Refactor nginx

author: TheArcaneBrony <myrainbowdash949@gmail.com> 2023-08-18 03:23:21 +0200
committer: TheArcaneBrony <myrainbowdash949@gmail.com> 2023-08-18 03:23:21 +0200
commit: 00ced9c15a7ced5b754d24b919ad4d4e8dc8b1a9 (patch)
tree: bd6a69d78e4daa3f1d872a6ba64259ccde1cf878 /host/Rory-nginx/services/nginx
parent: Fix imports (diff)
download: Rory-Open-Architecture-00ced9c15a7ced5b754d24b919ad4d4e8dc8b1a9.tar.xz
27 files changed, 778 insertions, 0 deletions
diff --git a/host/Rory-nginx/services/nginx/boorunav.com/root.nix b/host/Rory-nginx/services/nginx/boorunav.com/root.nix
new file mode 100755
index 0000000..a859950
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/boorunav.com/root.nix
@@ -0,0 +1,10 @@
+{
+  root = "/data/nginx/html_boorunav";
+  enableACME = true;
+  addSSL = true;
+  locations = {
+    "/" = {
+      index = "index.html";
+    };
+  };
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/nginx/catgirlsaresexy.com/root.nix b/host/Rory-nginx/services/nginx/catgirlsaresexy.com/root.nix
new file mode 100755
index 0000000..e28c2e0
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/catgirlsaresexy.com/root.nix
@@ -0,0 +1,10 @@
+{
+  root = "/data/nginx/html_catgirlsaresexy";
+  enableACME = true;
+  addSSL = true;
+  locations = {
+    "/" = {
+      index = "index.html";
+    };
+  };
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/nginx/matrix-upstreams-workers.nix b/host/Rory-nginx/services/nginx/matrix-upstreams-workers.nix
new file mode 100644
index 0000000..3e58950
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/matrix-upstreams-workers.nix
@@ -0,0 +1,26 @@
+{
+  generic_workers_upstream.servers = {
+    "192.168.1.5:18111" = { };
+  };
+  stream_writer_typing_stream_workers_upstream.servers = {
+    "192.168.1.5:20012" = { };
+  };
+  stream_writer_to_device_stream_workers_upstream.servers = {
+    "192.168.1.5:20013" = { };
+  };
+  stream_writer_account_data_stream_workers_upstream.servers = {
+    "192.168.1.5:20014" = { };
+  };
+  stream_writer_receipts_stream_workers_upstream.servers = {
+    "192.168.1.5:20015" = { };
+  };
+  stream_writer_presence_stream_workers_upstream.servers = {
+    "192.168.1.5:20016" = { };
+  };
+  media_repository_workers_upstream.servers = {
+    "192.168.1.5:18551" = { };
+  };
+  user_dir_workers_upstream.servers = {
+    "192.168.1.5:18661" = { };
+  };
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/nginx/matrix-upstreams.nix b/host/Rory-nginx/services/nginx/matrix-upstreams.nix
new file mode 100644
index 0000000..6ba45af
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/matrix-upstreams.nix
@@ -0,0 +1,26 @@
+{
+  generic_workers_upstream.servers = {
+    "127.0.0.1:8008" = { };
+  };
+  stream_writer_typing_stream_workers_upstream.servers = {
+    "127.0.0.1:8008" = { };
+  };
+  stream_writer_to_device_stream_workers_upstream.servers = {
+    "127.0.0.1:8008" = { };
+  };
+  stream_writer_account_data_stream_workers_upstream.servers = {
+    "127.0.0.1:8008" = { };
+  };
+  stream_writer_receipts_stream_workers_upstream.servers = {
+    "127.0.0.1:8008" = { };
+  };
+  stream_writer_presence_stream_workers_upstream.servers = {
+    "127.0.0.1:8008" = { };
+  };
+  media_repository_workers_upstream.servers = {
+    "127.0.0.1:8008" = { };
+  };
+  user_dir_workers_upstream.servers = {
+    "127.0.0.1:8008" = { };
+  };
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/nginx/nginx.nix b/host/Rory-nginx/services/nginx/nginx.nix
new file mode 100755
index 0000000..8cfcc68
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/nginx.nix
@@ -0,0 +1,89 @@
+{ config, pkgs, lib, ... }:
+
+{
+  services = {
+    nginx = {
+      enable = true;
+      package = pkgs.nginxQuic;
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+      recommendedZstdSettings = true;
+      recommendedGzipSettings = true;
+      recommendedBrotliSettings = true;
+      recommendedOptimisation = true;
+      defaultMimeTypes = ../../modules/packages/nginx/mime.types;
+      appendConfig = ''
+        worker_processes 16;
+        '';
+       eventsConfig = ''
+        #use kqueue;
+        worker_connections 512;
+        '';
+      appendHttpConfig = ''
+        #sendfile on;
+        disable_symlinks off;
+      '';
+      upstreams = import ./matrix-upstreams.nix;
+      additionalModules = with pkgs.nginxModules; [
+        moreheaders
+      ];
+      virtualHosts = {
+        "siliconheaven.thearcanebrony.net" = import ./thearcanebrony.net/siliconheaven.nix;
+        "lfs.thearcanebrony.net" = import ./thearcanebrony.net/lfs.nix;
+        "http.thearcanebrony.net" = import ./thearcanebrony.net/http.nix;
+        "thearcanebrony.net" = import ./thearcanebrony.net/root.nix;
+        "sentry.thearcanebrony.net" = import ./thearcanebrony.net/sentry.nix;
+        "awooradio.thearcanebrony.net" = import ./thearcanebrony.net/awooradio.nix;
+        "search.thearcanebrony.net" = import ./thearcanebrony.net/search.nix;
+        "git.thearcanebrony.net" = import ./thearcanebrony.net/git.nix;
+        "files.thearcanebrony.net" = import ./thearcanebrony.net/files.nix;
+        "spigotav.thearcanebrony.net" = import ./thearcanebrony.net/spigotav.nix;
+        "terra.thearcanebrony.net" = import ./thearcanebrony.net/terra.nix;
+        "vives.thearcanebrony.net" = import ./thearcanebrony.net/vives.nix;
+        "rory.gay" = import ./rory.gay/root.nix;
+        "rory.boo" = import ./rory.gay/root.nix;
+        "lfs.rory.gay" = import ./rory.gay/lfs.nix;
+        "git.rory.gay" = import ./rory.gay/git.nix;
+        "matrix.rory.gay" = import ./rory.gay/matrix.nix;
+        "mru.rory.gay" = import ./rory.gay/mru.nix;
+        "tunnel.rory.boo" = import ./rory.boo/tunnel.nix;
+        "boorunav.com" = import ./boorunav.com/root.nix;
+        "catgirlsaresexy.com" = import ./catgirlsaresexy.com/root.nix;
+        "sugarcanemc.org" = import ./sugarcanemc.org/root.nix;
+
+        #bots...
+        "0bottests.bots.rory.gay" = import ./rory.gay/bots.nix;
+        "catnipbot.bots.rory.gay" = import ./rory.gay/bots.nix;
+        "impulsyeeter.bots.rory.gay" = import ./rory.gay/bots.nix;
+        "omnibot.bots.rory.gay" = import ./rory.gay/bots.nix;
+        "yatopiawatchdog.bots.rory.gay" = import ./rory.gay/bots.nix;
+        "playground.bots.rory.gay" = import ./rory.gay/bots.nix;
+        "kinobot.bots.rory.gay" = import ./rory.gay/bots.nix;
+        "siliconbotpublic.bots.rory.gay" = import ./rory.gay/bots.nix;
+        "thearcanebot.bots.rory.gay" = import ./rory.gay/bots.nix;
+        "anonbot.bots.rory.gay" = import ./rory.gay/bots.nix;
+        "hericanbot.bots.rory.gay" = import ./rory.gay/bots.nix;
+        "siliconbot.bots.rory.gay" = import ./rory.gay/bots.nix;
+        "impulsbot.bots.rory.gay" = import ./rory.gay/bots.nix;
+        "studiobot.bots.rory.gay" = import ./rory.gay/bots.nix;
+        "carsnbots.bots.rory.gay" = import ./rory.gay/bots.nix;
+        "binsh.bots.rory.gay" = import ./rory.gay/bots.nix;
+        "fosscordbot.bots.rory.gay" = import ./rory.gay/bots.nix;
+        "sugarcanebot.bots.rory.gay" = import ./rory.gay/bots.nix;
+        "gradbot.bots.rory.gay" = import ./rory.gay/bots.nix;
+      };
+    };
+  };
+  systemd.services.nginx.serviceConfig = {
+    LimitNOFILE=5000000;
+  };
+  systemd.services.nginx.requires = [ "data.mount" ];
+  security.acme.acceptTerms = true;
+  security.acme.defaults.email = "root@thearcanebrony.net";
+
+  environment.systemPackages = with pkgs; [
+    #gitfs
+  ];
+
+  system.stateVersion = "22.11"; # DO NOT EDIT!
+}
diff --git a/host/Rory-nginx/services/nginx/rory.boo/tunnel.nix b/host/Rory-nginx/services/nginx/rory.boo/tunnel.nix
new file mode 100755
index 0000000..b50823b
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/rory.boo/tunnel.nix
@@ -0,0 +1,14 @@
+{
+  enableACME = true;
+  addSSL = true;
+  locations = {
+    "/" = {
+      proxyPass = "http://127.0.0.1:5173";
+      proxyWebsockets = true;
+      extraConfig =
+        "proxy_ssl_server_name on;" +
+        "proxy_pass_header Authorization;"
+        ;
+    };
+  };
+}
diff --git a/host/Rory-nginx/services/nginx/rory.gay/bots.nix b/host/Rory-nginx/services/nginx/rory.gay/bots.nix
new file mode 100755
index 0000000..f18a402
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/rory.gay/bots.nix
@@ -0,0 +1,9 @@
+{
+  enableACME = true;
+  addSSL = true;
+  locations = {
+    "/" = {
+      proxyPass = "http://192.168.1.50:5033";
+    };
+  };
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/nginx/rory.gay/conduit.nix b/host/Rory-nginx/services/nginx/rory.gay/conduit.nix
new file mode 100755
index 0000000..8c293d7
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/rory.gay/conduit.nix
@@ -0,0 +1,25 @@
+{
+  enableACME = true;
+  addSSL = true;
+  locations."/_matrix" = {
+    proxyPass = "http://192.168.1.5:6167"; 
+    extraConfig = ''
+      if ($request_method = 'OPTIONS') {
+        more_set_headers 'Access-Control-Allow-Origin: *';
+        more_set_headers 'Access-Control-Allow-Methods: *';
+        #
+        # Custom headers and headers various browsers *should* be OK with but aren't
+        #
+        more_set_headers 'Access-Control-Allow-Headers: *';
+        #
+        # Tell client that this pre-flight info is valid for 20 days
+        #
+        more_set_headers 'Access-Control-Max-Age: 1728000';
+        more_set_headers 'Content-Type: text/plain; charset=utf-8';
+        more_set_headers 'Content-Length: 0';
+        return 204;
+      }
+    '';
+  };
+  #locations."/_synapse/client".proxyPass = "http://192.168.1.5:8008";   
+}
diff --git a/host/Rory-nginx/services/nginx/rory.gay/git.nix b/host/Rory-nginx/services/nginx/rory.gay/git.nix
new file mode 100755
index 0000000..812e946
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/rory.gay/git.nix
@@ -0,0 +1,13 @@
+{
+  root = "/data/nginx/html_git";
+  enableACME = true;
+  addSSL = true;
+  extraConfig = ''
+    autoindex on;
+    more_set_headers 'Access-Control-Allow-Origin: *';
+    more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS';
+    more_set_headers 'Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+    more_set_headers 'Access-Control-Expose-Headers: Content-Length,Content-Range';
+    more_set_headers 'Access-Control-Allow-Credentials: true';
+  '';
+}
diff --git a/host/Rory-nginx/services/nginx/rory.gay/lfs.nix b/host/Rory-nginx/services/nginx/rory.gay/lfs.nix
new file mode 100755
index 0000000..f944eea
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/rory.gay/lfs.nix
@@ -0,0 +1,10 @@
+{
+  root = "/data/nginx/html_lfs";
+  enableACME = true;
+  addSSL = true;
+  locations = {
+    "/" = {
+      index = "index.html";
+    };
+  };
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/nginx/rory.gay/matrix-bak.nix b/host/Rory-nginx/services/nginx/rory.gay/matrix-bak.nix
new file mode 100755
index 0000000..2780979
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/rory.gay/matrix-bak.nix
@@ -0,0 +1,25 @@
+{
+  enableACME = true;
+  addSSL = true;
+  locations."/_matrix" = {
+    proxyPass = "http://192.168.1.5:8008"; 
+    extraConfig = ''
+      if ($request_method = 'OPTIONS') {
+        more_set_headers 'Access-Control-Allow-Origin: *';
+        more_set_headers 'Access-Control-Allow-Methods: *';
+        #
+        # Custom headers and headers various browsers *should* be OK with but aren't
+        #
+        more_set_headers 'Access-Control-Allow-Headers: *';
+        #
+        # Tell client that this pre-flight info is valid for 20 days
+        #
+        more_set_headers 'Access-Control-Max-Age: 1728000';
+        more_set_headers 'Content-Type: text/plain; charset=utf-8';
+        more_set_headers 'Content-Length: 0';
+        return 204;
+      }
+    '';
+  };
+  locations."/_synapse/client".proxyPass = "http://192.168.1.5:8008";   
+}
diff --git a/host/Rory-nginx/services/nginx/rory.gay/matrix.nix b/host/Rory-nginx/services/nginx/rory.gay/matrix.nix
new file mode 100755
index 0000000..46514a2
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/rory.gay/matrix.nix
@@ -0,0 +1,283 @@
+{
+  enableACME = true;
+  addSSL = true;
+  # locations."/_matrix" = {
+  #   proxyPass = "http://192.168.1.5:8008"; 
+  #   extraConfig = ''
+  #     if ($request_method = 'OPTIONS') {
+  #       more_set_headers 'Access-Control-Allow-Origin: *';
+  #       more_set_headers 'Access-Control-Allow-Methods: *';
+  #       #
+  #       # Custom headers and headers various browsers *should* be OK with but aren't
+  #       #
+  #       more_set_headers 'Access-Control-Allow-Headers: *';
+  #       #
+  #       # Tell client that this pre-flight info is valid for 20 days
+  #       #
+  #       more_set_headers 'Access-Control-Max-Age' 1728000;
+  #       more_set_headers 'Content-Type: text/plain; charset=utf-8';
+  #       more_set_headers 'Content-Length' 0;
+  #       return 204;
+  #     };
+  #   '';
+  # };
+
+  		# https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker
+	locations."~ ^/_matrix/client/(r0|v3)/sync$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+                extraConfig = ''
+                     proxy_read_timeout 300;
+                     proxy_connect_timeout 300;
+                     proxy_send_timeout 300; 
+                  '';
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3)/events$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/v1/rooms/.*/hierarchy$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(v1|unstable)/rooms/.*/relations/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/v1/rooms/.*/threads$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/account/whoami$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/devices$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/versions$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/v1/rooms/.*/timestamp_to_event$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/query$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/changes$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/claim$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/room_keys/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/upload/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/register$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/v1/register/m.login.registration_token/validity$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+
+			# https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing" = {
+		proxyPass = "http://stream_writer_typing_stream_workers_upstream$request_uri";
+	};
+
+
+			# https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/sendToDevice/" = {
+		proxyPass = "http://stream_writer_to_device_stream_workers_upstream$request_uri";
+	};
+
+			# https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/tags" = {
+		proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/account_data" = {
+		proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri";
+	};
+			# https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt" = {
+		proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers" = {
+		proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri";
+	};
+			# https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/" = {
+		proxyPass = "http://stream_writer_presence_stream_workers_upstream$request_uri";
+	};
+
+  ### DUPLICATES????
+  # https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory
+  locations."~ ^/_matrix/client/(r0|v3|unstable)/user_directory/search$" = {
+		proxyPass = "http://user_dir_workers_upstream$request_uri";
+	};
+
+  # ???
+	locations."/" = {
+		#resolver 127.0.0.11 valid=5s;
+		#set $backend "matrix-synapse:8008";
+		#proxyPass = "http://$backend";
+    proxyPass = "http://127.0.0.1:8008";
+	};
+
+	locations."~ ^/_matrix/federation/v1/event/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/state/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/state_ids/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/backfill/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/get_missing_events/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/publicRooms" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/query/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/make_join/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/make_leave/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/(v1|v2)/send_join/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/(v1|v2)/send_leave/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/(v1|v2)/invite/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/event_auth/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/timestamp_to_event/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/exchange_third_party_invite/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/user/devices/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/key/v2/query" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/hierarchy/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/send/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+
+
+  ##### media repo
+
+  # https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository
+  locations."~ ^/_matrix/media/" = {
+    proxyPass = "http://media_repository_workers_upstream$request_uri";
+  };
+  locations."~ ^/_synapse/admin/v1/purge_media_cache$" = {
+    proxyPass = "http://media_repository_workers_upstream$request_uri";
+  };
+  locations."~ ^/_synapse/admin/v1/room/.*/media.*$" = {
+    proxyPass = "http://media_repository_workers_upstream$request_uri";
+  };
+  locations."~ ^/_synapse/admin/v1/user/.*/media.*$" = {
+    proxyPass = "http://media_repository_workers_upstream$request_uri";
+  };
+  locations."~ ^/_synapse/admin/v1/media/.*$" = {
+    proxyPass = "http://media_repository_workers_upstream$request_uri";
+  };
+  locations."~ ^/_synapse/admin/v1/quarantine_media/.*$" = {
+    proxyPass = "http://media_repository_workers_upstream$request_uri";
+  };
+  locations."~ ^/_synapse/admin/v1/users/.*/media$" = {
+    proxyPass = "http://media_repository_workers_upstream$request_uri";
+  };
+
+
+	#locations."/" = {
+		#resolver 127.0.0.11 valid=5s;
+		#set $backend "matrix-synapse:8048";
+		#proxyPass = "http://$backend";
+	#};
+  
+
+  locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008";   
+}
diff --git a/host/Rory-nginx/services/nginx/rory.gay/mru.nix b/host/Rory-nginx/services/nginx/rory.gay/mru.nix
new file mode 100755
index 0000000..b65bf51
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/rory.gay/mru.nix
@@ -0,0 +1,28 @@
+{
+  enableACME = true;
+  addSSL = true;
+  quic = true;
+  http3 = true;
+  http3_hq = true;
+  kTLS = true;
+  root = "/data/nginx/html_mru";
+  reuseport = true;
+  extraConfig = ''
+    brotli off;
+    '';
+  locations = {
+    "/" = {
+      index = "index.html";
+      extraConfig = ''
+        more_set_headers 'Access-Control-Allow-Origin: *';
+        more_set_headers 'Access-Control-Allow-Methods: *';
+        more_set_headers 'Access-Control-Allow-Headers: *';
+        more_set_headers 'Access-Control-Expose-Headers: *';
+        more_set_headers 'Access-Control-Max-Age' 1728000;
+
+        # default to /index.html if file not found
+        try_files $uri $uri/ /index.html;
+      '';
+    };
+  };
+}
diff --git a/host/Rory-nginx/services/nginx/rory.gay/root.nix b/host/Rory-nginx/services/nginx/rory.gay/root.nix
new file mode 100755
index 0000000..be4b415
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/rory.gay/root.nix
@@ -0,0 +1,50 @@
+{
+  root = "/data/nginx/html_rory_gay";
+  enableACME = true;
+  addSSL = true;
+  extraConfig = ''
+    autoindex on;'';
+
+  locations."= /.well-known/matrix/server".extraConfig = ''
+    more_set_headers 'Content-Type application/json';
+    more_set_headers 'Access-Control-Allow-Origin *';
+    return 200 '${builtins.toJSON {
+      "m.server" = "matrix.rory.gay:443";
+    }}';
+  ''; 
+  locations."= /.well-known/matrix/client".extraConfig = ''
+    more_set_headers 'Content-Type application/json';
+    more_set_headers 'Access-Control-Allow-Origin *';
+    return 200 '${builtins.toJSON {
+      "m.homeserver".base_url = "https://matrix.rory.gay";
+      "m.identity_server".base_url = "https://matrix.rory.gay";
+    }
+    }';
+  ''; 
+  locations."= /.well-known/matrix/support".extraConfig = ''
+    more_set_headers 'Content-Type application/json';
+    more_set_headers 'Access-Control-Allow-Origin *';
+    return 200 '${builtins.toJSON {
+      admins = [
+        {
+          matrix_id = "@emma:rory.gay";
+          role = "admin";
+        }
+	      {
+          matrix_id = "@alicia:rory.gay";
+          role = "admin";
+        }
+	      {
+          matrix_id = "@root:rory.gay";
+          role = "admin";
+        }
+      	{
+          matrix_id = "@rory:rory.gay";
+          role = "admin";
+        }
+      ];
+    }
+    }';
+  ''; 
+  
+}
diff --git a/host/Rory-nginx/services/nginx/sugarcanemc.org/root.nix b/host/Rory-nginx/services/nginx/sugarcanemc.org/root.nix
new file mode 100755
index 0000000..772cde1
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/sugarcanemc.org/root.nix
@@ -0,0 +1,10 @@
+{
+  root = "/data/nginx/html_sugarcanemc";
+  enableACME = true;
+  addSSL = true;
+  locations = {
+    "/" = {
+      index = "index.html";
+    };
+  };
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/awooradio.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/awooradio.nix
new file mode 100755
index 0000000..af52ec8
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/awooradio.nix
@@ -0,0 +1,12 @@
+{
+  enableACME = true;
+  addSSL = true;
+  locations = {
+    "/" = {
+      extraConfig = ''
+        rewrite ^/api/(.*) /$1 break;
+        return 200 $request_uri;'';
+      proxyPass = "http://localhost:4998";
+    };
+  };
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/files.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/files.nix
new file mode 100755
index 0000000..45de296
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/files.nix
@@ -0,0 +1,10 @@
+{
+  enableACME = true;
+  addSSL = true;
+  root = "/data/nginx/html_files";
+  locations = {
+    "/" = {
+      index = "index.html";
+    };
+  };
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/git.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/git.nix
new file mode 100755
index 0000000..3006b57
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/git.nix
@@ -0,0 +1,9 @@
+{
+  enableACME = true;
+  addSSL = true;
+  root = "/data/nginx/html_git";
+  locations = {
+    "/" = {
+    };
+  };
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/http.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/http.nix
new file mode 100755
index 0000000..a4184ac
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/http.nix
@@ -0,0 +1,10 @@
+{
+  enableACME = true;
+  addSSL = true;
+  root = "/data/nginx/html_sugarcanemc";
+  locations = {
+    "/" = {
+      index = "index.html";
+    };
+  };
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/lfs.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/lfs.nix
new file mode 100755
index 0000000..8e7b51f
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/lfs.nix
@@ -0,0 +1,10 @@
+{
+  enableACME = true;
+  addSSL = true;
+  root = "/data/nginx/html_lfs";
+  locations = {
+    "/" = {
+      index = "index.html";
+    };
+  };
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/root.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/root.nix
new file mode 100755
index 0000000..bd23f10
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/root.nix
@@ -0,0 +1,40 @@
+{
+  enableACME = true;
+  addSSL = true;
+  root = "/data/nginx/html_thearcanebrony";
+  extraConfig = ''
+    autoindex on;'';
+  locations = {
+    "/" = {
+      #index = "index.html";
+    };
+    "/destroy" = {
+      return = "301 https://gitlab.com/KinoshitaProductions/SecureDestroyer/-/raw/master/run";
+    };
+    "= /.well-known/matrix/support".extraConfig = ''
+    more_set_headers 'Content-Type application/json';
+    more_set_headers 'Access-Control-Allow-Origin *';
+    return 200 '${builtins.toJSON {
+      admins = [
+        {
+          matrix_id = "@emma:rory.gay";
+          role = "admin";
+        }
+	      {
+          matrix_id = "@alicia:rory.gay";
+          role = "admin";
+        }
+	      {
+          matrix_id = "@root:rory.gay";
+          role = "admin";
+        }
+      	{
+          matrix_id = "@rory:rory.gay";
+          role = "admin";
+        }
+      ];
+    }
+    }';
+  ''; 
+  };
+}
diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/search.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/search.nix
new file mode 100755
index 0000000..6298ba8
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/search.nix
@@ -0,0 +1,10 @@
+{
+  enableACME = true;
+  addSSL = true;
+  locations = {
+    "/" = {
+      extraConfig = ''
+      rewrite ^ https://thearcanebrony.net/unavailable.html break;'';
+    };
+  };
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/sentry.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/sentry.nix
new file mode 100755
index 0000000..96ffe4b
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/sentry.nix
@@ -0,0 +1,9 @@
+{
+  enableACME = true;
+  addSSL = true;
+  locations = {
+    "/" = {
+      proxyPass = "http://192.168.1.4:9000";
+    };
+  };
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/siliconheaven.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/siliconheaven.nix
new file mode 100755
index 0000000..57af15e
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/siliconheaven.nix
@@ -0,0 +1,10 @@
+{
+  enableACME = true;
+  addSSL = true;
+  root = "/data/nginx/html_siliconheaven";
+  locations = {
+    "/" = {
+      index = "index.html";
+    };
+  };
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/spigotav.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/spigotav.nix
new file mode 100755
index 0000000..ef98887
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/spigotav.nix
@@ -0,0 +1,10 @@
+{
+  enableACME = true;
+  addSSL = true;
+  root = "/data/nginx/html_spigotav";
+  locations = {
+    "/" = {
+      index = "index.html";
+    };
+  };
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/terra.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/terra.nix
new file mode 100755
index 0000000..58b7c14
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/terra.nix
@@ -0,0 +1,10 @@
+{
+  enableACME = true;
+  addSSL = true;
+  root = "/data/nginx/html_terrarchive";
+  locations = {
+    "/" = {
+      index = "index.html";
+    };
+  };
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/vives.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/vives.nix
new file mode 100755
index 0000000..3fc280c
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/vives.nix
@@ -0,0 +1,10 @@
+{
+  enableACME = true;
+  addSSL = true;
+  root = "/data/nginx/html_vives";
+  locations = {
+    "/" = {
+      index = "index.html";
+    };
+  };
+}
\ No newline at end of file
author	TheArcaneBrony <myrainbowdash949@gmail.com>	2023-08-18 03:23:21 +0200
committer	TheArcaneBrony <myrainbowdash949@gmail.com>	2023-08-18 03:23:21 +0200
commit	00ced9c15a7ced5b754d24b919ad4d4e8dc8b1a9 (patch)
tree	bd6a69d78e4daa3f1d872a6ba64259ccde1cf878 /host/Rory-nginx/services/nginx
parent	Fix imports (diff)
download	Rory-Open-Architecture-00ced9c15a7ced5b754d24b919ad4d4e8dc8b1a9.tar.xz