From dfa4431c47fb8df3d132195eaa19f5a7c0524adf Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 9 Apr 2020 16:28:25 +0200 Subject: [PATCH] nginx: utilisation fonctions --- systems/LoutreOS/web.nix | 118 +++++++++------------------------------ 1 file changed, 27 insertions(+), 91 deletions(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index ce4c50a..b639fc7 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -133,110 +133,45 @@ in ''; }; in { - "nyanlout.re" = { - default = true; - enableACME = true; - forceSSL = true; - locations = { - "/" = { - alias = "/var/www/site-perso/"; - }; - "/errorpages/" = { - alias = "/var/www/errorpages/"; - }; - "/.well-known/openpgpkey/" = { - alias = "/var/lib/gnupg/wks/nyanlout.re"; - extraConfig = '' - add_header Access-Control-Allow-Origin * always; - ''; - }; + "nyanlout.re" = base { + "/" = { + alias = "/var/www/site-perso/"; }; - }; - "riot.nyanlout.re" = { - enableACME = true; - forceSSL = true; - locations = { "/" = { root = pkgs.riot-web; }; }; - }; - "factorio.nyanlout.re" = { - enableACME = true; - forceSSL = true; - locations = { "/" = { root = "/var/www/factorio"; }; }; - }; - "minecraft.nyanlout.re" = { - enableACME = true; - forceSSL = true; - locations = { "/" = { root = "/var/www/minecraft-overviewer"; }; }; - }; - "musique-meyenheim.fr" = { - enableACME = true; - forceSSL = true; - locations = { - "/" = { - proxyPass = "http://unix:/run/site-musique.sock"; - }; - "/static/" = { - alias = "/var/www/site-musique/staticfiles/"; - }; - "/media/" = { - alias = "/var/www/site-musique/media/"; - }; + "/errorpages/" = { + alias = "/var/www/errorpages/"; }; - }; - "maxspiegel.fr" = { - enableACME = true; - forceSSL = true; - locations."/" = { - root = "/run/python-ci/nyanloutre/site-max"; - }; - }; - "social.nyanlout.re" = { - enableACME = true; - forceSSL = true; - - root = "${config.services.mastodon.package}/public/"; - - locations."/system/".alias = "/var/lib/mastodon/public-system/"; - - locations."/" = { - tryFiles = "$uri @proxy"; - }; - - locations."@proxy" = { - proxyPass = "http://127.0.0.1:${toString(config.services.mastodon.webPort)}"; - proxyWebsockets = true; + "/.well-known/openpgpkey/" = { + alias = "/var/lib/gnupg/wks/nyanlout.re"; extraConfig = '' - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + add_header Access-Control-Allow-Origin * always; ''; }; - - locations."/api/v1/streaming/" = { - proxyPass = "http://127.0.0.1:${toString(config.services.mastodon.streamingPort)}/"; - proxyWebsockets = true; - extraConfig = '' - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - ''; + } // { default = true; }; + "riot.nyanlout.re" = base { "/" = { root = pkgs.riot-web; }; }; + "factorio.nyanlout.re" = base { "/" = { root = "/var/www/factorio"; }; }; + "minecraft.nyanlout.re" = base { "/" = { root = "/var/www/minecraft-overviewer"; }; }; + "musique-meyenheim.fr" = base { + "/" = { + proxyPass = "http://unix:/run/site-musique.sock"; + }; + "/static/" = { + alias = "/var/www/site-musique/staticfiles/"; + }; + "/media/" = { + alias = "/var/www/site-musique/media/"; }; }; - "stream.nyanlout.re" = { - enableACME = true; - forceSSL = true; - root = "/var/www/hls/"; - - locations."/" = { + "maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; + "stream.nyanlout.re" = base { + "/" = { + root = "/var/www/hls/" extraConfig = '' add_header Cache-Control no-cache; add_header Access-Control-Allow-Origin *; ''; }; }; - "login.nyanlout.re" = { - enableACME = true; - forceSSL = true; - - locations."/" = { - proxyPass = "http://127.0.0.1:${toString(config.services.nginx.sso.configuration.listen.port)}/"; - }; - }; + "login.nyanlout.re" = simpleReverse config.services.nginx.sso.configuration.listen.port; "grafana.nyanlout.re" = authReverse config.services.grafana.port; "transmission.nyanlout.re" = authReverse config.services.transmission.port; "radarr.nyanlout.re" = authReverse 7878; @@ -321,6 +256,7 @@ in mastodon = { enable = true; localDomain = "social.nyanlout.re"; + configureNginx = true; extraConfig = { SMTP_AUTH_METHOD = "none"; SMTP_OPENSSL_VERIFY_MODE = "none";