77 lines
1.8 KiB
Nix
77 lines
1.8 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
let
|
|
fqdn = "matrix.berlin.ccc.de";
|
|
in
|
|
{
|
|
users.users.nginx.extraGroups = [ "acme" ];
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
resolver.addresses = [
|
|
"[2606:4700:4700::1111]"
|
|
"[2620:fe::fe]"
|
|
"1.1.1.1"
|
|
"9.9.9.9"
|
|
];
|
|
statusPage = true; # http://127.0.0.1/nginx_status
|
|
sslProtocols = "TLSv1.3";
|
|
recommendedTlsSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedBrotliSettings = true;
|
|
virtualHosts."${fqdn}" = {
|
|
quic = true;
|
|
kTLS = true;
|
|
forceSSL = true;
|
|
#useACMEHost = fqdn;
|
|
enableACME = true;
|
|
listen = [
|
|
{
|
|
addr = "0.0.0.0";
|
|
port = 443;
|
|
ssl = true;
|
|
}
|
|
{
|
|
addr = "[::]";
|
|
port = 443;
|
|
ssl = true;
|
|
}
|
|
{
|
|
addr = "0.0.0.0";
|
|
port = 8448;
|
|
ssl = true;
|
|
}
|
|
{
|
|
addr = "[::]";
|
|
port = 8448;
|
|
ssl = true;
|
|
}
|
|
];
|
|
locations = {
|
|
#"/.well-known/acme-challenge".root = config.security.acme.defaults.webroot;
|
|
"/".return = "418 \"I'm a Teapot!\"";
|
|
"= /.well-known/matrix/client" = {
|
|
return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.berlin.ccc.de\"}}'";
|
|
extraConfig = ''
|
|
default_type application/json;
|
|
add_header Access-Control-Allow-Origin "*";
|
|
'';
|
|
};
|
|
"~ ^(/_matrix|/_synapse/client)" = {
|
|
recommendedProxySettings = true;
|
|
proxyPass = "http://[::1]:8008";
|
|
extraConfig = ''
|
|
client_max_body_size 64M;
|
|
proxy_set_header X-Request-ID $request_id;
|
|
proxy_http_version 1.1;
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
#security.acme.certs."${fqdn}" = {
|
|
# reloadServices = [ "nginx" ];
|
|
#};
|
|
}
|