foo

2025-12-02 19:36:46 +01:00 · 2025-12-02 19:36:46 +01:00 · 04efe82c0a
commit 04efe82c0a
parent 63f434567a
10 changed files with 60 additions and 18 deletions
--- a/services/nginx.nix
+++ b/services/nginx.nix
@ -7,7 +7,12 @@ in
  services.nginx = {
    enable = true;
    package = pkgs.nginxQuic;
-    resolver.addresses = ["[2606:4700:4700::1111]" "[2620:fe::fe]" "1.1.1.1" "9.9.9.9"];
+    resolver.addresses = [
+      "[2606:4700:4700::1111]"
+      "[2620:fe::fe]"
+      "1.1.1.1"
+      "9.9.9.9"
+    ];
    statusPage = true; # http://127.0.0.1/nginx_status
    sslProtocols = "TLSv1.3";
    recommendedTlsSettings = true;
@ -20,6 +25,28 @@ in
      kTLS = true;
      forceSSL = true;
      useACMEHost = fqdn;
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 443;
+          ssl = true;
+        }
+        {
+          addr = "::";
+          port = 443;
+          ssl = true;
+        }
+        {
+          addr = "0.0.0.0";
+          port = 8448;
+          ssl = true;
+        }
+        {
+          addr = "::";
+          port = 8448;
+          ssl = true;
+        }
+      ];
      locations = {
        "/".return = "418 \"I'm a Teapot!\"";
        "= /.well-known/matrix/client" = {
@ -29,7 +56,7 @@ in
            add_header Access-Control-Allow-Origin "*";
          '';
        };
-        "~ ^(/_matrix|/_synapse/client)" {
+        "~ ^(/_matrix|/_synapse/client)" = {
          recommendedProxySettings = true;
          proxyPass = "http://[::1]:8008";
          extraConfig = ''
@ -42,5 +69,5 @@ in
    };
  };

-  security.acme.certs."${fqdn}".reloadServices = ["nginx"];
+  security.acme.certs."${fqdn}".reloadServices = [ "nginx" ];
 }