diff options
author | Rory& <root@rory.gay> | 2024-07-03 21:44:54 +0200 |
---|---|---|
committer | Rory& <root@rory.gay> | 2024-07-04 14:45:02 +0200 |
commit | a1152f6ea2b316960aa6a7dc471ba3a034bb417b (patch) | |
tree | 7fe83c20d52d08ed558962c5d0b3b0ddbd282a1c | |
parent | Server cleanup (diff) | |
download | Rory-Open-Architecture-a1152f6ea2b316960aa6a7dc471ba3a034bb417b.tar.xz |
Server nginx cleanup
22 files changed, 19 insertions, 374 deletions
diff --git a/host/Rory-nginx/services/containers/conduwuit-throwaway/container.nix b/host/Rory-nginx/services/containers/conduwuit-throwaway/container.nix deleted file mode 100755 index b8781e7..0000000 --- a/host/Rory-nginx/services/containers/conduwuit-throwaway/container.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ pkgs, lib, conduit, ... }: - -{ - privateNetwork = true; - autoStart = true; - specialArgs = { - inherit conduit; - }; - config = { lib, pkgs, conduit, ... }: { - imports = [ ./root.nix ]; - environment.etc."resolv.conf".text = '' - nameserver 8.8.8.8 - nameserver 8.4.4.8 - nameserver 1.1.1.1 - nameserver 1.0.0.1 - ''; - networking.firewall = { - enable = true; - allowedTCPPorts = [ 80 5432 ]; - }; - }; - hostAddress = "192.168.100.16"; - localAddress = "192.168.100.17"; - hostAddress6 = "fc00::5"; - localAddress6 = "fc00::6"; -} \ No newline at end of file diff --git a/host/Rory-nginx/services/containers/conduwuit-throwaway/root.nix b/host/Rory-nginx/services/containers/conduwuit-throwaway/root.nix deleted file mode 100755 index c248559..0000000 --- a/host/Rory-nginx/services/containers/conduwuit-throwaway/root.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, pkgs, lib, conduit, ... }: - -{ - imports = - [ - ./services/nginx.nix - ./services/conduit.nix - ./services/pantalaimon.nix - ]; - - environment.systemPackages = with pkgs; [ - wget - neofetch - lnav - zsh - git - lsd - htop - btop - duf - kitty.terminfo - neovim - tmux - jq - yq - pv - dig - cloud-utils - ]; -} \ No newline at end of file diff --git a/host/Rory-nginx/services/containers/conduwuit-throwaway/services/conduit.nix b/host/Rory-nginx/services/containers/conduwuit-throwaway/services/conduit.nix deleted file mode 100755 index b5296e4..0000000 --- a/host/Rory-nginx/services/containers/conduwuit-throwaway/services/conduit.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, pkgs, lib, conduit, ... }: - -{ - services.matrix-conduit = { - package = conduit.packages.${pkgs.system}.default; - enable = true; - settings.global = { - address = "127.0.0.1"; - server_name = "tmpthrowaway89123798.rory.gay"; - database_backend = "rocksdb"; - enable_lightning_bolt = true; - max_concurrent_requests = 1000; - allow_check_for_updates = false; - allow_registration = true; - yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = true; - allow_guest_registration = true; - disable_federation = false; - enable_federation = true; - }; - }; -} - diff --git a/host/Rory-nginx/services/containers/conduwuit-throwaway/services/nginx.nix b/host/Rory-nginx/services/containers/conduwuit-throwaway/services/nginx.nix deleted file mode 100755 index a33c784..0000000 --- a/host/Rory-nginx/services/containers/conduwuit-throwaway/services/nginx.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - services = { - nginx = { - enable = true; - package = pkgs.nginxQuic; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedZstdSettings = true; - recommendedGzipSettings = true; - recommendedBrotliSettings = true; - recommendedOptimisation = true; - appendConfig = '' - worker_processes 16; - ''; - eventsConfig = '' - #use kqueue; - worker_connections 512; - ''; - appendHttpConfig = '' - #sendfile on; - disable_symlinks off; - ''; - additionalModules = with pkgs.nginxModules; [ - moreheaders - ]; - virtualHosts = { - "conduit.matrixunittests.rory.gay" = { - locations."/" = { - proxyPass = "http://127.0.0.1:6167"; - extraConfig = '' - if ($request_method = 'OPTIONS') { - more_set_headers 'Access-Control-Allow-Origin: *'; - more_set_headers 'Access-Control-Allow-Methods: *'; - # - # Custom headers and headers various browsers *should* be OK with but aren't - # - more_set_headers 'Access-Control-Allow-Headers: *'; - # - # Tell client that this pre-flight info is valid for 20 days - # - more_set_headers 'Access-Control-Max-Age: 1728000'; - more_set_headers 'Content-Type: text/plain; charset=utf-8'; - more_set_headers 'Content-Length: 0'; - return 204; - } - ''; - }; - locations."= /.well-known/matrix/server".extraConfig = '' - more_set_headers 'Content-Type application/json'; - more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - "m.server" = "conduit.matrixunittests.rory.gay:443"; - }}'; - ''; - locations."= /.well-known/matrix/client".extraConfig = '' - more_set_headers 'Content-Type application/json'; - more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - "m.homeserver".base_url = "https://conduit.matrixunittests.rory.gay"; - } - }'; - ''; - locations."= /.well-known/matrix/support".extraConfig = '' - more_set_headers 'Content-Type application/json'; - more_set_headers 'Access-Control-Allow-Origin *'; - return 200 '${builtins.toJSON { - admins = [ - { - matrix_id = "@emma:rory.gay"; - role = "admin"; - } - { - matrix_id = "@alicia:rory.gay"; - role = "admin"; - } - { - matrix_id = "@root:rory.gay"; - role = "admin"; - } - { - matrix_id = "@rory:rory.gay"; - role = "admin"; - } - ]; - } - }'; - ''; - }; - }; - }; - }; - systemd.services.nginx.serviceConfig = { - LimitNOFILE=5000000; - }; - security.acme.acceptTerms = true; - security.acme.defaults.email = "root@rory.gay"; - -} diff --git a/host/Rory-nginx/services/containers/conduwuit-throwaway/services/pantalaimon.nix b/host/Rory-nginx/services/containers/conduwuit-throwaway/services/pantalaimon.nix deleted file mode 100755 index b5f7f77..0000000 --- a/host/Rory-nginx/services/containers/conduwuit-throwaway/services/pantalaimon.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - services.pantalaimon-headless = { - instances."localhost" = { - homeserver = "http://localhost:6167"; - ssl = false; - extraSettings = { - "DropOldKeys" = true; - "UseKeyring" = false; - }; - }; - }; - -} - diff --git a/host/Rory-nginx/services/matrix/draupnir.nix b/host/Rory-nginx/services/matrix/draupnir.nix index 12d258a..65c5a21 100755 --- a/host/Rory-nginx/services/matrix/draupnir.nix +++ b/host/Rory-nginx/services/matrix/draupnir.nix @@ -41,7 +41,6 @@ "faggot" "ywnbaw" "nigger" - "ioawejfioanwfoiawnfionf23iofn23ion312ion231ion12oi4n23io4n23io4" ]; minutesBeforeTrusting = 0; }; diff --git a/host/Rory-nginx/services/nginx/boorunav.com/root.nix b/host/Rory-nginx/services/nginx/boorunav.com/root.nix deleted file mode 100755 index a859950..0000000 --- a/host/Rory-nginx/services/nginx/boorunav.com/root.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - root = "/data/nginx/html_boorunav"; - enableACME = true; - addSSL = true; - locations = { - "/" = { - index = "index.html"; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/catgirlsaresexy.com/root.nix b/host/Rory-nginx/services/nginx/catgirlsaresexy.com/root.nix deleted file mode 100755 index e28c2e0..0000000 --- a/host/Rory-nginx/services/nginx/catgirlsaresexy.com/root.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - root = "/data/nginx/html_catgirlsaresexy"; - enableACME = true; - addSSL = true; - locations = { - "/" = { - index = "index.html"; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/nginx.nix b/host/Rory-nginx/services/nginx/nginx.nix index 79a968a..0e993a1 100755 --- a/host/Rory-nginx/services/nginx/nginx.nix +++ b/host/Rory-nginx/services/nginx/nginx.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: let - serveDir = config : { + serveDir = config: { enableACME = if config ? ssl then config.ssl else true; addSSL = if config ? ssl then config.ssl else true; root = if config ? path then config.path else builtins.throw "path is required"; @@ -40,28 +40,30 @@ in { moreheaders ]; virtualHosts = { - "siliconheaven.thearcanebrony.net" = import ./thearcanebrony.net/siliconheaven.nix; - "lfs.thearcanebrony.net" = import ./thearcanebrony.net/lfs.nix; - "http.thearcanebrony.net" = import ./thearcanebrony.net/http.nix; + "boorunav.com" = serveDir { path = "/data/nginx/html_boorunav"; }; + "catgirlsaresexy.com" = serveDir { path = "/data/nginx/html_catgirlsaresexy"; }; + "sugarcanemc.org" = serveDir { path = "/data/nginx/html_sugarcanemc"; }; + + "siliconheaven.thearcanebrony.net" = serveDir { path = "/data/nginx/html_siliconheaven"; }; + "lfs.thearcanebrony.net" = serveDir { path = "/data/nginx/html_lfs"; }; + "git.thearcanebrony.net" = serveDir { path = "/data/nginx/html_git"; }; + "files.thearcanebrony.net" = serveDir { path = "/data/nginx/html_files"; }; + "spigotav.thearcanebrony.net" = serveDir { path = "/data/nginx/html_spigotav"; }; + "terra.thearcanebrony.net" = serveDir { path = "/data/nginx/html_terrarchive"; }; + "vives.thearcanebrony.net" = serveDir { path = "/data/nginx/html_vives"; }; + + "git.rory.gay" = serveDir { path = "/data/nginx/html_git"; }; + "thearcanebrony.net" = import ./thearcanebrony.net/root.nix; "sentry.thearcanebrony.net" = import ./thearcanebrony.net/sentry.nix; - "awooradio.thearcanebrony.net" = import ./thearcanebrony.net/awooradio.nix; "search.thearcanebrony.net" = import ./thearcanebrony.net/search.nix; - "git.thearcanebrony.net" = import ./thearcanebrony.net/git.nix; - "files.thearcanebrony.net" = import ./thearcanebrony.net/files.nix; - "spigotav.thearcanebrony.net" = import ./thearcanebrony.net/spigotav.nix; - "terra.thearcanebrony.net" = import ./thearcanebrony.net/terra.nix; - "vives.thearcanebrony.net" = import ./thearcanebrony.net/vives.nix; + "rory.gay" = import ./rory.gay/root.nix; #"rory.boo" = import ./rory.gay/root.nix; - "lfs.rory.gay" = import ./rory.gay/lfs.nix; - "git.rory.gay" = import ./rory.gay/git.nix; + "lfs.rory.gay" = serveDir { path = "/data/nginx/html_lfs"; }; + + "awooradio.thearcanebrony.net" = import ./thearcanebrony.net/awooradio.nix; "cgit.rory.gay" = import ./rory.gay/cgit.nix; - #"tunnel.rory.boo" = import ./rory.boo/tunnel.nix; - "boorunav.com" = import ./boorunav.com/root.nix; - "catgirlsaresexy.com" = import ./catgirlsaresexy.com/root.nix; - "sugarcanemc.org" = import ./sugarcanemc.org/root.nix; - #"jitsi.rory.gay" = import ./rory.gay/jitsi.nix; #matrix... @@ -71,7 +73,6 @@ in { "pcpoc.rory.gay" = import ./rory.gay/pcpoc.nix; "matrixunittests.rory.gay" = import ./rory.gay/matrixunittests.nix; "conduit.matrixunittests.rory.gay" = import ./rory.gay/conduit.matrixunittests.nix; - "tmpthrowaway89123798.rory.gay" = import ./rory.gay/tmpthrowaway89123798.nix; "mru.rory.gay" = import ./rory.gay/mru.nix; #bots... diff --git a/host/Rory-nginx/services/nginx/rory.boo/tunnel.nix b/host/Rory-nginx/services/nginx/rory.boo/tunnel.nix deleted file mode 100755 index b50823b..0000000 --- a/host/Rory-nginx/services/nginx/rory.boo/tunnel.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - enableACME = true; - addSSL = true; - locations = { - "/" = { - proxyPass = "http://127.0.0.1:5173"; - proxyWebsockets = true; - extraConfig = - "proxy_ssl_server_name on;" + - "proxy_pass_header Authorization;" - ; - }; - }; -} diff --git a/host/Rory-nginx/services/nginx/rory.gay/git.nix b/host/Rory-nginx/services/nginx/rory.gay/git.nix deleted file mode 100755 index 812e946..0000000 --- a/host/Rory-nginx/services/nginx/rory.gay/git.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - root = "/data/nginx/html_git"; - enableACME = true; - addSSL = true; - extraConfig = '' - autoindex on; - more_set_headers 'Access-Control-Allow-Origin: *'; - more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS'; - more_set_headers 'Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; - more_set_headers 'Access-Control-Expose-Headers: Content-Length,Content-Range'; - more_set_headers 'Access-Control-Allow-Credentials: true'; - ''; -} diff --git a/host/Rory-nginx/services/nginx/rory.gay/lfs.nix b/host/Rory-nginx/services/nginx/rory.gay/lfs.nix deleted file mode 100755 index f944eea..0000000 --- a/host/Rory-nginx/services/nginx/rory.gay/lfs.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - root = "/data/nginx/html_lfs"; - enableACME = true; - addSSL = true; - locations = { - "/" = { - index = "index.html"; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/rory.gay/tmpthrowaway89123798.nix b/host/Rory-nginx/services/nginx/rory.gay/tmpthrowaway89123798.nix deleted file mode 100755 index 4d02dbe..0000000 --- a/host/Rory-nginx/services/nginx/rory.gay/tmpthrowaway89123798.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - enableACME = true; - addSSL = true; - http3 = true; - http3_hq = true; - kTLS = true; - extraConfig = '' - brotli off; - ''; - locations = { - "/" = { - proxyPass = "http://192.168.100.17:80"; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/sugarcanemc.org/root.nix b/host/Rory-nginx/services/nginx/sugarcanemc.org/root.nix deleted file mode 100755 index 772cde1..0000000 --- a/host/Rory-nginx/services/nginx/sugarcanemc.org/root.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - root = "/data/nginx/html_sugarcanemc"; - enableACME = true; - addSSL = true; - locations = { - "/" = { - index = "index.html"; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/files.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/files.nix deleted file mode 100755 index 45de296..0000000 --- a/host/Rory-nginx/services/nginx/thearcanebrony.net/files.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - enableACME = true; - addSSL = true; - root = "/data/nginx/html_files"; - locations = { - "/" = { - index = "index.html"; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/git.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/git.nix deleted file mode 100755 index 3006b57..0000000 --- a/host/Rory-nginx/services/nginx/thearcanebrony.net/git.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - enableACME = true; - addSSL = true; - root = "/data/nginx/html_git"; - locations = { - "/" = { - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/http.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/http.nix deleted file mode 100755 index a4184ac..0000000 --- a/host/Rory-nginx/services/nginx/thearcanebrony.net/http.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - enableACME = true; - addSSL = true; - root = "/data/nginx/html_sugarcanemc"; - locations = { - "/" = { - index = "index.html"; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/lfs.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/lfs.nix deleted file mode 100755 index 8e7b51f..0000000 --- a/host/Rory-nginx/services/nginx/thearcanebrony.net/lfs.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - enableACME = true; - addSSL = true; - root = "/data/nginx/html_lfs"; - locations = { - "/" = { - index = "index.html"; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/siliconheaven.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/siliconheaven.nix deleted file mode 100755 index 57af15e..0000000 --- a/host/Rory-nginx/services/nginx/thearcanebrony.net/siliconheaven.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - enableACME = true; - addSSL = true; - root = "/data/nginx/html_siliconheaven"; - locations = { - "/" = { - index = "index.html"; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/spigotav.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/spigotav.nix deleted file mode 100755 index ef98887..0000000 --- a/host/Rory-nginx/services/nginx/thearcanebrony.net/spigotav.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - enableACME = true; - addSSL = true; - root = "/data/nginx/html_spigotav"; - locations = { - "/" = { - index = "index.html"; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/terra.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/terra.nix deleted file mode 100755 index 58b7c14..0000000 --- a/host/Rory-nginx/services/nginx/thearcanebrony.net/terra.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - enableACME = true; - addSSL = true; - root = "/data/nginx/html_terrarchive"; - locations = { - "/" = { - index = "index.html"; - }; - }; -} \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/vives.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/vives.nix deleted file mode 100755 index 3fc280c..0000000 --- a/host/Rory-nginx/services/nginx/thearcanebrony.net/vives.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - enableACME = true; - addSSL = true; - root = "/data/nginx/html_vives"; - locations = { - "/" = { - index = "index.html"; - }; - }; -} \ No newline at end of file |