diff --git a/flake.nix b/flake.nix index 286fb86..7a71f73 100644 --- a/flake.nix +++ b/flake.nix @@ -96,7 +96,7 @@ hostDefault = import ./hosts/${host} { config = {}; keys = {}; - ulib = (import ./lib null) // { + ulib = (import ./lib lib null) // { merge = lib.recursiveUpdate; }; }; @@ -115,7 +115,7 @@ system = hostDefault.nixpkgs.hostPlatform; lib = nixpkgs.lib; - ulib = import ./lib users; + ulib = import ./lib lib users; pkgs = import nixpkgs { inherit system; }; upkgs = let diff --git a/hosts/cube/matrix-synapse.nix b/hosts/cube/matrix-synapse.nix index 96be8de..72e27ca 100644 --- a/hosts/cube/matrix-synapse.nix +++ b/hosts/cube/matrix-synapse.nix @@ -18,6 +18,20 @@ let clientConfig."org.matrix.msc3575.proxy".url = "https://${syncDomain}"; serverConfig."m.server" = "${chatDomain}:443"; + wellKnownResponseConfig.locations = { + "= /.well-known/matrix/client".extraConfig = wellKnownResponse clientConfig; + "= /.well-known/matrix/server".extraConfig = wellKnownResponse serverConfig; + }; + + notFoundLocationConfig = { + locations."/".extraConfig = "return 404;"; + + extraConfig = "error_page 404 /404.html;"; + locations."= /404.html".extraConfig = "internal;"; + + locations."/assets/".extraConfig = "return 301 https://${domain}$request_uri;"; + }; + synapsePort = 8001; syncPort = 8002; in serverSystemConfiguration { @@ -85,26 +99,14 @@ in serverSystemConfiguration { }]; }; - services.nginx.virtualHosts.${domain}.locations = { - "= /.well-known/matrix/client".extraConfig = wellKnownResponse clientConfig; - "= /.well-known/matrix/server".extraConfig = wellKnownResponse serverConfig; - }; + services.nginx.virtualHosts.${domain} = wellKnownResponseConfig; - services.nginx.virtualHosts.${chatDomain} = (sslTemplate domain) // { - locations."= /.well-known/matrix/client".extraConfig = wellKnownResponse clientConfig; - locations."= /.well-known/matrix/server".extraConfig = wellKnownResponse serverConfig; + services.nginx.virtualHosts.${chatDomain} = ulib.recursiveUpdateAll [ (sslTemplate domain) wellKnownResponseConfig notFoundLocationConfig { + root = "${sitePath}"; locations."/_matrix".proxyPass = "http://[::]:${toString synapsePort}"; locations."/_synapse/client".proxyPass = "http://[::]:${toString synapsePort}"; - - locations."/".alias = "${sitePath}/404.html"; - locations."/assets/"= { - alias = "${sitePath}/assets/"; - extraConfig = '' - add_header Cache-Control "public, max-age=86400, immutable"; - ''; - }; - }; + }]; services.matrix-sliding-sync = enabled { environmentFile = config.age.secrets."cube/password.sync.matrix-synapse".path; @@ -115,19 +117,13 @@ in serverSystemConfiguration { }; }; - services.nginx.virtualHosts.${syncDomain} = (sslTemplate domain) // { + services.nginx.virtualHosts.${syncDomain} = ulib.recursiveUpdateAll [ (sslTemplate domain) notFoundLocationConfig { + root = "${sitePath}"; + locations."~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" .proxyPass = "http://[::]:${toString synapsePort}"; locations."~ ^(\\/_matrix|\\/_synapse\\/client)" .proxyPass = "http://[::]:${toString syncPort}"; - - locations."/".alias = "${sitePath}/404.html"; - locations."/assets/" = { - alias = "${sitePath}/assets/"; - extraConfig = '' - add_header Cache-Control "public, max-age=86400, immutable"; - ''; - }; - }; + }]; } diff --git a/hosts/cube/site.nix b/hosts/cube/site.nix index 93179d0..3e0c8fc 100644 --- a/hosts/cube/site.nix +++ b/hosts/cube/site.nix @@ -5,29 +5,30 @@ let path = "/var/www/site"; - assetsLocation = { - locations."/assets/" = { - alias = "${path}/assets/"; - extraConfig = '' - add_header Cache-Control "public, max-age=86400, immutable"; - ''; - }; + notFoundLocationConfig = { + extraConfig = "error_page 404 /404.html;"; + locations."= /404.html".extraConfig = "internal;"; }; in serverSystemConfiguration { - services.nginx.virtualHosts.${domain} = (sslTemplate domain) // assetsLocation // { - locations."/" = { - alias = "${path}/"; - tryFiles = "$uri $uri/ $uri.html $uri/index.html =404"; - }; - }; + services.nginx.virtualHosts.${domain} = ulib.recursiveUpdateAll [ (sslTemplate domain) notFoundLocationConfig { + root = "${path}"; + + locations."/".tryFiles = "$uri $uri.html $uri/index.html =404"; + locations."/assets/".extraConfig = '' + add_header Access-Control-Allow-Origin *.rgbcu.be; + + expires 24h; + ''; + }]; services.nginx.virtualHosts."www.${domain}" = (sslTemplate domain) // { - locations."/".extraConfig = '' - return 301 https://${domain}$request_uri; - ''; + locations."/".extraConfig = "return 301 https://${domain}$request_uri;"; }; - services.nginx.virtualHosts._ = (sslTemplate domain) // assetsLocation // { - locations."/".alias = "${path}/404.html"; - }; + services.nginx.virtualHosts._ = ulib.recursiveUpdateAll [ (sslTemplate domain) notFoundLocationConfig { + root = "${path}"; + + locations."/".extraConfig = "return 404;"; + locations."/assets/".extraConfig = "return 301 https://${domain}$request_uri;"; + }]; } diff --git a/lib/default.nix b/lib/default.nix index 8689ead..634af0a 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,6 +1,6 @@ -users: let +lib: users: let configuration = import ./configuration.nix users; - merge = import ./merge.nix; + merge = import ./merge.nix lib; ssl = import ./ssl.nix; values = import ./values.nix; in configuration // merge // ssl // values diff --git a/lib/merge.nix b/lib/merge.nix index e1b3f8f..cd72807 100644 --- a/lib/merge.nix +++ b/lib/merge.nix @@ -1,4 +1,4 @@ -let +lib: let mergeAll = builtins.foldl' (collected: module: { imports = collected.imports ++ [ module ]; }) { imports = []; }; @@ -8,4 +8,6 @@ in { merge4 = a: b: c: d: mergeAll [ a b c d ]; merge5 = a: b: c: d: e: mergeAll [ a b c d e ]; merge6 = a: b: c: d: e: f: mergeAll [ a b c d e f ]; + + recursiveUpdateAll = builtins.foldl' lib.recursiveUpdate {}; }