Fix Nginx config (hopefully?)

flake.nix

@@ -96,7 +96,7 @@
       hostDefault = import ./hosts/${host} {
         config = {};
         keys   = {};
-        ulib   = (import ./lib null) // {
+        ulib   = (import ./lib lib null) // {
           merge = lib.recursiveUpdate;
         };
       };
@@ -115,7 +115,7 @@
       system = hostDefault.nixpkgs.hostPlatform;
 
       lib  = nixpkgs.lib;
-      ulib = import ./lib users;
+      ulib = import ./lib lib users;
 
       pkgs  = import nixpkgs { inherit system; };
       upkgs = let

hosts/cube/matrix-synapse.nix

@@ -18,6 +18,20 @@ let
   clientConfig."org.matrix.msc3575.proxy".url = "https://${syncDomain}";
   serverConfig."m.server" = "${chatDomain}:443";
 
+  wellKnownResponseConfig.locations = {
+    "= /.well-known/matrix/client".extraConfig = wellKnownResponse clientConfig;
+    "= /.well-known/matrix/server".extraConfig = wellKnownResponse serverConfig;
+  };
+
+  notFoundLocationConfig = {
+    locations."/".extraConfig = "return 404;";
+
+    extraConfig                         = "error_page 404 /404.html;";
+    locations."= /404.html".extraConfig = "internal;";
+
+    locations."/assets/".extraConfig = "return 301 https://${domain}$request_uri;";
+  };
+
   synapsePort = 8001;
   syncPort    = 8002;
 in serverSystemConfiguration {
@@ -85,26 +99,14 @@ in serverSystemConfiguration {
     }];
   };
 
-  services.nginx.virtualHosts.${domain}.locations =  {
+  services.nginx.virtualHosts.${domain} = wellKnownResponseConfig;
-    "= /.well-known/matrix/client".extraConfig = wellKnownResponse clientConfig;
-    "= /.well-known/matrix/server".extraConfig = wellKnownResponse serverConfig;
-  };
 
-  services.nginx.virtualHosts.${chatDomain} = (sslTemplate domain) // {
+  services.nginx.virtualHosts.${chatDomain} = ulib.recursiveUpdateAll [ (sslTemplate domain) wellKnownResponseConfig notFoundLocationConfig {
-    locations."= /.well-known/matrix/client".extraConfig = wellKnownResponse clientConfig;
+    root = "${sitePath}";
-    locations."= /.well-known/matrix/server".extraConfig = wellKnownResponse serverConfig;
 
     locations."/_matrix".proxyPass         = "http://[::]:${toString synapsePort}";
     locations."/_synapse/client".proxyPass = "http://[::]:${toString synapsePort}";
-
+  }];
-    locations."/".alias = "${sitePath}/404.html";
-    locations."/assets/"= {
-      alias       = "${sitePath}/assets/";
-      extraConfig = ''
-        add_header Cache-Control "public, max-age=86400, immutable";
-      '';
-    };
-  };
 
   services.matrix-sliding-sync = enabled {
     environmentFile = config.age.secrets."cube/password.sync.matrix-synapse".path;
@@ -115,19 +117,13 @@ in serverSystemConfiguration {
     };
   };
 
-  services.nginx.virtualHosts.${syncDomain} = (sslTemplate domain) // {
+  services.nginx.virtualHosts.${syncDomain} = ulib.recursiveUpdateAll [ (sslTemplate domain) notFoundLocationConfig {
+    root = "${sitePath}";
+
     locations."~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)"
       .proxyPass = "http://[::]:${toString synapsePort}";
 
     locations."~ ^(\\/_matrix|\\/_synapse\\/client)"
       .proxyPass = "http://[::]:${toString syncPort}";
-
+  }];
-    locations."/".alias = "${sitePath}/404.html";
-    locations."/assets/" = {
-      alias       = "${sitePath}/assets/";
-      extraConfig = ''
-        add_header Cache-Control "public, max-age=86400, immutable";
-      '';
-    };
-  };
 }

hosts/cube/site.nix

@@ -5,29 +5,30 @@ let
 
   path = "/var/www/site";
 
-  assetsLocation = {
+  notFoundLocationConfig = {
-    locations."/assets/" = {
+    extraConfig                         = "error_page 404 /404.html;";
-      alias       = "${path}/assets/";
+    locations."= /404.html".extraConfig = "internal;";
-      extraConfig = ''
-        add_header Cache-Control "public, max-age=86400, immutable";
-      '';
-    };
   };
 in serverSystemConfiguration {
-  services.nginx.virtualHosts.${domain} = (sslTemplate domain) // assetsLocation // {
+  services.nginx.virtualHosts.${domain} = ulib.recursiveUpdateAll [ (sslTemplate domain) notFoundLocationConfig {
-    locations."/" = {
+    root = "${path}";
-      alias    = "${path}/";
+
-      tryFiles = "$uri $uri/ $uri.html $uri/index.html =404";
+    locations."/".tryFiles           = "$uri $uri.html $uri/index.html =404";
-    };
+    locations."/assets/".extraConfig = ''
-  };
+      add_header Access-Control-Allow-Origin *.rgbcu.be;
+
+      expires 24h;
+    '';
+  }];
 
   services.nginx.virtualHosts."www.${domain}" = (sslTemplate domain) // {
-    locations."/".extraConfig = ''
+    locations."/".extraConfig = "return 301 https://${domain}$request_uri;";
-      return 301 https://${domain}$request_uri;
-    '';
   };
 
-  services.nginx.virtualHosts._ = (sslTemplate domain) // assetsLocation // {
+  services.nginx.virtualHosts._ = ulib.recursiveUpdateAll [ (sslTemplate domain) notFoundLocationConfig {
-    locations."/".alias = "${path}/404.html";
+    root = "${path}";
-  };
+
+    locations."/".extraConfig = "return 404;";
+    locations."/assets/".extraConfig = "return 301 https://${domain}$request_uri;";
+  }];
 }

lib/default.nix

@@ -1,6 +1,6 @@
-users: let
+lib: users: let
   configuration = import ./configuration.nix users;
-  merge         = import ./merge.nix;
+  merge         = import ./merge.nix lib;
   ssl           = import ./ssl.nix;
   values        = import ./values.nix;
 in configuration // merge // ssl // values

lib/merge.nix

@@ -1,4 +1,4 @@
-let
+lib: let
   mergeAll = builtins.foldl' (collected: module: {
     imports = collected.imports ++ [ module ];
   }) { imports = []; };
@@ -8,4 +8,6 @@ in {
   merge4 = a: b: c: d: mergeAll [ a b c d ];
   merge5 = a: b: c: d: e: mergeAll [ a b c d e ];
   merge6 = a: b: c: d: e: f: mergeAll [ a b c d e f ];
+
+  recursiveUpdateAll = builtins.foldl' lib.recursiveUpdate {};
 }