From 00ced9c15a7ced5b754d24b919ad4d4e8dc8b1a9 Mon Sep 17 00:00:00 2001 From: TheArcaneBrony Date: Fri, 18 Aug 2023 03:23:21 +0200 Subject: Refactor nginx --- host/Rory-nginx/hosts/boorunav.com/root.nix | 10 - host/Rory-nginx/hosts/catgirlsaresexy.com/root.nix | 10 - host/Rory-nginx/hosts/rory.boo/tunnel.nix | 14 - host/Rory-nginx/hosts/rory.gay/bots.nix | 9 - host/Rory-nginx/hosts/rory.gay/conduit.nix | 25 -- host/Rory-nginx/hosts/rory.gay/git.nix | 13 - host/Rory-nginx/hosts/rory.gay/lfs.nix | 10 - host/Rory-nginx/hosts/rory.gay/matrix-bak.nix | 25 -- host/Rory-nginx/hosts/rory.gay/matrix.nix | 283 --------------------- host/Rory-nginx/hosts/rory.gay/mru.nix | 28 -- host/Rory-nginx/hosts/rory.gay/root.nix | 50 ---- host/Rory-nginx/hosts/sugarcanemc.org/root.nix | 10 - .../hosts/thearcanebrony.net/awooradio.nix | 12 - host/Rory-nginx/hosts/thearcanebrony.net/files.nix | 10 - host/Rory-nginx/hosts/thearcanebrony.net/git.nix | 9 - host/Rory-nginx/hosts/thearcanebrony.net/http.nix | 10 - host/Rory-nginx/hosts/thearcanebrony.net/lfs.nix | 10 - host/Rory-nginx/hosts/thearcanebrony.net/root.nix | 40 --- .../Rory-nginx/hosts/thearcanebrony.net/search.nix | 10 - .../Rory-nginx/hosts/thearcanebrony.net/sentry.nix | 9 - .../hosts/thearcanebrony.net/siliconheaven.nix | 10 - .../hosts/thearcanebrony.net/spigotav.nix | 10 - host/Rory-nginx/hosts/thearcanebrony.net/terra.nix | 10 - host/Rory-nginx/hosts/thearcanebrony.net/vives.nix | 10 - host/Rory-nginx/matrix/upstreams-old.nix | 26 -- host/Rory-nginx/matrix/upstreams.nix | 26 -- host/Rory-nginx/services/nginx.nix | 89 ------- .../services/nginx/boorunav.com/root.nix | 10 + .../services/nginx/catgirlsaresexy.com/root.nix | 10 + .../services/nginx/matrix-upstreams-workers.nix | 26 ++ .../Rory-nginx/services/nginx/matrix-upstreams.nix | 26 ++ host/Rory-nginx/services/nginx/nginx.nix | 89 +++++++ host/Rory-nginx/services/nginx/rory.boo/tunnel.nix | 14 + host/Rory-nginx/services/nginx/rory.gay/bots.nix | 9 + .../Rory-nginx/services/nginx/rory.gay/conduit.nix | 25 ++ host/Rory-nginx/services/nginx/rory.gay/git.nix | 13 + host/Rory-nginx/services/nginx/rory.gay/lfs.nix | 10 + .../services/nginx/rory.gay/matrix-bak.nix | 25 ++ host/Rory-nginx/services/nginx/rory.gay/matrix.nix | 283 +++++++++++++++++++++ host/Rory-nginx/services/nginx/rory.gay/mru.nix | 28 ++ host/Rory-nginx/services/nginx/rory.gay/root.nix | 50 ++++ .../services/nginx/sugarcanemc.org/root.nix | 10 + .../nginx/thearcanebrony.net/awooradio.nix | 12 + .../services/nginx/thearcanebrony.net/files.nix | 10 + .../services/nginx/thearcanebrony.net/git.nix | 9 + .../services/nginx/thearcanebrony.net/http.nix | 10 + .../services/nginx/thearcanebrony.net/lfs.nix | 10 + .../services/nginx/thearcanebrony.net/root.nix | 40 +++ .../services/nginx/thearcanebrony.net/search.nix | 10 + .../services/nginx/thearcanebrony.net/sentry.nix | 9 + .../nginx/thearcanebrony.net/siliconheaven.nix | 10 + .../services/nginx/thearcanebrony.net/spigotav.nix | 10 + .../services/nginx/thearcanebrony.net/terra.nix | 10 + .../services/nginx/thearcanebrony.net/vives.nix | 10 + 54 files changed, 778 insertions(+), 778 deletions(-) delete mode 100755 host/Rory-nginx/hosts/boorunav.com/root.nix delete mode 100755 host/Rory-nginx/hosts/catgirlsaresexy.com/root.nix delete mode 100755 host/Rory-nginx/hosts/rory.boo/tunnel.nix delete mode 100755 host/Rory-nginx/hosts/rory.gay/bots.nix delete mode 100755 host/Rory-nginx/hosts/rory.gay/conduit.nix delete mode 100755 host/Rory-nginx/hosts/rory.gay/git.nix delete mode 100755 host/Rory-nginx/hosts/rory.gay/lfs.nix delete mode 100755 host/Rory-nginx/hosts/rory.gay/matrix-bak.nix delete mode 100755 host/Rory-nginx/hosts/rory.gay/matrix.nix delete mode 100755 host/Rory-nginx/hosts/rory.gay/mru.nix delete mode 100755 host/Rory-nginx/hosts/rory.gay/root.nix delete mode 100755 host/Rory-nginx/hosts/sugarcanemc.org/root.nix delete mode 100755 host/Rory-nginx/hosts/thearcanebrony.net/awooradio.nix delete mode 100755 host/Rory-nginx/hosts/thearcanebrony.net/files.nix delete mode 100755 host/Rory-nginx/hosts/thearcanebrony.net/git.nix delete mode 100755 host/Rory-nginx/hosts/thearcanebrony.net/http.nix delete mode 100755 host/Rory-nginx/hosts/thearcanebrony.net/lfs.nix delete mode 100755 host/Rory-nginx/hosts/thearcanebrony.net/root.nix delete mode 100755 host/Rory-nginx/hosts/thearcanebrony.net/search.nix delete mode 100755 host/Rory-nginx/hosts/thearcanebrony.net/sentry.nix delete mode 100755 host/Rory-nginx/hosts/thearcanebrony.net/siliconheaven.nix delete mode 100755 host/Rory-nginx/hosts/thearcanebrony.net/spigotav.nix delete mode 100755 host/Rory-nginx/hosts/thearcanebrony.net/terra.nix delete mode 100755 host/Rory-nginx/hosts/thearcanebrony.net/vives.nix delete mode 100644 host/Rory-nginx/matrix/upstreams-old.nix delete mode 100644 host/Rory-nginx/matrix/upstreams.nix delete mode 100755 host/Rory-nginx/services/nginx.nix create mode 100755 host/Rory-nginx/services/nginx/boorunav.com/root.nix create mode 100755 host/Rory-nginx/services/nginx/catgirlsaresexy.com/root.nix create mode 100644 host/Rory-nginx/services/nginx/matrix-upstreams-workers.nix create mode 100644 host/Rory-nginx/services/nginx/matrix-upstreams.nix create mode 100755 host/Rory-nginx/services/nginx/nginx.nix create mode 100755 host/Rory-nginx/services/nginx/rory.boo/tunnel.nix create mode 100755 host/Rory-nginx/services/nginx/rory.gay/bots.nix create mode 100755 host/Rory-nginx/services/nginx/rory.gay/conduit.nix create mode 100755 host/Rory-nginx/services/nginx/rory.gay/git.nix create mode 100755 host/Rory-nginx/services/nginx/rory.gay/lfs.nix create mode 100755 host/Rory-nginx/services/nginx/rory.gay/matrix-bak.nix create mode 100755 host/Rory-nginx/services/nginx/rory.gay/matrix.nix create mode 100755 host/Rory-nginx/services/nginx/rory.gay/mru.nix create mode 100755 host/Rory-nginx/services/nginx/rory.gay/root.nix create mode 100755 host/Rory-nginx/services/nginx/sugarcanemc.org/root.nix create mode 100755 host/Rory-nginx/services/nginx/thearcanebrony.net/awooradio.nix create mode 100755 host/Rory-nginx/services/nginx/thearcanebrony.net/files.nix create mode 100755 host/Rory-nginx/services/nginx/thearcanebrony.net/git.nix create mode 100755 host/Rory-nginx/services/nginx/thearcanebrony.net/http.nix create mode 100755 host/Rory-nginx/services/nginx/thearcanebrony.net/lfs.nix create mode 100755 host/Rory-nginx/services/nginx/thearcanebrony.net/root.nix create mode 100755 host/Rory-nginx/services/nginx/thearcanebrony.net/search.nix create mode 100755 host/Rory-nginx/services/nginx/thearcanebrony.net/sentry.nix create mode 100755 host/Rory-nginx/services/nginx/thearcanebrony.net/siliconheaven.nix create mode 100755 host/Rory-nginx/services/nginx/thearcanebrony.net/spigotav.nix create mode 100755 host/Rory-nginx/services/nginx/thearcanebrony.net/terra.nix create mode 100755 host/Rory-nginx/services/nginx/thearcanebrony.net/vives.nix (limited to 'host') diff --git a/host/Rory-nginx/hosts/boorunav.com/root.nix b/host/Rory-nginx/hosts/boorunav.com/root.nix deleted file mode 100755 index a859950..0000000 --- a/host/Rory-nginx/hosts/boorunav.com/root.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - root = "/data/nginx/html_boorunav"; - enableACME = true; - addSSL = true; - locations = { - "/" = { - index = "index.html"; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/hosts/catgirlsaresexy.com/root.nix b/host/Rory-nginx/hosts/catgirlsaresexy.com/root.nix deleted file mode 100755 index e28c2e0..0000000 --- a/host/Rory-nginx/hosts/catgirlsaresexy.com/root.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - root = "/data/nginx/html_catgirlsaresexy"; - enableACME = true; - addSSL = true; - locations = { - "/" = { - index = "index.html"; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/hosts/rory.boo/tunnel.nix b/host/Rory-nginx/hosts/rory.boo/tunnel.nix deleted file mode 100755 index b50823b..0000000 --- a/host/Rory-nginx/hosts/rory.boo/tunnel.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - enableACME = true; - addSSL = true; - locations = { - "/" = { - proxyPass = "http://127.0.0.1:5173"; - proxyWebsockets = true; - extraConfig = - "proxy_ssl_server_name on;" + - "proxy_pass_header Authorization;" - ; - }; - }; -} diff --git a/host/Rory-nginx/hosts/rory.gay/bots.nix b/host/Rory-nginx/hosts/rory.gay/bots.nix deleted file mode 100755 index f18a402..0000000 --- a/host/Rory-nginx/hosts/rory.gay/bots.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - enableACME = true; - addSSL = true; - locations = { - "/" = { - proxyPass = "http://192.168.1.50:5033"; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/hosts/rory.gay/conduit.nix b/host/Rory-nginx/hosts/rory.gay/conduit.nix deleted file mode 100755 index 8c293d7..0000000 --- a/host/Rory-nginx/hosts/rory.gay/conduit.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - enableACME = true; - addSSL = true; - locations."/_matrix" = { - proxyPass = "http://192.168.1.5:6167"; - extraConfig = '' - if ($request_method = 'OPTIONS') { - more_set_headers 'Access-Control-Allow-Origin: *'; - more_set_headers 'Access-Control-Allow-Methods: *'; - # - # Custom headers and headers various browsers *should* be OK with but aren't - # - more_set_headers 'Access-Control-Allow-Headers: *'; - # - # Tell client that this pre-flight info is valid for 20 days - # - more_set_headers 'Access-Control-Max-Age: 1728000'; - more_set_headers 'Content-Type: text/plain; charset=utf-8'; - more_set_headers 'Content-Length: 0'; - return 204; - } - ''; - }; - #locations."/_synapse/client".proxyPass = "http://192.168.1.5:8008"; -} diff --git a/host/Rory-nginx/hosts/rory.gay/git.nix b/host/Rory-nginx/hosts/rory.gay/git.nix deleted file mode 100755 index 812e946..0000000 --- a/host/Rory-nginx/hosts/rory.gay/git.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - root = "/data/nginx/html_git"; - enableACME = true; - addSSL = true; - extraConfig = '' - autoindex on; - more_set_headers 'Access-Control-Allow-Origin: *'; - more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS'; - more_set_headers 'Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; - more_set_headers 'Access-Control-Expose-Headers: Content-Length,Content-Range'; - more_set_headers 'Access-Control-Allow-Credentials: true'; - ''; -} diff --git a/host/Rory-nginx/hosts/rory.gay/lfs.nix b/host/Rory-nginx/hosts/rory.gay/lfs.nix deleted file mode 100755 index f944eea..0000000 --- a/host/Rory-nginx/hosts/rory.gay/lfs.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - root = "/data/nginx/html_lfs"; - enableACME = true; - addSSL = true; - locations = { - "/" = { - index = "index.html"; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/hosts/rory.gay/matrix-bak.nix b/host/Rory-nginx/hosts/rory.gay/matrix-bak.nix deleted file mode 100755 index 2780979..0000000 --- a/host/Rory-nginx/hosts/rory.gay/matrix-bak.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - enableACME = true; - addSSL = true; - locations."/_matrix" = { - proxyPass = "http://192.168.1.5:8008"; - extraConfig = '' - if ($request_method = 'OPTIONS') { - more_set_headers 'Access-Control-Allow-Origin: *'; - more_set_headers 'Access-Control-Allow-Methods: *'; - # - # Custom headers and headers various browsers *should* be OK with but aren't - # - more_set_headers 'Access-Control-Allow-Headers: *'; - # - # Tell client that this pre-flight info is valid for 20 days - # - more_set_headers 'Access-Control-Max-Age: 1728000'; - more_set_headers 'Content-Type: text/plain; charset=utf-8'; - more_set_headers 'Content-Length: 0'; - return 204; - } - ''; - }; - locations."/_synapse/client".proxyPass = "http://192.168.1.5:8008"; -} diff --git a/host/Rory-nginx/hosts/rory.gay/matrix.nix b/host/Rory-nginx/hosts/rory.gay/matrix.nix deleted file mode 100755 index 46514a2..0000000 --- a/host/Rory-nginx/hosts/rory.gay/matrix.nix +++ /dev/null @@ -1,283 +0,0 @@ -{ - enableACME = true; - addSSL = true; - # locations."/_matrix" = { - # proxyPass = "http://192.168.1.5:8008"; - # extraConfig = '' - # if ($request_method = 'OPTIONS') { - # more_set_headers 'Access-Control-Allow-Origin: *'; - # more_set_headers 'Access-Control-Allow-Methods: *'; - # # - # # Custom headers and headers various browsers *should* be OK with but aren't - # # - # more_set_headers 'Access-Control-Allow-Headers: *'; - # # - # # Tell client that this pre-flight info is valid for 20 days - # # - # more_set_headers 'Access-Control-Max-Age' 1728000; - # more_set_headers 'Content-Type: text/plain; charset=utf-8'; - # more_set_headers 'Content-Length' 0; - # return 204; - # }; - # ''; - # }; - - # https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker - locations."~ ^/_matrix/client/(r0|v3)/sync$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - extraConfig = '' - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - ''; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3)/events$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/v1/rooms/.*/hierarchy$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(v1|unstable)/rooms/.*/relations/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/v1/rooms/.*/threads$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/account/whoami$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/devices$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/versions$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/v1/rooms/.*/timestamp_to_event$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/query$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/changes$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/claim$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/room_keys/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/upload/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/register$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/v1/register/m.login.registration_token/validity$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - - # https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing" = { - proxyPass = "http://stream_writer_typing_stream_workers_upstream$request_uri"; - }; - - - # https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream - locations."~ ^/_matrix/client/(r0|v3|unstable)/sendToDevice/" = { - proxyPass = "http://stream_writer_to_device_stream_workers_upstream$request_uri"; - }; - - # https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream - locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/tags" = { - proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/account_data" = { - proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri"; - }; - # https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream - locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt" = { - proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers" = { - proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri"; - }; - # https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/" = { - proxyPass = "http://stream_writer_presence_stream_workers_upstream$request_uri"; - }; - - ### DUPLICATES???? - # https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory - locations."~ ^/_matrix/client/(r0|v3|unstable)/user_directory/search$" = { - proxyPass = "http://user_dir_workers_upstream$request_uri"; - }; - - # ??? - locations."/" = { - #resolver 127.0.0.11 valid=5s; - #set $backend "matrix-synapse:8008"; - #proxyPass = "http://$backend"; - proxyPass = "http://127.0.0.1:8008"; - }; - - locations."~ ^/_matrix/federation/v1/event/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/state/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/state_ids/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/backfill/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/get_missing_events/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/publicRooms" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/query/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/make_join/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/make_leave/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/(v1|v2)/send_join/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/(v1|v2)/send_leave/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/(v1|v2)/invite/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/event_auth/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/timestamp_to_event/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/exchange_third_party_invite/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/user/devices/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/key/v2/query" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/hierarchy/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/send/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - - - ##### media repo - - # https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository - locations."~ ^/_matrix/media/" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - locations."~ ^/_synapse/admin/v1/purge_media_cache$" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - locations."~ ^/_synapse/admin/v1/room/.*/media.*$" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - locations."~ ^/_synapse/admin/v1/user/.*/media.*$" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - locations."~ ^/_synapse/admin/v1/media/.*$" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - locations."~ ^/_synapse/admin/v1/quarantine_media/.*$" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - locations."~ ^/_synapse/admin/v1/users/.*/media$" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - - - #locations."/" = { - #resolver 127.0.0.11 valid=5s; - #set $backend "matrix-synapse:8048"; - #proxyPass = "http://$backend"; - #}; - - - locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008"; -} diff --git a/host/Rory-nginx/hosts/rory.gay/mru.nix b/host/Rory-nginx/hosts/rory.gay/mru.nix deleted file mode 100755 index b65bf51..0000000 --- a/host/Rory-nginx/hosts/rory.gay/mru.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - enableACME = true; - addSSL = true; - quic = true; - http3 = true; - http3_hq = true; - kTLS = true; - root = "/data/nginx/html_mru"; - reuseport = true; - extraConfig = '' - brotli off; - ''; - locations = { - "/" = { - index = "index.html"; - extraConfig = '' - more_set_headers 'Access-Control-Allow-Origin: *'; - more_set_headers 'Access-Control-Allow-Methods: *'; - more_set_headers 'Access-Control-Allow-Headers: *'; - more_set_headers 'Access-Control-Expose-Headers: *'; - more_set_headers 'Access-Control-Max-Age' 1728000; - - # default to /index.html if file not found - try_files $uri $uri/ /index.html; - ''; - }; - }; -} diff --git a/host/Rory-nginx/hosts/rory.gay/root.nix b/host/Rory-nginx/hosts/rory.gay/root.nix deleted file mode 100755 index be4b415..0000000 --- a/host/Rory-nginx/hosts/rory.gay/root.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ - root = "/data/nginx/html_rory_gay"; - enableACME = true; - addSSL = true; - extraConfig = '' - autoindex on;''; - - locations."= /.well-known/matrix/server".extraConfig = '' - more_set_headers 'Content-Type application/json'; - more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - "m.server" = "matrix.rory.gay:443"; - }}'; - ''; - locations."= /.well-known/matrix/client".extraConfig = '' - more_set_headers 'Content-Type application/json'; - more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - "m.homeserver".base_url = "https://matrix.rory.gay"; - "m.identity_server".base_url = "https://matrix.rory.gay"; - } - }'; - ''; - locations."= /.well-known/matrix/support".extraConfig = '' - more_set_headers 'Content-Type application/json'; - more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - admins = [ - { - matrix_id = "@emma:rory.gay"; - role = "admin"; - } - { - matrix_id = "@alicia:rory.gay"; - role = "admin"; - } - { - matrix_id = "@root:rory.gay"; - role = "admin"; - } - { - matrix_id = "@rory:rory.gay"; - role = "admin"; - } - ]; - } - }'; - ''; - -} diff --git a/host/Rory-nginx/hosts/sugarcanemc.org/root.nix b/host/Rory-nginx/hosts/sugarcanemc.org/root.nix deleted file mode 100755 index 772cde1..0000000 --- a/host/Rory-nginx/hosts/sugarcanemc.org/root.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - root = "/data/nginx/html_sugarcanemc"; - enableACME = true; - addSSL = true; - locations = { - "/" = { - index = "index.html"; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/hosts/thearcanebrony.net/awooradio.nix b/host/Rory-nginx/hosts/thearcanebrony.net/awooradio.nix deleted file mode 100755 index af52ec8..0000000 --- a/host/Rory-nginx/hosts/thearcanebrony.net/awooradio.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - enableACME = true; - addSSL = true; - locations = { - "/" = { - extraConfig = '' - rewrite ^/api/(.*) /$1 break; - return 200 $request_uri;''; - proxyPass = "http://localhost:4998"; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/hosts/thearcanebrony.net/files.nix b/host/Rory-nginx/hosts/thearcanebrony.net/files.nix deleted file mode 100755 index 45de296..0000000 --- a/host/Rory-nginx/hosts/thearcanebrony.net/files.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - enableACME = true; - addSSL = true; - root = "/data/nginx/html_files"; - locations = { - "/" = { - index = "index.html"; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/hosts/thearcanebrony.net/git.nix b/host/Rory-nginx/hosts/thearcanebrony.net/git.nix deleted file mode 100755 index 3006b57..0000000 --- a/host/Rory-nginx/hosts/thearcanebrony.net/git.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - enableACME = true; - addSSL = true; - root = "/data/nginx/html_git"; - locations = { - "/" = { - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/hosts/thearcanebrony.net/http.nix b/host/Rory-nginx/hosts/thearcanebrony.net/http.nix deleted file mode 100755 index a4184ac..0000000 --- a/host/Rory-nginx/hosts/thearcanebrony.net/http.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - enableACME = true; - addSSL = true; - root = "/data/nginx/html_sugarcanemc"; - locations = { - "/" = { - index = "index.html"; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/hosts/thearcanebrony.net/lfs.nix b/host/Rory-nginx/hosts/thearcanebrony.net/lfs.nix deleted file mode 100755 index 8e7b51f..0000000 --- a/host/Rory-nginx/hosts/thearcanebrony.net/lfs.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - enableACME = true; - addSSL = true; - root = "/data/nginx/html_lfs"; - locations = { - "/" = { - index = "index.html"; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/hosts/thearcanebrony.net/root.nix b/host/Rory-nginx/hosts/thearcanebrony.net/root.nix deleted file mode 100755 index bd23f10..0000000 --- a/host/Rory-nginx/hosts/thearcanebrony.net/root.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ - enableACME = true; - addSSL = true; - root = "/data/nginx/html_thearcanebrony"; - extraConfig = '' - autoindex on;''; - locations = { - "/" = { - #index = "index.html"; - }; - "/destroy" = { - return = "301 https://gitlab.com/KinoshitaProductions/SecureDestroyer/-/raw/master/run"; - }; - "= /.well-known/matrix/support".extraConfig = '' - more_set_headers 'Content-Type application/json'; - more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - admins = [ - { - matrix_id = "@emma:rory.gay"; - role = "admin"; - } - { - matrix_id = "@alicia:rory.gay"; - role = "admin"; - } - { - matrix_id = "@root:rory.gay"; - role = "admin"; - } - { - matrix_id = "@rory:rory.gay"; - role = "admin"; - } - ]; - } - }'; - ''; - }; -} diff --git a/host/Rory-nginx/hosts/thearcanebrony.net/search.nix b/host/Rory-nginx/hosts/thearcanebrony.net/search.nix deleted file mode 100755 index 6298ba8..0000000 --- a/host/Rory-nginx/hosts/thearcanebrony.net/search.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - enableACME = true; - addSSL = true; - locations = { - "/" = { - extraConfig = '' - rewrite ^ https://thearcanebrony.net/unavailable.html break;''; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/hosts/thearcanebrony.net/sentry.nix b/host/Rory-nginx/hosts/thearcanebrony.net/sentry.nix deleted file mode 100755 index 96ffe4b..0000000 --- a/host/Rory-nginx/hosts/thearcanebrony.net/sentry.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - enableACME = true; - addSSL = true; - locations = { - "/" = { - proxyPass = "http://192.168.1.4:9000"; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/hosts/thearcanebrony.net/siliconheaven.nix b/host/Rory-nginx/hosts/thearcanebrony.net/siliconheaven.nix deleted file mode 100755 index 57af15e..0000000 --- a/host/Rory-nginx/hosts/thearcanebrony.net/siliconheaven.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - enableACME = true; - addSSL = true; - root = "/data/nginx/html_siliconheaven"; - locations = { - "/" = { - index = "index.html"; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/hosts/thearcanebrony.net/spigotav.nix b/host/Rory-nginx/hosts/thearcanebrony.net/spigotav.nix deleted file mode 100755 index ef98887..0000000 --- a/host/Rory-nginx/hosts/thearcanebrony.net/spigotav.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - enableACME = true; - addSSL = true; - root = "/data/nginx/html_spigotav"; - locations = { - "/" = { - index = "index.html"; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/hosts/thearcanebrony.net/terra.nix b/host/Rory-nginx/hosts/thearcanebrony.net/terra.nix deleted file mode 100755 index 58b7c14..0000000 --- a/host/Rory-nginx/hosts/thearcanebrony.net/terra.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - enableACME = true; - addSSL = true; - root = "/data/nginx/html_terrarchive"; - locations = { - "/" = { - index = "index.html"; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/hosts/thearcanebrony.net/vives.nix b/host/Rory-nginx/hosts/thearcanebrony.net/vives.nix deleted file mode 100755 index 3fc280c..0000000 --- a/host/Rory-nginx/hosts/thearcanebrony.net/vives.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - enableACME = true; - addSSL = true; - root = "/data/nginx/html_vives"; - locations = { - "/" = { - index = "index.html"; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/matrix/upstreams-old.nix b/host/Rory-nginx/matrix/upstreams-old.nix deleted file mode 100644 index 3e58950..0000000 --- a/host/Rory-nginx/matrix/upstreams-old.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - generic_workers_upstream.servers = { - "192.168.1.5:18111" = { }; - }; - stream_writer_typing_stream_workers_upstream.servers = { - "192.168.1.5:20012" = { }; - }; - stream_writer_to_device_stream_workers_upstream.servers = { - "192.168.1.5:20013" = { }; - }; - stream_writer_account_data_stream_workers_upstream.servers = { - "192.168.1.5:20014" = { }; - }; - stream_writer_receipts_stream_workers_upstream.servers = { - "192.168.1.5:20015" = { }; - }; - stream_writer_presence_stream_workers_upstream.servers = { - "192.168.1.5:20016" = { }; - }; - media_repository_workers_upstream.servers = { - "192.168.1.5:18551" = { }; - }; - user_dir_workers_upstream.servers = { - "192.168.1.5:18661" = { }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/matrix/upstreams.nix b/host/Rory-nginx/matrix/upstreams.nix deleted file mode 100644 index 6ba45af..0000000 --- a/host/Rory-nginx/matrix/upstreams.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - generic_workers_upstream.servers = { - "127.0.0.1:8008" = { }; - }; - stream_writer_typing_stream_workers_upstream.servers = { - "127.0.0.1:8008" = { }; - }; - stream_writer_to_device_stream_workers_upstream.servers = { - "127.0.0.1:8008" = { }; - }; - stream_writer_account_data_stream_workers_upstream.servers = { - "127.0.0.1:8008" = { }; - }; - stream_writer_receipts_stream_workers_upstream.servers = { - "127.0.0.1:8008" = { }; - }; - stream_writer_presence_stream_workers_upstream.servers = { - "127.0.0.1:8008" = { }; - }; - media_repository_workers_upstream.servers = { - "127.0.0.1:8008" = { }; - }; - user_dir_workers_upstream.servers = { - "127.0.0.1:8008" = { }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx.nix b/host/Rory-nginx/services/nginx.nix deleted file mode 100755 index 0aa08bf..0000000 --- a/host/Rory-nginx/services/nginx.nix +++ /dev/null @@ -1,89 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - services = { - nginx = { - enable = true; - package = pkgs.nginxQuic; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedZstdSettings = true; - recommendedGzipSettings = true; - recommendedBrotliSettings = true; - recommendedOptimisation = true; - defaultMimeTypes = ../../modules/packages/nginx/mime.types; - appendConfig = '' - worker_processes 16; - ''; - eventsConfig = '' - #use kqueue; - worker_connections 512; - ''; - appendHttpConfig = '' - #sendfile on; - disable_symlinks off; - ''; - upstreams = import ./matrix/upstreams.nix; - additionalModules = with pkgs.nginxModules; [ - moreheaders - ]; - virtualHosts = { - "siliconheaven.thearcanebrony.net" = import ./hosts/thearcanebrony.net/siliconheaven.nix; - "lfs.thearcanebrony.net" = import ./hosts/thearcanebrony.net/lfs.nix; - "http.thearcanebrony.net" = import ./hosts/thearcanebrony.net/http.nix; - "thearcanebrony.net" = import ./hosts/thearcanebrony.net/root.nix; - "sentry.thearcanebrony.net" = import ./hosts/thearcanebrony.net/sentry.nix; - "awooradio.thearcanebrony.net" = import ./hosts/thearcanebrony.net/awooradio.nix; - "search.thearcanebrony.net" = import ./hosts/thearcanebrony.net/search.nix; - "git.thearcanebrony.net" = import ./hosts/thearcanebrony.net/git.nix; - "files.thearcanebrony.net" = import ./hosts/thearcanebrony.net/files.nix; - "spigotav.thearcanebrony.net" = import ./hosts/thearcanebrony.net/spigotav.nix; - "terra.thearcanebrony.net" = import ./hosts/thearcanebrony.net/terra.nix; - "vives.thearcanebrony.net" = import ./hosts/thearcanebrony.net/vives.nix; - "rory.gay" = import ./hosts/rory.gay/root.nix; - "rory.boo" = import ./hosts/rory.gay/root.nix; - "lfs.rory.gay" = import ./hosts/rory.gay/lfs.nix; - "git.rory.gay" = import ./hosts/rory.gay/git.nix; - "matrix.rory.gay" = import ./hosts/rory.gay/matrix.nix; - "mru.rory.gay" = import ./hosts/rory.gay/mru.nix; - "tunnel.rory.boo" = import ./hosts/rory.boo/tunnel.nix; - "boorunav.com" = import ./hosts/boorunav.com/root.nix; - "catgirlsaresexy.com" = import ./hosts/catgirlsaresexy.com/root.nix; - "sugarcanemc.org" = import ./hosts/sugarcanemc.org/root.nix; - - #bots... - "0bottests.bots.rory.gay" = import ./hosts/rory.gay/bots.nix; - "catnipbot.bots.rory.gay" = import ./hosts/rory.gay/bots.nix; - "impulsyeeter.bots.rory.gay" = import ./hosts/rory.gay/bots.nix; - "omnibot.bots.rory.gay" = import ./hosts/rory.gay/bots.nix; - "yatopiawatchdog.bots.rory.gay" = import ./hosts/rory.gay/bots.nix; - "playground.bots.rory.gay" = import ./hosts/rory.gay/bots.nix; - "kinobot.bots.rory.gay" = import ./hosts/rory.gay/bots.nix; - "siliconbotpublic.bots.rory.gay" = import ./hosts/rory.gay/bots.nix; - "thearcanebot.bots.rory.gay" = import ./hosts/rory.gay/bots.nix; - "anonbot.bots.rory.gay" = import ./hosts/rory.gay/bots.nix; - "hericanbot.bots.rory.gay" = import ./hosts/rory.gay/bots.nix; - "siliconbot.bots.rory.gay" = import ./hosts/rory.gay/bots.nix; - "impulsbot.bots.rory.gay" = import ./hosts/rory.gay/bots.nix; - "studiobot.bots.rory.gay" = import ./hosts/rory.gay/bots.nix; - "carsnbots.bots.rory.gay" = import ./hosts/rory.gay/bots.nix; - "binsh.bots.rory.gay" = import ./hosts/rory.gay/bots.nix; - "fosscordbot.bots.rory.gay" = import ./hosts/rory.gay/bots.nix; - "sugarcanebot.bots.rory.gay" = import ./hosts/rory.gay/bots.nix; - "gradbot.bots.rory.gay" = import ./hosts/rory.gay/bots.nix; - }; - }; - }; - systemd.services.nginx.serviceConfig = { - LimitNOFILE=5000000; - }; - systemd.services.nginx.requires = [ "data.mount" ]; - security.acme.acceptTerms = true; - security.acme.defaults.email = "root@thearcanebrony.net"; - - environment.systemPackages = with pkgs; [ - #gitfs - ]; - - system.stateVersion = "22.11"; # DO NOT EDIT! -} diff --git a/host/Rory-nginx/services/nginx/boorunav.com/root.nix b/host/Rory-nginx/services/nginx/boorunav.com/root.nix new file mode 100755 index 0000000..a859950 --- /dev/null +++ b/host/Rory-nginx/services/nginx/boorunav.com/root.nix @@ -0,0 +1,10 @@ +{ + root = "/data/nginx/html_boorunav"; + enableACME = true; + addSSL = true; + locations = { + "/" = { + index = "index.html"; + }; + }; +} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/catgirlsaresexy.com/root.nix b/host/Rory-nginx/services/nginx/catgirlsaresexy.com/root.nix new file mode 100755 index 0000000..e28c2e0 --- /dev/null +++ b/host/Rory-nginx/services/nginx/catgirlsaresexy.com/root.nix @@ -0,0 +1,10 @@ +{ + root = "/data/nginx/html_catgirlsaresexy"; + enableACME = true; + addSSL = true; + locations = { + "/" = { + index = "index.html"; + }; + }; +} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/matrix-upstreams-workers.nix b/host/Rory-nginx/services/nginx/matrix-upstreams-workers.nix new file mode 100644 index 0000000..3e58950 --- /dev/null +++ b/host/Rory-nginx/services/nginx/matrix-upstreams-workers.nix @@ -0,0 +1,26 @@ +{ + generic_workers_upstream.servers = { + "192.168.1.5:18111" = { }; + }; + stream_writer_typing_stream_workers_upstream.servers = { + "192.168.1.5:20012" = { }; + }; + stream_writer_to_device_stream_workers_upstream.servers = { + "192.168.1.5:20013" = { }; + }; + stream_writer_account_data_stream_workers_upstream.servers = { + "192.168.1.5:20014" = { }; + }; + stream_writer_receipts_stream_workers_upstream.servers = { + "192.168.1.5:20015" = { }; + }; + stream_writer_presence_stream_workers_upstream.servers = { + "192.168.1.5:20016" = { }; + }; + media_repository_workers_upstream.servers = { + "192.168.1.5:18551" = { }; + }; + user_dir_workers_upstream.servers = { + "192.168.1.5:18661" = { }; + }; +} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/matrix-upstreams.nix b/host/Rory-nginx/services/nginx/matrix-upstreams.nix new file mode 100644 index 0000000..6ba45af --- /dev/null +++ b/host/Rory-nginx/services/nginx/matrix-upstreams.nix @@ -0,0 +1,26 @@ +{ + generic_workers_upstream.servers = { + "127.0.0.1:8008" = { }; + }; + stream_writer_typing_stream_workers_upstream.servers = { + "127.0.0.1:8008" = { }; + }; + stream_writer_to_device_stream_workers_upstream.servers = { + "127.0.0.1:8008" = { }; + }; + stream_writer_account_data_stream_workers_upstream.servers = { + "127.0.0.1:8008" = { }; + }; + stream_writer_receipts_stream_workers_upstream.servers = { + "127.0.0.1:8008" = { }; + }; + stream_writer_presence_stream_workers_upstream.servers = { + "127.0.0.1:8008" = { }; + }; + media_repository_workers_upstream.servers = { + "127.0.0.1:8008" = { }; + }; + user_dir_workers_upstream.servers = { + "127.0.0.1:8008" = { }; + }; +} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/nginx.nix b/host/Rory-nginx/services/nginx/nginx.nix new file mode 100755 index 0000000..8cfcc68 --- /dev/null +++ b/host/Rory-nginx/services/nginx/nginx.nix @@ -0,0 +1,89 @@ +{ config, pkgs, lib, ... }: + +{ + services = { + nginx = { + enable = true; + package = pkgs.nginxQuic; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedZstdSettings = true; + recommendedGzipSettings = true; + recommendedBrotliSettings = true; + recommendedOptimisation = true; + defaultMimeTypes = ../../modules/packages/nginx/mime.types; + appendConfig = '' + worker_processes 16; + ''; + eventsConfig = '' + #use kqueue; + worker_connections 512; + ''; + appendHttpConfig = '' + #sendfile on; + disable_symlinks off; + ''; + upstreams = import ./matrix-upstreams.nix; + additionalModules = with pkgs.nginxModules; [ + moreheaders + ]; + virtualHosts = { + "siliconheaven.thearcanebrony.net" = import ./thearcanebrony.net/siliconheaven.nix; + "lfs.thearcanebrony.net" = import ./thearcanebrony.net/lfs.nix; + "http.thearcanebrony.net" = import ./thearcanebrony.net/http.nix; + "thearcanebrony.net" = import ./thearcanebrony.net/root.nix; + "sentry.thearcanebrony.net" = import ./thearcanebrony.net/sentry.nix; + "awooradio.thearcanebrony.net" = import ./thearcanebrony.net/awooradio.nix; + "search.thearcanebrony.net" = import ./thearcanebrony.net/search.nix; + "git.thearcanebrony.net" = import ./thearcanebrony.net/git.nix; + "files.thearcanebrony.net" = import ./thearcanebrony.net/files.nix; + "spigotav.thearcanebrony.net" = import ./thearcanebrony.net/spigotav.nix; + "terra.thearcanebrony.net" = import ./thearcanebrony.net/terra.nix; + "vives.thearcanebrony.net" = import ./thearcanebrony.net/vives.nix; + "rory.gay" = import ./rory.gay/root.nix; + "rory.boo" = import ./rory.gay/root.nix; + "lfs.rory.gay" = import ./rory.gay/lfs.nix; + "git.rory.gay" = import ./rory.gay/git.nix; + "matrix.rory.gay" = import ./rory.gay/matrix.nix; + "mru.rory.gay" = import ./rory.gay/mru.nix; + "tunnel.rory.boo" = import ./rory.boo/tunnel.nix; + "boorunav.com" = import ./boorunav.com/root.nix; + "catgirlsaresexy.com" = import ./catgirlsaresexy.com/root.nix; + "sugarcanemc.org" = import ./sugarcanemc.org/root.nix; + + #bots... + "0bottests.bots.rory.gay" = import ./rory.gay/bots.nix; + "catnipbot.bots.rory.gay" = import ./rory.gay/bots.nix; + "impulsyeeter.bots.rory.gay" = import ./rory.gay/bots.nix; + "omnibot.bots.rory.gay" = import ./rory.gay/bots.nix; + "yatopiawatchdog.bots.rory.gay" = import ./rory.gay/bots.nix; + "playground.bots.rory.gay" = import ./rory.gay/bots.nix; + "kinobot.bots.rory.gay" = import ./rory.gay/bots.nix; + "siliconbotpublic.bots.rory.gay" = import ./rory.gay/bots.nix; + "thearcanebot.bots.rory.gay" = import ./rory.gay/bots.nix; + "anonbot.bots.rory.gay" = import ./rory.gay/bots.nix; + "hericanbot.bots.rory.gay" = import ./rory.gay/bots.nix; + "siliconbot.bots.rory.gay" = import ./rory.gay/bots.nix; + "impulsbot.bots.rory.gay" = import ./rory.gay/bots.nix; + "studiobot.bots.rory.gay" = import ./rory.gay/bots.nix; + "carsnbots.bots.rory.gay" = import ./rory.gay/bots.nix; + "binsh.bots.rory.gay" = import ./rory.gay/bots.nix; + "fosscordbot.bots.rory.gay" = import ./rory.gay/bots.nix; + "sugarcanebot.bots.rory.gay" = import ./rory.gay/bots.nix; + "gradbot.bots.rory.gay" = import ./rory.gay/bots.nix; + }; + }; + }; + systemd.services.nginx.serviceConfig = { + LimitNOFILE=5000000; + }; + systemd.services.nginx.requires = [ "data.mount" ]; + security.acme.acceptTerms = true; + security.acme.defaults.email = "root@thearcanebrony.net"; + + environment.systemPackages = with pkgs; [ + #gitfs + ]; + + system.stateVersion = "22.11"; # DO NOT EDIT! +} diff --git a/host/Rory-nginx/services/nginx/rory.boo/tunnel.nix b/host/Rory-nginx/services/nginx/rory.boo/tunnel.nix new file mode 100755 index 0000000..b50823b --- /dev/null +++ b/host/Rory-nginx/services/nginx/rory.boo/tunnel.nix @@ -0,0 +1,14 @@ +{ + enableACME = true; + addSSL = true; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:5173"; + proxyWebsockets = true; + extraConfig = + "proxy_ssl_server_name on;" + + "proxy_pass_header Authorization;" + ; + }; + }; +} diff --git a/host/Rory-nginx/services/nginx/rory.gay/bots.nix b/host/Rory-nginx/services/nginx/rory.gay/bots.nix new file mode 100755 index 0000000..f18a402 --- /dev/null +++ b/host/Rory-nginx/services/nginx/rory.gay/bots.nix @@ -0,0 +1,9 @@ +{ + enableACME = true; + addSSL = true; + locations = { + "/" = { + proxyPass = "http://192.168.1.50:5033"; + }; + }; +} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/rory.gay/conduit.nix b/host/Rory-nginx/services/nginx/rory.gay/conduit.nix new file mode 100755 index 0000000..8c293d7 --- /dev/null +++ b/host/Rory-nginx/services/nginx/rory.gay/conduit.nix @@ -0,0 +1,25 @@ +{ + enableACME = true; + addSSL = true; + locations."/_matrix" = { + proxyPass = "http://192.168.1.5:6167"; + extraConfig = '' + if ($request_method = 'OPTIONS') { + more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Methods: *'; + # + # Custom headers and headers various browsers *should* be OK with but aren't + # + more_set_headers 'Access-Control-Allow-Headers: *'; + # + # Tell client that this pre-flight info is valid for 20 days + # + more_set_headers 'Access-Control-Max-Age: 1728000'; + more_set_headers 'Content-Type: text/plain; charset=utf-8'; + more_set_headers 'Content-Length: 0'; + return 204; + } + ''; + }; + #locations."/_synapse/client".proxyPass = "http://192.168.1.5:8008"; +} diff --git a/host/Rory-nginx/services/nginx/rory.gay/git.nix b/host/Rory-nginx/services/nginx/rory.gay/git.nix new file mode 100755 index 0000000..812e946 --- /dev/null +++ b/host/Rory-nginx/services/nginx/rory.gay/git.nix @@ -0,0 +1,13 @@ +{ + root = "/data/nginx/html_git"; + enableACME = true; + addSSL = true; + extraConfig = '' + autoindex on; + more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS'; + more_set_headers 'Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; + more_set_headers 'Access-Control-Expose-Headers: Content-Length,Content-Range'; + more_set_headers 'Access-Control-Allow-Credentials: true'; + ''; +} diff --git a/host/Rory-nginx/services/nginx/rory.gay/lfs.nix b/host/Rory-nginx/services/nginx/rory.gay/lfs.nix new file mode 100755 index 0000000..f944eea --- /dev/null +++ b/host/Rory-nginx/services/nginx/rory.gay/lfs.nix @@ -0,0 +1,10 @@ +{ + root = "/data/nginx/html_lfs"; + enableACME = true; + addSSL = true; + locations = { + "/" = { + index = "index.html"; + }; + }; +} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/rory.gay/matrix-bak.nix b/host/Rory-nginx/services/nginx/rory.gay/matrix-bak.nix new file mode 100755 index 0000000..2780979 --- /dev/null +++ b/host/Rory-nginx/services/nginx/rory.gay/matrix-bak.nix @@ -0,0 +1,25 @@ +{ + enableACME = true; + addSSL = true; + locations."/_matrix" = { + proxyPass = "http://192.168.1.5:8008"; + extraConfig = '' + if ($request_method = 'OPTIONS') { + more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Methods: *'; + # + # Custom headers and headers various browsers *should* be OK with but aren't + # + more_set_headers 'Access-Control-Allow-Headers: *'; + # + # Tell client that this pre-flight info is valid for 20 days + # + more_set_headers 'Access-Control-Max-Age: 1728000'; + more_set_headers 'Content-Type: text/plain; charset=utf-8'; + more_set_headers 'Content-Length: 0'; + return 204; + } + ''; + }; + locations."/_synapse/client".proxyPass = "http://192.168.1.5:8008"; +} diff --git a/host/Rory-nginx/services/nginx/rory.gay/matrix.nix b/host/Rory-nginx/services/nginx/rory.gay/matrix.nix new file mode 100755 index 0000000..46514a2 --- /dev/null +++ b/host/Rory-nginx/services/nginx/rory.gay/matrix.nix @@ -0,0 +1,283 @@ +{ + enableACME = true; + addSSL = true; + # locations."/_matrix" = { + # proxyPass = "http://192.168.1.5:8008"; + # extraConfig = '' + # if ($request_method = 'OPTIONS') { + # more_set_headers 'Access-Control-Allow-Origin: *'; + # more_set_headers 'Access-Control-Allow-Methods: *'; + # # + # # Custom headers and headers various browsers *should* be OK with but aren't + # # + # more_set_headers 'Access-Control-Allow-Headers: *'; + # # + # # Tell client that this pre-flight info is valid for 20 days + # # + # more_set_headers 'Access-Control-Max-Age' 1728000; + # more_set_headers 'Content-Type: text/plain; charset=utf-8'; + # more_set_headers 'Content-Length' 0; + # return 204; + # }; + # ''; + # }; + + # https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker + locations."~ ^/_matrix/client/(r0|v3)/sync$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + extraConfig = '' + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_send_timeout 300; + ''; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3)/events$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/v1/rooms/.*/hierarchy$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(v1|unstable)/rooms/.*/relations/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/v1/rooms/.*/threads$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/account/whoami$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/devices$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/versions$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/v1/rooms/.*/timestamp_to_event$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/query$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/changes$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/claim$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/room_keys/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/upload/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/register$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/v1/register/m.login.registration_token/validity$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + + # https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing" = { + proxyPass = "http://stream_writer_typing_stream_workers_upstream$request_uri"; + }; + + + # https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream + locations."~ ^/_matrix/client/(r0|v3|unstable)/sendToDevice/" = { + proxyPass = "http://stream_writer_to_device_stream_workers_upstream$request_uri"; + }; + + # https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream + locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/tags" = { + proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/account_data" = { + proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri"; + }; + # https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream + locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt" = { + proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers" = { + proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri"; + }; + # https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/" = { + proxyPass = "http://stream_writer_presence_stream_workers_upstream$request_uri"; + }; + + ### DUPLICATES???? + # https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory + locations."~ ^/_matrix/client/(r0|v3|unstable)/user_directory/search$" = { + proxyPass = "http://user_dir_workers_upstream$request_uri"; + }; + + # ??? + locations."/" = { + #resolver 127.0.0.11 valid=5s; + #set $backend "matrix-synapse:8008"; + #proxyPass = "http://$backend"; + proxyPass = "http://127.0.0.1:8008"; + }; + + locations."~ ^/_matrix/federation/v1/event/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/state/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/state_ids/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/backfill/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/get_missing_events/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/publicRooms" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/query/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/make_join/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/make_leave/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/(v1|v2)/send_join/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/(v1|v2)/send_leave/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/(v1|v2)/invite/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/event_auth/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/timestamp_to_event/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/exchange_third_party_invite/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/user/devices/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/key/v2/query" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/hierarchy/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/send/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + + + ##### media repo + + # https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository + locations."~ ^/_matrix/media/" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + locations."~ ^/_synapse/admin/v1/purge_media_cache$" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + locations."~ ^/_synapse/admin/v1/room/.*/media.*$" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + locations."~ ^/_synapse/admin/v1/user/.*/media.*$" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + locations."~ ^/_synapse/admin/v1/media/.*$" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + locations."~ ^/_synapse/admin/v1/quarantine_media/.*$" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + locations."~ ^/_synapse/admin/v1/users/.*/media$" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + + + #locations."/" = { + #resolver 127.0.0.11 valid=5s; + #set $backend "matrix-synapse:8048"; + #proxyPass = "http://$backend"; + #}; + + + locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008"; +} diff --git a/host/Rory-nginx/services/nginx/rory.gay/mru.nix b/host/Rory-nginx/services/nginx/rory.gay/mru.nix new file mode 100755 index 0000000..b65bf51 --- /dev/null +++ b/host/Rory-nginx/services/nginx/rory.gay/mru.nix @@ -0,0 +1,28 @@ +{ + enableACME = true; + addSSL = true; + quic = true; + http3 = true; + http3_hq = true; + kTLS = true; + root = "/data/nginx/html_mru"; + reuseport = true; + extraConfig = '' + brotli off; + ''; + locations = { + "/" = { + index = "index.html"; + extraConfig = '' + more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Methods: *'; + more_set_headers 'Access-Control-Allow-Headers: *'; + more_set_headers 'Access-Control-Expose-Headers: *'; + more_set_headers 'Access-Control-Max-Age' 1728000; + + # default to /index.html if file not found + try_files $uri $uri/ /index.html; + ''; + }; + }; +} diff --git a/host/Rory-nginx/services/nginx/rory.gay/root.nix b/host/Rory-nginx/services/nginx/rory.gay/root.nix new file mode 100755 index 0000000..be4b415 --- /dev/null +++ b/host/Rory-nginx/services/nginx/rory.gay/root.nix @@ -0,0 +1,50 @@ +{ + root = "/data/nginx/html_rory_gay"; + enableACME = true; + addSSL = true; + extraConfig = '' + autoindex on;''; + + locations."= /.well-known/matrix/server".extraConfig = '' + more_set_headers 'Content-Type application/json'; + more_set_headers 'Access-Control-Allow-Origin *'; + return 200 '${builtins.toJSON { + "m.server" = "matrix.rory.gay:443"; + }}'; + ''; + locations."= /.well-known/matrix/client".extraConfig = '' + more_set_headers 'Content-Type application/json'; + more_set_headers 'Access-Control-Allow-Origin *'; + return 200 '${builtins.toJSON { + "m.homeserver".base_url = "https://matrix.rory.gay"; + "m.identity_server".base_url = "https://matrix.rory.gay"; + } + }'; + ''; + locations."= /.well-known/matrix/support".extraConfig = '' + more_set_headers 'Content-Type application/json'; + more_set_headers 'Access-Control-Allow-Origin *'; + return 200 '${builtins.toJSON { + admins = [ + { + matrix_id = "@emma:rory.gay"; + role = "admin"; + } + { + matrix_id = "@alicia:rory.gay"; + role = "admin"; + } + { + matrix_id = "@root:rory.gay"; + role = "admin"; + } + { + matrix_id = "@rory:rory.gay"; + role = "admin"; + } + ]; + } + }'; + ''; + +} diff --git a/host/Rory-nginx/services/nginx/sugarcanemc.org/root.nix b/host/Rory-nginx/services/nginx/sugarcanemc.org/root.nix new file mode 100755 index 0000000..772cde1 --- /dev/null +++ b/host/Rory-nginx/services/nginx/sugarcanemc.org/root.nix @@ -0,0 +1,10 @@ +{ + root = "/data/nginx/html_sugarcanemc"; + enableACME = true; + addSSL = true; + locations = { + "/" = { + index = "index.html"; + }; + }; +} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/awooradio.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/awooradio.nix new file mode 100755 index 0000000..af52ec8 --- /dev/null +++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/awooradio.nix @@ -0,0 +1,12 @@ +{ + enableACME = true; + addSSL = true; + locations = { + "/" = { + extraConfig = '' + rewrite ^/api/(.*) /$1 break; + return 200 $request_uri;''; + proxyPass = "http://localhost:4998"; + }; + }; +} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/files.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/files.nix new file mode 100755 index 0000000..45de296 --- /dev/null +++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/files.nix @@ -0,0 +1,10 @@ +{ + enableACME = true; + addSSL = true; + root = "/data/nginx/html_files"; + locations = { + "/" = { + index = "index.html"; + }; + }; +} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/git.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/git.nix new file mode 100755 index 0000000..3006b57 --- /dev/null +++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/git.nix @@ -0,0 +1,9 @@ +{ + enableACME = true; + addSSL = true; + root = "/data/nginx/html_git"; + locations = { + "/" = { + }; + }; +} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/http.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/http.nix new file mode 100755 index 0000000..a4184ac --- /dev/null +++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/http.nix @@ -0,0 +1,10 @@ +{ + enableACME = true; + addSSL = true; + root = "/data/nginx/html_sugarcanemc"; + locations = { + "/" = { + index = "index.html"; + }; + }; +} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/lfs.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/lfs.nix new file mode 100755 index 0000000..8e7b51f --- /dev/null +++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/lfs.nix @@ -0,0 +1,10 @@ +{ + enableACME = true; + addSSL = true; + root = "/data/nginx/html_lfs"; + locations = { + "/" = { + index = "index.html"; + }; + }; +} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/root.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/root.nix new file mode 100755 index 0000000..bd23f10 --- /dev/null +++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/root.nix @@ -0,0 +1,40 @@ +{ + enableACME = true; + addSSL = true; + root = "/data/nginx/html_thearcanebrony"; + extraConfig = '' + autoindex on;''; + locations = { + "/" = { + #index = "index.html"; + }; + "/destroy" = { + return = "301 https://gitlab.com/KinoshitaProductions/SecureDestroyer/-/raw/master/run"; + }; + "= /.well-known/matrix/support".extraConfig = '' + more_set_headers 'Content-Type application/json'; + more_set_headers 'Access-Control-Allow-Origin *'; + return 200 '${builtins.toJSON { + admins = [ + { + matrix_id = "@emma:rory.gay"; + role = "admin"; + } + { + matrix_id = "@alicia:rory.gay"; + role = "admin"; + } + { + matrix_id = "@root:rory.gay"; + role = "admin"; + } + { + matrix_id = "@rory:rory.gay"; + role = "admin"; + } + ]; + } + }'; + ''; + }; +} diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/search.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/search.nix new file mode 100755 index 0000000..6298ba8 --- /dev/null +++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/search.nix @@ -0,0 +1,10 @@ +{ + enableACME = true; + addSSL = true; + locations = { + "/" = { + extraConfig = '' + rewrite ^ https://thearcanebrony.net/unavailable.html break;''; + }; + }; +} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/sentry.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/sentry.nix new file mode 100755 index 0000000..96ffe4b --- /dev/null +++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/sentry.nix @@ -0,0 +1,9 @@ +{ + enableACME = true; + addSSL = true; + locations = { + "/" = { + proxyPass = "http://192.168.1.4:9000"; + }; + }; +} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/siliconheaven.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/siliconheaven.nix new file mode 100755 index 0000000..57af15e --- /dev/null +++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/siliconheaven.nix @@ -0,0 +1,10 @@ +{ + enableACME = true; + addSSL = true; + root = "/data/nginx/html_siliconheaven"; + locations = { + "/" = { + index = "index.html"; + }; + }; +} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/spigotav.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/spigotav.nix new file mode 100755 index 0000000..ef98887 --- /dev/null +++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/spigotav.nix @@ -0,0 +1,10 @@ +{ + enableACME = true; + addSSL = true; + root = "/data/nginx/html_spigotav"; + locations = { + "/" = { + index = "index.html"; + }; + }; +} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/terra.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/terra.nix new file mode 100755 index 0000000..58b7c14 --- /dev/null +++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/terra.nix @@ -0,0 +1,10 @@ +{ + enableACME = true; + addSSL = true; + root = "/data/nginx/html_terrarchive"; + locations = { + "/" = { + index = "index.html"; + }; + }; +} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/vives.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/vives.nix new file mode 100755 index 0000000..3fc280c --- /dev/null +++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/vives.nix @@ -0,0 +1,10 @@ +{ + enableACME = true; + addSSL = true; + root = "/data/nginx/html_vives"; + locations = { + "/" = { + index = "index.html"; + }; + }; +} \ No newline at end of file -- cgit 1.4.1