2022-06-12 15:39:15 +00:00
|
|
|
{
|
|
|
|
nix-packages,
|
|
|
|
system,
|
|
|
|
pkgs,
|
|
|
|
config,
|
|
|
|
...
|
|
|
|
}: {
|
2022-04-15 08:27:53 +00:00
|
|
|
services.nginx.virtualHosts."hydra.chir.rs" = {
|
|
|
|
sslCertificate = "/var/lib/acme/chir.rs/cert.pem";
|
|
|
|
sslCertificateKey = "/var/lib/acme/chir.rs/key.pem";
|
|
|
|
locations."/" = {
|
2022-04-26 06:19:59 +00:00
|
|
|
proxyPass = "https://hydra.int.chir.rs";
|
2022-04-15 08:27:53 +00:00
|
|
|
proxyWebsockets = true;
|
2022-04-26 07:59:53 +00:00
|
|
|
extraConfig = ''
|
|
|
|
proxy_ssl_server_name on;
|
|
|
|
'';
|
2022-04-15 08:27:53 +00:00
|
|
|
};
|
|
|
|
};
|
2022-06-12 15:39:15 +00:00
|
|
|
services.nginx.virtualHosts."mastodon.chir.rs" = let
|
2022-06-12 15:42:42 +00:00
|
|
|
inherit (nix-packages.packages.${system}) mastodon;
|
2022-06-12 15:39:15 +00:00
|
|
|
in {
|
|
|
|
sslCertificate = "/var/lib/acme/chir.rs/cert.pem";
|
|
|
|
sslCertificateKey = "/var/lib/acme/chir.rs/key.pem";
|
|
|
|
root = "${mastodon}/public/";
|
|
|
|
locations."/" = {
|
|
|
|
tryFiles = "$uri @proxy";
|
2022-04-25 16:57:59 +00:00
|
|
|
};
|
2022-06-12 15:39:15 +00:00
|
|
|
locations."@proxy" = {
|
|
|
|
proxyPass = "https://mastodon.int.chir.rs";
|
|
|
|
proxyWebsockets = true;
|
|
|
|
extraConfig = ''
|
|
|
|
proxy_ssl_server_name on;
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
2022-04-26 08:40:11 +00:00
|
|
|
services.nginx.virtualHosts."mastodon-assets.chir.rs" = {
|
|
|
|
sslCertificate = "/var/lib/acme/chir.rs/cert.pem";
|
|
|
|
sslCertificateKey = "/var/lib/acme/chir.rs/key.pem";
|
|
|
|
locations."/" = {
|
|
|
|
extraConfig = ''
|
|
|
|
limit_except GET {
|
|
|
|
deny all;
|
|
|
|
}
|
2022-04-26 09:00:40 +00:00
|
|
|
proxy_set_header Authorization ${"''"};
|
2022-04-26 08:40:11 +00:00
|
|
|
proxy_hide_header Set-Cookie;
|
|
|
|
proxy_hide_header 'Access-Control-Allow-Origin';
|
|
|
|
proxy_hide_header 'Access-Control-Allow-Methods';
|
|
|
|
proxy_hide_header 'Access-Control-Allow-Headers';
|
|
|
|
proxy_ignore_headers Set-Cookie;
|
|
|
|
proxy_intercept_errors off;
|
|
|
|
proxy_cache CACHE;
|
|
|
|
proxy_cache_valid 200 48h;
|
|
|
|
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
|
|
|
|
proxy_cache_lock on;
|
|
|
|
expires 1y;
|
|
|
|
add_header Cache-Control public;
|
|
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
|
|
add_header X-Cache-Status $upstream_cache_status;
|
|
|
|
'';
|
2022-04-26 12:01:21 +00:00
|
|
|
proxyPass = "https://f000.backblazeb2.com/file/mastodon-chir-rs/";
|
2022-04-26 08:40:11 +00:00
|
|
|
};
|
|
|
|
};
|
2022-04-26 09:00:40 +00:00
|
|
|
services.nginx.appendHttpConfig = ''
|
2022-04-30 12:26:28 +00:00
|
|
|
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m max_size=10g
|
2022-04-26 09:00:40 +00:00
|
|
|
inactive=60m use_temp_path=off;
|
|
|
|
'';
|
2022-04-26 11:31:59 +00:00
|
|
|
services.nginx.virtualHosts."chir.rs" = {
|
|
|
|
sslCertificate = "/var/lib/acme/chir.rs/cert.pem";
|
|
|
|
sslCertificateKey = "/var/lib/acme/chir.rs/key.pem";
|
|
|
|
locations."/.well-known/webfinger" = {
|
|
|
|
extraConfig = ''
|
|
|
|
return 301 https://mastodon.chir.rs$request_uri;
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
2022-04-15 08:27:53 +00:00
|
|
|
}
|