."/".root = "/srv/www/"; + # serve /~$USER paths + locations."~ ^/~(.+?)(/.*)?$" = { + alias = "/home/$1/public_html$2"; + index = "index.html index.htm"; + extraConfig = '' + autoindex on; ''; }; - "/(api/kernels/[^/]+/channels|terminals/websocket)/" = { - proxyPass = "http://${bensIp}:3099"; - proxyWebsockets = true; + forceSSL = true; + enableACME = true; + }; + + "bsima.me" = { + locations."/" = { + root = "/home/ben/public_html/"; + index = "index.html index.htm"; + extraConfig = '' + autoindex on; + ''; }; + serverAliases = [ "www.bsima.me" ]; + forceSSL = true; + useACMEHost = rootDomain; + }; + + "tv.${rootDomain}" = { + locations."/".proxyPass = "http://${bensIp}:8096"; # emby runs on port 8096 + forceSSL = true; + useACMEHost = rootDomain; }; + + "devalloc.io" = { + locations."/".proxyPass = "http://${bensIp}:8095"; + forceSSL = true; + useACMEHost = rootDomain; + }; + + # Jupyter is currently disabled on Biz.Dev + #"notebook.simatime.com".locations = { + # "/" = { + # proxyPass = "http://${bensIp}:3099"; + # proxyWebsockets = true; + # extraConfig = '' + # proxy_buffering off; + # proxy_read_timeout 86400; + # ''; + # }; + # "/(api/kernels/[^/]+/channels|terminals/websocket)/" = { + # proxyPass = "http://${bensIp}:3099"; + # proxyWebsockets = true; + # }; + #}; }; }; }; + + # This must contain all of the other domains we host + security.acme.certs.${rootDomain}.extraDomainNames = [ + "bsima.me" "www.bsima.me" "tv.${rootDomain}" + "devalloc.io" + "matrix.${rootDomain}" + "chat.${rootDomain}" + ];# } |