noe/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

ingress: reduce to matrix

Browse source
This commit is contained in:
41666 2023-12-29 14:31:16 -05:00
parent d36b35436c
commit f9ecf557e3
5 changed files with 241 additions and 307 deletions
Download patch file Download diff file Expand all files Collapse all files

115
nixos/hosts/ingress-proxy/default.nix
View file

@ -1,54 +1,5 @@
{ lib, ... }: let
tsHost = x: "http://${x}.hoki-porgy.ts.net";
aliases = x: { serverAliases = x; };
routes = [
{
host = "warme.st";
target = tsHost "honeydew";
extra = aliases [ "colde.st" ];
}
{
host = "saerro.ps2.live";
target = tsHost "durian";
extra = aliases [ "agg.ps2.live" "metagame.ps2.live" ];
}
{
host = "mx.sapphic.engineer";
target = tsHost "mango";
extra = aliases [ "i.mx.sapphic.engineer" ];
}
{
host = "static-sites.foxxolay.net";
target = tsHost "juniper";
extra = aliases [
"mekanoe.com"
"foxxolay.com"
"foxxolay.net"
"inaayoka.com"
"kat.cafe"
];
}
{
host = "ml.colde.st";
target = tsHost "lab-alpha";
extra = {};
}
];
proxyConfig = {
forceSSL = true;
#useHTTP3 = true;
#useHTTP2 = true;
enableACME = true;
};
virtualHosts = {
"m.la.mekanoe.com" = {
locations."/".proxyPass = tsHost "lab-alpha";
} // proxyConfig;
};
{ lib, pkgs, ... }: let
tsHost = x: "http://${x}.hoki-porgy.ts.net";
in {
imports = [
../../templates/proxmox-lxc.nix
@ -60,9 +11,67 @@ in {
networking.hostName = "ingress-proxy";
system.stateVersion = "24.05";
nixpkgs.hostPlatform = "x86_64-linux";
networking.firewall.allowedTCPPorts = [ 80 443 8448 ];
networking.firewall.allowedUDPPorts = [ 80 443 8448 ];
services.nginx = {
inherit virtualHosts;
recommendedTlsSettings = true;
recommendedTlsSettings = true;
virtualHosts = {
# Matrix (main)
"mx.sapphic.engineer" = {
forceSSL = true;
enableACME = true;
listen = [
{ addr = "0.0.0.0"; port = 443; ssl = true; }
{ addr = "[::]"; port = 443; ssl = true; }
{ addr = "0.0.0.0"; port = 8448; ssl = true; }
{ addr = "[::]"; port = 8448; ssl = true; }
];
locations."/_matrix/" = {
proxyPass = "${tsHost "mango"}:6167";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_buffering off;
'';
};
extraConfig = ''
merge_slashes off;
'';
};
# Generic store for /.well-known/ paths.
"well-known.sapphic.engineer" = {
forceSSL = true;
enableACME = true;
locations."=/.well-known/matrix/server" = {
alias = pkgs.writeText "well-known-matrix-server" builtins.toJSON {
"m.server" = "mx.sapphic.engineer";
};
extraConfig = ''
default_type application/json;
'';
};
locations."=/.well-known/matrix/client" = {
alias = pkgs.writeText "well-known-matrix-client" builtins.toJSON {
"m.homeserver" = {
base_url = "https://mx.sapphic.engineer";
};
};
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin "*";
'';
};
};
};
};
}

22
nixos/hosts/mango/default.nix Normal file
View file

@ -0,0 +1,22 @@
{ inputs, pkgs, config, ... }: {
imports = [
../../templates/proxmox-lxc.nix
../../server.nix
../../features/dns-cache.nix
];
networking.hostName = "mango";
system.stateVersion = "24.05";
nixpkgs.hostPlatform = "x86_64-linux";
networking.firewall.allowedTCPPorts = [ config.services.matrix-conduit.settings.global.port ];
networking.firewall.allowedUDPPorts = [ config.services.matrix-conduit.settings.global.port ];
services.matrix-conduit = {
enable = true;
package = inputs.conduit.packages.${pkgs.system}.default;
settings.global = {
server_name = "sapphic.engineer";
};
};
}