From c47e2f0ab033cbb4ce54cadb6c024c20ad7b5145 Mon Sep 17 00:00:00 2001 From: TheArcaneBrony Date: Mon, 25 Sep 2023 19:12:45 +0200 Subject: Switch to nginx mainline --- host/Spacebar-nginx/configuration.nix | 20 +++++++------- host/Spacebar-nginx/hosts/fosscord.com/matrix.nix | 14 ---------- .../Spacebar-nginx/hosts/spacebar.chat/grafana.nix | 14 ---------- .../hosts/spacebar.chat/internal/secrets.nix | 20 -------------- host/Spacebar-nginx/hosts/spacebar.chat/mail.nix | 14 ---------- .../hosts/spacebar.chat/server/old/api.nix | 14 ---------- .../hosts/spacebar.chat/server/old/cdn.nix | 14 ---------- .../hosts/spacebar.chat/server/old/gateway.nix | 14 ---------- .../hosts/spacebar.chat/server/old/root.nix | 14 ---------- .../hosts/thearcanebrony.net/matrix.nix | 14 ---------- .../nginx-hosts/fosscord.com/matrix.nix | 14 ++++++++++ .../nginx-hosts/fosscord.com/root.nix | 16 +++++++++++ .../nginx-hosts/spacebar.chat/grafana.nix | 14 ++++++++++ .../nginx-hosts/spacebar.chat/internal/secrets.nix | 20 ++++++++++++++ .../nginx-hosts/spacebar.chat/mail.nix | 14 ++++++++++ .../nginx-hosts/spacebar.chat/server/old/api.nix | 14 ++++++++++ .../nginx-hosts/spacebar.chat/server/old/cdn.nix | 14 ++++++++++ .../spacebar.chat/server/old/gateway.nix | 14 ++++++++++ .../nginx-hosts/spacebar.chat/server/old/root.nix | 14 ++++++++++ .../nginx-hosts/thearcanebrony.net/matrix.nix | 14 ++++++++++ host/Spacebar-nginx/postgres.nix | 31 ++++++++++++++++++++++ 21 files changed, 189 insertions(+), 142 deletions(-) delete mode 100755 host/Spacebar-nginx/hosts/fosscord.com/matrix.nix delete mode 100755 host/Spacebar-nginx/hosts/spacebar.chat/grafana.nix delete mode 100644 host/Spacebar-nginx/hosts/spacebar.chat/internal/secrets.nix delete mode 100755 host/Spacebar-nginx/hosts/spacebar.chat/mail.nix delete mode 100755 host/Spacebar-nginx/hosts/spacebar.chat/server/old/api.nix delete mode 100755 host/Spacebar-nginx/hosts/spacebar.chat/server/old/cdn.nix delete mode 100755 host/Spacebar-nginx/hosts/spacebar.chat/server/old/gateway.nix delete mode 100755 host/Spacebar-nginx/hosts/spacebar.chat/server/old/root.nix delete mode 100755 host/Spacebar-nginx/hosts/thearcanebrony.net/matrix.nix create mode 100755 host/Spacebar-nginx/nginx-hosts/fosscord.com/matrix.nix create mode 100644 host/Spacebar-nginx/nginx-hosts/fosscord.com/root.nix create mode 100755 host/Spacebar-nginx/nginx-hosts/spacebar.chat/grafana.nix create mode 100644 host/Spacebar-nginx/nginx-hosts/spacebar.chat/internal/secrets.nix create mode 100755 host/Spacebar-nginx/nginx-hosts/spacebar.chat/mail.nix create mode 100755 host/Spacebar-nginx/nginx-hosts/spacebar.chat/server/old/api.nix create mode 100755 host/Spacebar-nginx/nginx-hosts/spacebar.chat/server/old/cdn.nix create mode 100755 host/Spacebar-nginx/nginx-hosts/spacebar.chat/server/old/gateway.nix create mode 100755 host/Spacebar-nginx/nginx-hosts/spacebar.chat/server/old/root.nix create mode 100755 host/Spacebar-nginx/nginx-hosts/thearcanebrony.net/matrix.nix create mode 100644 host/Spacebar-nginx/postgres.nix (limited to 'host') diff --git a/host/Spacebar-nginx/configuration.nix b/host/Spacebar-nginx/configuration.nix index 5037c81..9118af9 100755 --- a/host/Spacebar-nginx/configuration.nix +++ b/host/Spacebar-nginx/configuration.nix @@ -21,25 +21,25 @@ services = { nginx = { enable = true; - package = pkgs.nginxQuic; + package = pkgs.nginxMainline; recommendedProxySettings = true; recommendedTlsSettings = true; clientMaxBodySize = "50m"; virtualHosts = { # legacy - "matrix.thearcanebrony.net" = import ./hosts/thearcanebrony.net/matrix.nix; - "matrix.fosscord.com" = import ./hosts/fosscord.com/matrix.nix; + "matrix.thearcanebrony.net" = import ./nginx-hosts/thearcanebrony.net/matrix.nix; + "matrix.fosscord.com" = import ./nginx-hosts/fosscord.com/matrix.nix; # production - "mail.spacebar.chat" = import ./hosts/spacebar.chat/mail.nix; - "grafana.spacebar.chat" = import ./hosts/spacebar.chat/grafana.nix; - "old.server.spacebar.chat" = import ./hosts/spacebar.chat/server/old/root.nix; - "api.old.server.spacebar.chat" = import ./hosts/spacebar.chat/server/old/api.nix; - "cdn.old.server.spacebar.chat" = import ./hosts/spacebar.chat/server/old/cdn.nix; - "gateway.old.server.spacebar.chat" = import ./hosts/spacebar.chat/server/old/gateway.nix; + "mail.spacebar.chat" = import ./nginx-hosts/spacebar.chat/mail.nix; + "grafana.spacebar.chat" = import ./nginx-hosts/spacebar.chat/grafana.nix; + "old.server.spacebar.chat" = import ./nginx-hosts/spacebar.chat/server/old/root.nix; + "api.old.server.spacebar.chat" = import ./nginx-hosts/spacebar.chat/server/old/api.nix; + "cdn.old.server.spacebar.chat" = import ./nginx-hosts/spacebar.chat/server/old/cdn.nix; + "gateway.old.server.spacebar.chat" = import ./nginx-hosts/spacebar.chat/server/old/gateway.nix; # local only - "secrets.internal.spacebar.chat" = import ./hosts/spacebar.chat/internal/secrets.nix { inherit lib config; }; + "secrets.internal.spacebar.chat" = import ./nginx-hosts/spacebar.chat/internal/secrets.nix { inherit lib config; }; }; }; }; diff --git a/host/Spacebar-nginx/hosts/fosscord.com/matrix.nix b/host/Spacebar-nginx/hosts/fosscord.com/matrix.nix deleted file mode 100755 index ac21846..0000000 --- a/host/Spacebar-nginx/hosts/fosscord.com/matrix.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - enableACME = true; - addSSL = true; - locations = { - "/" = { - proxyPass = "http://192.168.1.200:8009"; - proxyWebsockets = true; - extraConfig = - "proxy_ssl_server_name on;" + - "proxy_pass_header Authorization;" - ; - }; - }; -} diff --git a/host/Spacebar-nginx/hosts/spacebar.chat/grafana.nix b/host/Spacebar-nginx/hosts/spacebar.chat/grafana.nix deleted file mode 100755 index d2b7207..0000000 --- a/host/Spacebar-nginx/hosts/spacebar.chat/grafana.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - enableACME = true; - forceSSL = true; - locations = { - "/" = { - proxyPass = "http://192.168.1.99:3000"; - proxyWebsockets = true; - extraConfig = - "proxy_ssl_server_name on;" + - "proxy_pass_header Authorization;" - ; - }; - }; -} diff --git a/host/Spacebar-nginx/hosts/spacebar.chat/internal/secrets.nix b/host/Spacebar-nginx/hosts/spacebar.chat/internal/secrets.nix deleted file mode 100644 index cc0e299..0000000 --- a/host/Spacebar-nginx/hosts/spacebar.chat/internal/secrets.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ lib, config }: { - root = "/data/nginx/secrets"; - #use ip from ens18 - listenAddresses = [ - (lib.head config.networking.interfaces.ens18.ipv4.addresses).address - ]; - locations = { - "/" = { - extraConfig = - "autoindex on;" + - "allow 192.168.1.0/24;" + - "allow 127.0.0.1;" + - "deny all;" - ; - }; - "^~ /.well-known/acme-challenge/" = { - root = "/var/lib/acme/acme-challenge"; - }; - }; -} diff --git a/host/Spacebar-nginx/hosts/spacebar.chat/mail.nix b/host/Spacebar-nginx/hosts/spacebar.chat/mail.nix deleted file mode 100755 index 3ca873d..0000000 --- a/host/Spacebar-nginx/hosts/spacebar.chat/mail.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - enableACME = true; - forceSSL = true; - locations = { - "/" = { - proxyPass = "http://192.168.1.3"; - proxyWebsockets = true; - extraConfig = - "proxy_ssl_server_name on;" + - "proxy_pass_header Authorization;" - ; - }; - }; -} diff --git a/host/Spacebar-nginx/hosts/spacebar.chat/server/old/api.nix b/host/Spacebar-nginx/hosts/spacebar.chat/server/old/api.nix deleted file mode 100755 index 8b7df6d..0000000 --- a/host/Spacebar-nginx/hosts/spacebar.chat/server/old/api.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - enableACME = true; - forceSSL = true; - locations = { - "/" = { - proxyPass = "http://192.168.1.200:3001"; - proxyWebsockets = true; - extraConfig = - "proxy_ssl_server_name on;" + - "proxy_pass_header Authorization;" - ; - }; - }; -} diff --git a/host/Spacebar-nginx/hosts/spacebar.chat/server/old/cdn.nix b/host/Spacebar-nginx/hosts/spacebar.chat/server/old/cdn.nix deleted file mode 100755 index 89958fe..0000000 --- a/host/Spacebar-nginx/hosts/spacebar.chat/server/old/cdn.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - enableACME = true; - forceSSL = true; - locations = { - "/" = { - proxyPass = "http://192.168.1.200:3003"; - proxyWebsockets = true; - extraConfig = - "proxy_ssl_server_name on;" + - "proxy_pass_header Authorization;" - ; - }; - }; -} diff --git a/host/Spacebar-nginx/hosts/spacebar.chat/server/old/gateway.nix b/host/Spacebar-nginx/hosts/spacebar.chat/server/old/gateway.nix deleted file mode 100755 index ff95a5e..0000000 --- a/host/Spacebar-nginx/hosts/spacebar.chat/server/old/gateway.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - enableACME = true; - forceSSL = true; - locations = { - "/" = { - proxyPass = "http://192.168.1.200:3002"; - proxyWebsockets = true; - extraConfig = - "proxy_ssl_server_name on;" + - "proxy_pass_header Authorization;" - ; - }; - }; -} diff --git a/host/Spacebar-nginx/hosts/spacebar.chat/server/old/root.nix b/host/Spacebar-nginx/hosts/spacebar.chat/server/old/root.nix deleted file mode 100755 index 8b7df6d..0000000 --- a/host/Spacebar-nginx/hosts/spacebar.chat/server/old/root.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - enableACME = true; - forceSSL = true; - locations = { - "/" = { - proxyPass = "http://192.168.1.200:3001"; - proxyWebsockets = true; - extraConfig = - "proxy_ssl_server_name on;" + - "proxy_pass_header Authorization;" - ; - }; - }; -} diff --git a/host/Spacebar-nginx/hosts/thearcanebrony.net/matrix.nix b/host/Spacebar-nginx/hosts/thearcanebrony.net/matrix.nix deleted file mode 100755 index d2b7606..0000000 --- a/host/Spacebar-nginx/hosts/thearcanebrony.net/matrix.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - enableACME = true; - addSSL = true; - locations = { - "/" = { - proxyPass = "http://192.168.1.200:8008"; - proxyWebsockets = true; - extraConfig = - "proxy_ssl_server_name on;" + - "proxy_pass_header Authorization;" - ; - }; - }; -} diff --git a/host/Spacebar-nginx/nginx-hosts/fosscord.com/matrix.nix b/host/Spacebar-nginx/nginx-hosts/fosscord.com/matrix.nix new file mode 100755 index 0000000..ac21846 --- /dev/null +++ b/host/Spacebar-nginx/nginx-hosts/fosscord.com/matrix.nix @@ -0,0 +1,14 @@ +{ + enableACME = true; + addSSL = true; + locations = { + "/" = { + proxyPass = "http://192.168.1.200:8009"; + proxyWebsockets = true; + extraConfig = + "proxy_ssl_server_name on;" + + "proxy_pass_header Authorization;" + ; + }; + }; +} diff --git a/host/Spacebar-nginx/nginx-hosts/fosscord.com/root.nix b/host/Spacebar-nginx/nginx-hosts/fosscord.com/root.nix new file mode 100644 index 0000000..7efa326 --- /dev/null +++ b/host/Spacebar-nginx/nginx-hosts/fosscord.com/root.nix @@ -0,0 +1,16 @@ +{ lib, config }: { + locations = { + "/" = { + extraConfig = + '' + return 301 https://spacebar.chat$request_uri; + ''; + }; + ".well-known/matrix/server" = { + root = "/var/lib/matrix"; + }; + "^~ /.well-known/acme-challenge/" = { + root = "/var/lib/acme/acme-challenge"; + }; + }; +} diff --git a/host/Spacebar-nginx/nginx-hosts/spacebar.chat/grafana.nix b/host/Spacebar-nginx/nginx-hosts/spacebar.chat/grafana.nix new file mode 100755 index 0000000..d2b7207 --- /dev/null +++ b/host/Spacebar-nginx/nginx-hosts/spacebar.chat/grafana.nix @@ -0,0 +1,14 @@ +{ + enableACME = true; + forceSSL = true; + locations = { + "/" = { + proxyPass = "http://192.168.1.99:3000"; + proxyWebsockets = true; + extraConfig = + "proxy_ssl_server_name on;" + + "proxy_pass_header Authorization;" + ; + }; + }; +} diff --git a/host/Spacebar-nginx/nginx-hosts/spacebar.chat/internal/secrets.nix b/host/Spacebar-nginx/nginx-hosts/spacebar.chat/internal/secrets.nix new file mode 100644 index 0000000..cc0e299 --- /dev/null +++ b/host/Spacebar-nginx/nginx-hosts/spacebar.chat/internal/secrets.nix @@ -0,0 +1,20 @@ +{ lib, config }: { + root = "/data/nginx/secrets"; + #use ip from ens18 + listenAddresses = [ + (lib.head config.networking.interfaces.ens18.ipv4.addresses).address + ]; + locations = { + "/" = { + extraConfig = + "autoindex on;" + + "allow 192.168.1.0/24;" + + "allow 127.0.0.1;" + + "deny all;" + ; + }; + "^~ /.well-known/acme-challenge/" = { + root = "/var/lib/acme/acme-challenge"; + }; + }; +} diff --git a/host/Spacebar-nginx/nginx-hosts/spacebar.chat/mail.nix b/host/Spacebar-nginx/nginx-hosts/spacebar.chat/mail.nix new file mode 100755 index 0000000..3ca873d --- /dev/null +++ b/host/Spacebar-nginx/nginx-hosts/spacebar.chat/mail.nix @@ -0,0 +1,14 @@ +{ + enableACME = true; + forceSSL = true; + locations = { + "/" = { + proxyPass = "http://192.168.1.3"; + proxyWebsockets = true; + extraConfig = + "proxy_ssl_server_name on;" + + "proxy_pass_header Authorization;" + ; + }; + }; +} diff --git a/host/Spacebar-nginx/nginx-hosts/spacebar.chat/server/old/api.nix b/host/Spacebar-nginx/nginx-hosts/spacebar.chat/server/old/api.nix new file mode 100755 index 0000000..8b7df6d --- /dev/null +++ b/host/Spacebar-nginx/nginx-hosts/spacebar.chat/server/old/api.nix @@ -0,0 +1,14 @@ +{ + enableACME = true; + forceSSL = true; + locations = { + "/" = { + proxyPass = "http://192.168.1.200:3001"; + proxyWebsockets = true; + extraConfig = + "proxy_ssl_server_name on;" + + "proxy_pass_header Authorization;" + ; + }; + }; +} diff --git a/host/Spacebar-nginx/nginx-hosts/spacebar.chat/server/old/cdn.nix b/host/Spacebar-nginx/nginx-hosts/spacebar.chat/server/old/cdn.nix new file mode 100755 index 0000000..89958fe --- /dev/null +++ b/host/Spacebar-nginx/nginx-hosts/spacebar.chat/server/old/cdn.nix @@ -0,0 +1,14 @@ +{ + enableACME = true; + forceSSL = true; + locations = { + "/" = { + proxyPass = "http://192.168.1.200:3003"; + proxyWebsockets = true; + extraConfig = + "proxy_ssl_server_name on;" + + "proxy_pass_header Authorization;" + ; + }; + }; +} diff --git a/host/Spacebar-nginx/nginx-hosts/spacebar.chat/server/old/gateway.nix b/host/Spacebar-nginx/nginx-hosts/spacebar.chat/server/old/gateway.nix new file mode 100755 index 0000000..ff95a5e --- /dev/null +++ b/host/Spacebar-nginx/nginx-hosts/spacebar.chat/server/old/gateway.nix @@ -0,0 +1,14 @@ +{ + enableACME = true; + forceSSL = true; + locations = { + "/" = { + proxyPass = "http://192.168.1.200:3002"; + proxyWebsockets = true; + extraConfig = + "proxy_ssl_server_name on;" + + "proxy_pass_header Authorization;" + ; + }; + }; +} diff --git a/host/Spacebar-nginx/nginx-hosts/spacebar.chat/server/old/root.nix b/host/Spacebar-nginx/nginx-hosts/spacebar.chat/server/old/root.nix new file mode 100755 index 0000000..8b7df6d --- /dev/null +++ b/host/Spacebar-nginx/nginx-hosts/spacebar.chat/server/old/root.nix @@ -0,0 +1,14 @@ +{ + enableACME = true; + forceSSL = true; + locations = { + "/" = { + proxyPass = "http://192.168.1.200:3001"; + proxyWebsockets = true; + extraConfig = + "proxy_ssl_server_name on;" + + "proxy_pass_header Authorization;" + ; + }; + }; +} diff --git a/host/Spacebar-nginx/nginx-hosts/thearcanebrony.net/matrix.nix b/host/Spacebar-nginx/nginx-hosts/thearcanebrony.net/matrix.nix new file mode 100755 index 0000000..d2b7606 --- /dev/null +++ b/host/Spacebar-nginx/nginx-hosts/thearcanebrony.net/matrix.nix @@ -0,0 +1,14 @@ +{ + enableACME = true; + addSSL = true; + locations = { + "/" = { + proxyPass = "http://192.168.1.200:8008"; + proxyWebsockets = true; + extraConfig = + "proxy_ssl_server_name on;" + + "proxy_pass_header Authorization;" + ; + }; + }; +} diff --git a/host/Spacebar-nginx/postgres.nix b/host/Spacebar-nginx/postgres.nix new file mode 100644 index 0000000..6d0acd9 --- /dev/null +++ b/host/Spacebar-nginx/postgres.nix @@ -0,0 +1,31 @@ +{ config, pkgs, lib, ... }: + +{ + systemd.tmpfiles.rules = [ "d /data/pg 0750 postgres postgres" ]; + + services.postgresql = { + enable = true; + package = pkgs.postgresql_14; + enableTCPIP = true; + authentication = pkgs.lib.mkOverride 10 '' + # TYPE, DATABASE, USER, ADDRESS, METHOD + local all all trust + host all all 127.0.0.1/32 trust + host all all ::1/128 trust + host matrix-synapse-spacebar-chat matrix-synapse-spacebar-chat 192.168.1.5/32 trust + host all all 0.0.0.0/0 md5 + ''; + initialScript = pkgs.writeText "backend-initScript" '' + CREATE ROLE matrix-synapse-spacebar-chat WITH LOGIN PASSWORD '${pkgs.postgresql_14}' CREATEDB; + CREATE DATABASE matrix-synapse-spacebar-chat; + GRANT ALL PRIVILEGES ON DATABASE matrix-synapse-spacebar-chat TO matrix-synapse-spacebar-chat; + ''; + dataDir = "/data/pg"; + settings = { + "max_connections" = "100"; + "shared_buffers" = "128MB"; + "max_wal_size" = "1GB"; + "min_wal_size" = "80MB"; + }; + }; +} \ No newline at end of file -- cgit 1.4.1