noe/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nixos/nixos/hosts/ingress-proxy/default.nix
noe b7aba3c963 ingress-proxy: fix
2023-12-29 21:20:41 -05:00

85 lines
2.2 KiB
Nix
Raw Blame History

{ lib, pkgs, ... }: let
tsHost = name: port: "${name}.hoki-porgy.ts.net:${toString port}";
in {
imports = [
../../templates/proxmox-lxc.nix
../../server.nix
../../features/dns-cache.nix
../../features/nginx.nix
];
networking.hostName = "ingress-proxy";
system.stateVersion = "24.05";
nixpkgs.hostPlatform = "x86_64-linux";
networking.firewall.allowedTCPPorts = [ 80 443 8448 ];
networking.firewall.allowedUDPPorts = [ 80 443 8448 ];
services.nginx = {
recommendedTlsSettings = true;
upstreams = {
mango.servers."${tsHost "mango" 6167}" = {};
};
virtualHosts = {
# Matrix (main)
"mx.sapphic.engineer" = {
#forceSSL = true;
#enableACME = true;
listen = [
{ addr = "0.0.0.0"; port = 443; ssl = true; }
{ addr = "[::]"; port = 443; ssl = true; }
{ addr = "0.0.0.0"; port = 8448; ssl = true; }
{ addr = "[::]"; port = 8448; ssl = true; }
];
locations."/_matrix/" = {
proxyPass = "http://mango";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_buffering off;
'';
};
extraConfig = ''
merge_slashes off;
'';
};
# Generic store for /.well-known/ paths.
"well-known.sapphic.engineer" = {
#forceSSL = true;
#enableACME = true;
locations."=/.well-known/matrix/server" = let
alias = pkgs.writeText "well-known-matrix-server" (builtins.toJSON {
"m.server" = "mx.sapphic.engineer";
});
in {
alias = "${alias}";
extraConfig = ''
default_type application/json;
'';
};
locations."=/.well-known/matrix/client" = let
alias = pkgs.writeText "well-known-matrix-client" (builtins.toJSON {
"m.homeserver" = {
base_url = "https://mx.sapphic.engineer";
};
});
in {
alias = "${alias}";
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin "*";
'';
};
};
};
};
}
Reference in a new issue View git blame Copy permalink