diff options
author | Dominique Martinet @ jormungand <asmadeus@codewreck.org> | 2020-05-09 17:14:35 +0200 |
---|---|---|
committer | Dominique Martinet @ jormungand <asmadeus@codewreck.org> | 2020-05-09 20:52:15 +0200 |
commit | 742a25ecd9d7a56cdf06060c2c5459db607ae58e (patch) | |
tree | f4458e0c395e92a4c4be9ac760f010d263f5ef59 /machines/jormungand/nginx.nix | |
parent | 3f84829d2585c752220df44c796117cf3ea3bcee (diff) |
nginx: move from container to host + systemd.services.x.confinement
Also from this commit on, there are no secrets left!
If you read this, mpd password has been changed and
was randomly generated anyway, don't bother :P
Diffstat (limited to 'machines/jormungand/nginx.nix')
-rw-r--r-- | machines/jormungand/nginx.nix | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/machines/jormungand/nginx.nix b/machines/jormungand/nginx.nix new file mode 100644 index 0000000..1e9bd7c --- /dev/null +++ b/machines/jormungand/nginx.nix @@ -0,0 +1,45 @@ +{ config, pkgs, ... }: + +{ + imports = [ ../../modules/nginx.nix ]; + + services.nginx.virtualHosts = { + "jormungand.codewreck.org" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8080"; + }; + # /var/spool/nginx/mpd.htpasswd has been populated manually + # until proper secrets get managed... + extraConfig = '' + auth_basic "mpd"; + auth_basic_user_file /var/spool/nginx/mpd.htpasswd; + ''; + }; + + "matrix.codewreck.org" = { + forceSSL = true; + enableACME = true; + locations."/".extraConfig = '' + return 404; + ''; + locations."/_matrix" = { + proxyPass = "http://[::1]:8008"; + }; + }; + + "riot.codewreck.org" = { + forceSSL = true; + enableACME = true; + root = pkgs.riot-web.override { + conf = { + default_server_config."m.homeserver" = { + "base_url" = "https://matrix.codewreck.org"; + "server_name" = "codewreck.org"; + }; + }; + }; + }; + }; +} |