RGBCube/ncc
1
Fork 0
mirror of https://github.com/RGBCube/ncc synced 2025-07-30 19:47:47 +00:00
Code Issues Activity

Use http3 everywhere

Browse source
This commit is contained in:
RGBCube 2024-02-04 20:45:50 +03:00
parent 5e2e8c5cfe
commit 06362701d5
No known key found for this signature in database
7 changed files with 41 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

6
flake.lock generated
View file

@ -867,11 +867,11 @@
"tools": "tools" "tools": "tools"
}, },
"locked": { "locked": {
"lastModified": 1705583692, "lastModified": 1707067915,
"narHash": "sha256-AjKO+46Stiv8bta7A08nIoxQ+rJmv0yFfrBna0k6VNA=", "narHash": "sha256-3utx587jbTHclu58TYDz/JvMZ0lBBs9pHRuCgc6oY1Q=",
"owner": "RGBCube", "owner": "RGBCube",
"repo": "Site", "repo": "Site",
"rev": "97d41827c71364a97b4987a387ae9d41473baad3", "rev": "b61b4c3da1992b69ff86a69cec670e2cf8d85f33",
"type": "github" "type": "github"
}, },
"original": { "original": {

5
hosts/cube/grafana.nix
View file

@ -67,10 +67,7 @@ in serverSystemConfiguration {
}; };
}; };
services.nginx.virtualHosts.${fqdn} = { services.nginx.virtualHosts.${fqdn} = (sslTemplate domain) // {
forceSSL = true;
useACMEHost = domain;
locations."/" = { locations."/" = {
proxyPass = "http://[::]:${toString config.services.grafana.settings.server.http_port}"; proxyPass = "http://[::]:${toString config.services.grafana.settings.server.http_port}";
proxyWebsockets = true; proxyWebsockets = true;

18
hosts/cube/matrix-synapse.nix
View file

@ -91,13 +91,7 @@ in serverSystemConfiguration {
"= /.well-known/matrix/server".extraConfig = wellKnownResponse serverConfig; "= /.well-known/matrix/server".extraConfig = wellKnownResponse serverConfig;
}; };
services.nginx.virtualHosts.${chatDomain} = { services.nginx.virtualHosts.${chatDomain} = (sslTemplate domain) // {
forceSSL = true;
useACMEHost = domain;
locations."/".proxyPass = "http://[::]:${toString config.services.site.port}/404";
locations."/assets".proxyPass = "http://[::]:${toString config.services.site.port}/assets";
locations."= /.well-known/matrix/client".extraConfig = wellKnownResponse clientConfig; locations."= /.well-known/matrix/client".extraConfig = wellKnownResponse clientConfig;
locations."= /.well-known/matrix/server".extraConfig = wellKnownResponse serverConfig; locations."= /.well-known/matrix/server".extraConfig = wellKnownResponse serverConfig;
@ -106,21 +100,15 @@ in serverSystemConfiguration {
}; };
services.matrix-sliding-sync = enabled { services.matrix-sliding-sync = enabled {
environmentFile = config.age.secrets."cube/password.sync.matrix-synapse".path;
settings = { settings = {
SYNCV3_SERVER = "https://${chatDomain}"; SYNCV3_SERVER = "https://${chatDomain}";
SYNCV3_DB = "postgresql:///matrix-sliding-sync?host=/run/postgresql"; SYNCV3_DB = "postgresql:///matrix-sliding-sync?host=/run/postgresql";
SYNCV3_BINDADDR = "[::]:${toString syncPort}"; SYNCV3_BINDADDR = "[::]:${toString syncPort}";
}; };
environmentFile = config.age.secrets."cube/password.sync.matrix-synapse".path;
}; };
services.nginx.virtualHosts.${syncDomain} = { services.nginx.virtualHosts.${syncDomain} = (sslTemplate domain) // {
forceSSL = true;
useACMEHost = domain;
locations."/".proxyPass = "http://[::]:${toString config.services.site.port}/404";
locations."/assets".proxyPass = "http://[::]:${toString config.services.site.port}/assets";
locations."~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" locations."~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)"
.proxyPass = "http://[::]:${toString synapsePort}"; .proxyPass = "http://[::]:${toString synapsePort}";

6
hosts/cube/nextcloud/default.nix
View file

@ -84,9 +84,5 @@ in serverSystemConfiguration {
nginx.recommendedHttpHeaders = true; nginx.recommendedHttpHeaders = true;
}; };
services.nginx.virtualHosts.${fqdn} = { services.nginx.virtualHosts.${fqdn} = sslTemplate domain;
forceSSL = true;
quic = true;
useACMEHost = domain;
};
} }

24
hosts/cube/site.nix
View file

@ -1,8 +1,26 @@
{ config, ulib, ... }: with ulib; { config, ulib, ... }: with ulib;
serverSystemConfiguration { let
inherit (config.networking) domain;
port = 8003;
in serverSystemConfiguration {
services.site = enabled { services.site = enabled {
url = config.networking.domain; inherit port;
configureNginx = true; };
services.nginx.virtualHosts.${domain} = (sslTemplate domain) // {
locations."/".proxyPass = "http://[::]:${toString port}";
};
services.nginx.virtualHosts."www.${domain}" = (sslTemplate domain) // {
locations."/".extraConfig = ''
return 301 https://${domain}$request_uri;
'';
};
services.nginx.virtualHosts._ = (sslTemplate domain) // {
locations."/".proxyPass = "http://[::]:${toString port}/404/";
locations."/assets".proxyPass = "http://[::]:${toString port}/assets";
}; };
} }

3
lib/default.nix
View file

@ -1,5 +1,6 @@
users: let users: let
configuration = import ./configuration.nix users; configuration = import ./configuration.nix users;
merge = import ./merge.nix; merge = import ./merge.nix;
ssl = import ./ssl.nix;
values = import ./values.nix; values = import ./values.nix;
in configuration // merge // values in configuration // merge // ssl // values

7
lib/ssl.nix Normal file
View file

@ -0,0 +1,7 @@
{
sslTemplate = domain: {
forceSSL = true;
quic = true;
useACMEHost = domain;
};
}