diff --git a/nixos/hosts/ingress-proxy/default.nix b/nixos/hosts/ingress-proxy/default.nix index 4d5731f..c351011 100644 --- a/nixos/hosts/ingress-proxy/default.nix +++ b/nixos/hosts/ingress-proxy/default.nix @@ -24,24 +24,28 @@ in { }; virtualHosts = let - static = { src ? null, url ? null, rev ? null, aliases ? [] }: { + defaultConfig = { http2 = true; http3 = true; forceSSL = true; enableACME = true; - + }; + static = { src ? null, url ? null, rev ? null, aliases ? [] }: { serverAliases = aliases; root = if src != null then src else builtins.fetchGit { inherit url rev; }; - }; + } // defaultConfig; + placeholder = { + locations."/" = { + alias = pkgs.writeText "placeholder.html" "

empty space

this site is not operational

"; + extraConfig = '' + default_type text/html; + ''; + }; + } // defaultConfig; in { # Matrix (main) - "mx.sapphic.engineer" = { - forceSSL = true; - enableACME = true; - http2 = true; - http3 = true; - + "mx.sapphic.engineer" = defaultConfig // { listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } { addr = "[::]"; port = 443; ssl = true; } @@ -64,12 +68,7 @@ in { ''; }; - "happ.ystatic.buzz" = { - forceSSL = true; - enableACME = true; - http2 = true; - http3 = true; - + "happ.ystatic.buzz" = defaultConfig // { locations."/" = { proxyPass = "http://hsb"; proxyWebsockets = true; @@ -89,18 +88,10 @@ in { rev = "8601d3a426bc07c715f265b2132b384c21397533"; }; - "oc.mekanoe.com" = static { - src = pkgs.writeText "oc.mekanoe.com" "down"; - }; + "oc.mekanoe.com" = placeholder; # Generic store for /.well-known/ paths. - "well-known.sapphic.engineer" = { - #serverAliases = [ "sapphic.engineer" ]; - forceSSL = false; - enableACME = true; - http2 = true; - http3 = true; - + "well-known.sapphic.engineer" = defaultConfig // { locations."=/.well-known/matrix/server" = let alias = pkgs.writeText "well-known-matrix-server" (builtins.toJSON { "m.server" = "mx.sapphic.engineer";