44 lines
1.2 KiB
Nix
44 lines
1.2 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
let
|
|
fqdn = "matrix.berlin.ccc.de";
|
|
in
|
|
{
|
|
services.nginx = {
|
|
enable = true;
|
|
package = pkgs.nginxQuic;
|
|
resolver.addresses = ["[2606:4700:4700::1111]" "[2620:fe::fe]" "1.1.1.1" "9.9.9.9"];
|
|
statusPage = true; # http://127.0.0.1/nginx_status
|
|
sslProtocols = "TLSv1.3";
|
|
recommendedTlsSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedZstdSettings = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedBrotliSettings = true;
|
|
virtualHosts."${fqdn}" = {
|
|
quic = true;
|
|
kTLS = true;
|
|
forceSSL = true;
|
|
useACMEHost = fqdn;
|
|
locations = {
|
|
"/.well-known/matrix/client" = {
|
|
return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.berlin.ccc.de\"}}'";
|
|
extraConfig = ''
|
|
default_type application/json;
|
|
add_header Access-Control-Allow-Origin "*";
|
|
'';
|
|
};
|
|
"/" = {
|
|
recommendedProxySettings = true;
|
|
proxyPass = "unix:/run/matrix-synapse.sock";
|
|
};
|
|
};
|
|
extraConfig = ''
|
|
'';
|
|
};
|
|
};
|
|
|
|
security.acme.certs."${fqdn}" = {
|
|
reloadServices = ["nginx"];
|
|
};
|
|
}
|