76 lines
2.1 KiB
Nix
76 lines
2.1 KiB
Nix
{ config, ... }:
|
|
|
|
let
|
|
# TODO: mkVHost
|
|
in
|
|
{
|
|
services.nginx.virtualHosts = {
|
|
"www.${config.networking.domain}" = {
|
|
default = true;
|
|
serverAliases = [config.networking.domain];
|
|
quic = true;
|
|
kTLS = true;
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
extraConfig = ''
|
|
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
|
|
add_header Strict-Transport-Security max-age=15768000;
|
|
'';
|
|
locations = {
|
|
"/" = {
|
|
root = "/srv/http/www";
|
|
index = "index.html";
|
|
tryFiles = "$uri $uri/ $uri.html =404";
|
|
};
|
|
# RFC8805
|
|
"/noc/" = {
|
|
alias = "/srv/http/noc/";
|
|
};
|
|
# RFC8805 new location
|
|
"/.well-known/loc/" = {
|
|
root = "/srv/http/noc/";
|
|
};
|
|
"/.well-known/security.txt" = {
|
|
alias = "/srv/http/security.txt";
|
|
extraConfig = ''
|
|
default_type text/plain;
|
|
'';
|
|
};
|
|
"/twentyyears/" = {
|
|
alias = "/srv/http/twentyyears/";
|
|
};
|
|
"/.well-known/matrix/client" = {
|
|
return = "200 '{\"m.homeserver\":{\"base_url\":\"https://matrix.berlin.ccc.de\"}}'";
|
|
extraConfig = ''
|
|
add_header Access-Control-Allow-Origin "*";
|
|
default_type application/json;
|
|
'';
|
|
};
|
|
"/.well-known/matrix/server" = {
|
|
return = "200 '{\"m.server\":\"matrix.berlin.ccc.de:443\"}'";
|
|
extraConfig = ''
|
|
add_header Access-Control-Allow-Origin "*";
|
|
default_type application/json;
|
|
'';
|
|
};
|
|
"~ ^/~(.+?)/" = {
|
|
recommendedProxySettings = true;
|
|
proxyPass = "https://home.berlin.ccc.de$request_uri";
|
|
};
|
|
};
|
|
};
|
|
"staging.${config.networking.domain}" = {
|
|
quic = true;
|
|
kTLS = true;
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
basicAuthFile = config.age.secrets.www-staging-htpasswd.path;
|
|
root = "/srv/http/www-staging";
|
|
index = "index.html";
|
|
tryFiles = "$uri $uri/ $uri.html =404";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|