From 0f3ab646026c0b9be2a0a0e6930c89205696d483 Mon Sep 17 00:00:00 2001 From: TheArcaneBrony Date: Sun, 7 May 2023 01:05:52 +0200 Subject: nginx????? --- flake.nix | 4 +- host/Rory-nginx/configuration.nix | 11 + host/Rory-nginx/hosts/rory.gay/matrix-bak.nix | 25 +++ host/Rory-nginx/hosts/rory.gay/matrix.nix | 290 ++++++++++++++++++++++++-- host/Rory-nginx/matrix/upstreams-new.nix | 26 +++ host/Rory-nginx/matrix/upstreams.nix | 26 +++ 6 files changed, 361 insertions(+), 21 deletions(-) create mode 100755 host/Rory-nginx/hosts/rory.gay/matrix-bak.nix create mode 100644 host/Rory-nginx/matrix/upstreams-new.nix create mode 100644 host/Rory-nginx/matrix/upstreams.nix diff --git a/flake.nix b/flake.nix index e3edd4a..002e47d 100755 --- a/flake.nix +++ b/flake.nix @@ -3,8 +3,8 @@ inputs = { nixpkgs = { - #url = "github:NixOS/nixpkgs/nixos-unstable"; - url="path:/Rory-Open-Architecture/nixpkgs"; + url = "github:NixOS/nixpkgs/nixos-unstable"; + #url="path:/Rory-Open-Architecture/nixpkgs"; }; botcore-v4 = { url = "gitlab:BotCore-Devs/BotCore-v4/staging"; diff --git a/host/Rory-nginx/configuration.nix b/host/Rory-nginx/configuration.nix index 31a0806..6ecbd59 100755 --- a/host/Rory-nginx/configuration.nix +++ b/host/Rory-nginx/configuration.nix @@ -25,6 +25,14 @@ package = pkgs.nginxQuic; recommendedProxySettings = true; recommendedTlsSettings = true; + appendConfig = '' + worker_processes 512; + ''; + eventsConfig = '' + #use kqueue; + worker_connections 1024; + ''; + upstreams = import ./matrix/upstreams.nix; virtualHosts = { "siliconheaven.thearcanebrony.net" = import ./hosts/thearcanebrony.net/siliconheaven.nix; "lfs.thearcanebrony.net" = import ./hosts/thearcanebrony.net/lfs.nix; @@ -72,6 +80,9 @@ }; }; }; + systemd.services.nginx.serviceConfig = { + LimitNOFILE=5000000; + } systemd.services.nginx.requires = [ "data.mount" ]; security.acme.acceptTerms = true; security.acme.defaults.email = "root@thearcanebrony.net"; diff --git a/host/Rory-nginx/hosts/rory.gay/matrix-bak.nix b/host/Rory-nginx/hosts/rory.gay/matrix-bak.nix new file mode 100755 index 0000000..26507fc --- /dev/null +++ b/host/Rory-nginx/hosts/rory.gay/matrix-bak.nix @@ -0,0 +1,25 @@ +{ + enableACME = true; + addSSL = true; + locations."/_matrix" = { + proxyPass = "http://192.168.1.5:8008"; + extraConfig = '' + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' '*'; + # + # Custom headers and headers various browsers *should* be OK with but aren't + # + add_header 'Access-Control-Allow-Headers' '*'; + # + # Tell client that this pre-flight info is valid for 20 days + # + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain; charset=utf-8'; + add_header 'Content-Length' 0; + return 204; + } + ''; + }; + locations."/_synapse/client".proxyPass = "http://192.168.1.5:8008"; +} diff --git a/host/Rory-nginx/hosts/rory.gay/matrix.nix b/host/Rory-nginx/hosts/rory.gay/matrix.nix index 26507fc..fa4ab07 100755 --- a/host/Rory-nginx/hosts/rory.gay/matrix.nix +++ b/host/Rory-nginx/hosts/rory.gay/matrix.nix @@ -1,25 +1,277 @@ { enableACME = true; addSSL = true; - locations."/_matrix" = { - proxyPass = "http://192.168.1.5:8008"; - extraConfig = '' - if ($request_method = 'OPTIONS') { - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' '*'; - # - # Custom headers and headers various browsers *should* be OK with but aren't - # - add_header 'Access-Control-Allow-Headers' '*'; - # - # Tell client that this pre-flight info is valid for 20 days - # - add_header 'Access-Control-Max-Age' 1728000; - add_header 'Content-Type' 'text/plain; charset=utf-8'; - add_header 'Content-Length' 0; - return 204; - } - ''; + # locations."/_matrix" = { + # proxyPass = "http://192.168.1.5:8008"; + # extraConfig = '' + # if ($request_method = 'OPTIONS') { + # add_header 'Access-Control-Allow-Origin' '*'; + # add_header 'Access-Control-Allow-Methods' '*'; + # # + # # Custom headers and headers various browsers *should* be OK with but aren't + # # + # add_header 'Access-Control-Allow-Headers' '*'; + # # + # # Tell client that this pre-flight info is valid for 20 days + # # + # add_header 'Access-Control-Max-Age' 1728000; + # add_header 'Content-Type' 'text/plain; charset=utf-8'; + # add_header 'Content-Length' 0; + # return 204; + # }; + # ''; + # }; + + # https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker + locations."~ ^/_matrix/client/(r0|v3)/sync$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3)/events$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/v1/rooms/.*/hierarchy$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(v1|unstable)/rooms/.*/relations/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/v1/rooms/.*/threads$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/account/whoami$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/devices$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/versions$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/v1/rooms/.*/timestamp_to_event$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/query$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/changes$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/claim$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/room_keys/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/upload/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/register$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/v1/register/m.login.registration_token/validity$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + + # https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing" = { + proxyPass = "http://stream_writer_typing_stream_workers_upstream$request_uri"; + }; + + + # https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream + locations."~ ^/_matrix/client/(r0|v3|unstable)/sendToDevice/" = { + proxyPass = "http://stream_writer_to_device_stream_workers_upstream$request_uri"; + }; + + # https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream + locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/tags" = { + proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/account_data" = { + proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri"; + }; + # https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream + locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt" = { + proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers" = { + proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri"; + }; + # https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/" = { + proxyPass = "http://stream_writer_presence_stream_workers_upstream$request_uri"; + }; + + ### DUPLICATES???? + # https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory + locations."~ ^/_matrix/client/(r0|v3|unstable)/user_directory/search$" = { + proxyPass = "http://user_dir_workers_upstream$request_uri"; + }; + + # ??? + locations."/" = { + #resolver 127.0.0.11 valid=5s; + #set $backend "matrix-synapse:8008"; + proxyPass = "http://$backend"; + }; + + locations."~ ^/_matrix/federation/v1/event/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/state/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/state_ids/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/backfill/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/get_missing_events/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/publicRooms" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/query/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/make_join/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/make_leave/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/(v1|v2)/send_join/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/(v1|v2)/send_leave/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/(v1|v2)/invite/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/event_auth/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/timestamp_to_event/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/exchange_third_party_invite/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/user/devices/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/key/v2/query" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/hierarchy/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/send/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + + + ##### media repo + + # https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository + locations."~ ^/_matrix/media/" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; }; + locations."~ ^/_synapse/admin/v1/purge_media_cache$" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + locations."~ ^/_synapse/admin/v1/room/.*/media.*$" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + locations."~ ^/_synapse/admin/v1/user/.*/media.*$" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + locations."~ ^/_synapse/admin/v1/media/.*$" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + locations."~ ^/_synapse/admin/v1/quarantine_media/.*$" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + locations."~ ^/_synapse/admin/v1/users/.*/media$" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + + + locations."/" = { + #resolver 127.0.0.11 valid=5s; + #set $backend "matrix-synapse:8048"; + #proxyPass = "http://$backend"; + }; + + locations."/_synapse/client".proxyPass = "http://192.168.1.5:8008"; } diff --git a/host/Rory-nginx/matrix/upstreams-new.nix b/host/Rory-nginx/matrix/upstreams-new.nix new file mode 100644 index 0000000..c7a1efd --- /dev/null +++ b/host/Rory-nginx/matrix/upstreams-new.nix @@ -0,0 +1,26 @@ +{ + generic_workers_upstream.servers = { + "192.168.1.5:8008" = { }; + }; + stream_writer_typing_stream_workers_upstream.servers = { + "192.168.1.5:8008" = { }; + }; + stream_writer_to_device_stream_workers_upstream.servers = { + "192.168.1.5:8008" = { }; + }; + stream_writer_account_data_stream_workers_upstream.servers = { + "192.168.1.5:8008" = { }; + }; + stream_writer_receipts_stream_workers_upstream.servers = { + "192.168.1.5:8008" = { }; + }; + stream_writer_presence_stream_workers_upstream.servers = { + "192.168.1.5:8008" = { }; + }; + media_repository_workers_upstream.servers = { + "192.168.1.5:8008" = { }; + }; + user_dir_workers_upstream.servers = { + "192.168.1.5:8008" = { }; + }; +} \ No newline at end of file diff --git a/host/Rory-nginx/matrix/upstreams.nix b/host/Rory-nginx/matrix/upstreams.nix new file mode 100644 index 0000000..3e58950 --- /dev/null +++ b/host/Rory-nginx/matrix/upstreams.nix @@ -0,0 +1,26 @@ +{ + generic_workers_upstream.servers = { + "192.168.1.5:18111" = { }; + }; + stream_writer_typing_stream_workers_upstream.servers = { + "192.168.1.5:20012" = { }; + }; + stream_writer_to_device_stream_workers_upstream.servers = { + "192.168.1.5:20013" = { }; + }; + stream_writer_account_data_stream_workers_upstream.servers = { + "192.168.1.5:20014" = { }; + }; + stream_writer_receipts_stream_workers_upstream.servers = { + "192.168.1.5:20015" = { }; + }; + stream_writer_presence_stream_workers_upstream.servers = { + "192.168.1.5:20016" = { }; + }; + media_repository_workers_upstream.servers = { + "192.168.1.5:18551" = { }; + }; + user_dir_workers_upstream.servers = { + "192.168.1.5:18661" = { }; + }; +} \ No newline at end of file -- cgit 1.4.1