nginx: move from container to host + systemd.services.x.confinement

Also from this commit on, there are no secrets left!
If you read this, mpd password has been changed and
was randomly generated anyway, don't bother :P

1 files changed, 45 insertions, 0 deletions

diff --git a/machines/jormungand/nginx.nix b/machines/jormungand/nginx.nix
new file mode 100644
index 0000000..1e9bd7c
--- /dev/null
+++ b/machines/jormungand/nginx.nix
@@ -0,0 +1,45 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [ ../../modules/nginx.nix ];
+
+  services.nginx.virtualHosts =  {
+    "jormungand.codewreck.org" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8080";
+      };
+      # /var/spool/nginx/mpd.htpasswd has been populated manually
+      # until proper secrets get managed...
+      extraConfig = ''
+        auth_basic "mpd";
+        auth_basic_user_file /var/spool/nginx/mpd.htpasswd;
+      '';
+    };
+
+    "matrix.codewreck.org" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/".extraConfig = ''
+        return 404;
+      '';
+      locations."/_matrix" = {
+        proxyPass = "http://[::1]:8008";
+      };
+    };
+
+    "riot.codewreck.org" = {
+      forceSSL = true;
+      enableACME = true;
+      root = pkgs.riot-web.override {
+        conf = {
+          default_server_config."m.homeserver" = {
+            "base_url" = "https://matrix.codewreck.org";
+            "server_name" = "codewreck.org";
+          };
+        };
+      };
+    };
+  };
+}