diff --git a/hosts/cube/grafana/default.nix b/hosts/cube/grafana/default.nix index 321d22e..9ddce24 100644 --- a/hosts/cube/grafana/default.nix +++ b/hosts/cube/grafana/default.nix @@ -69,6 +69,13 @@ in { }; services.nginx.virtualHosts.${fqdn} = merge config.services.nginx.sslTemplate { + extraConfig = /* nginx */ '' + # Grafana sets `nosniff` while not setting the content type properly, + # so everything breaks with it. Unset the header. + ${config.services.nginx.headers} + add_header X-Content-Type-Options "" always; + ''; + locations."/" = { proxyPass = "http://[::1]:${toString port}"; proxyWebsockets = true; diff --git a/hosts/cube/matrix/default.nix b/hosts/cube/matrix/default.nix index 4db543a..71a767f 100644 --- a/hosts/cube/matrix/default.nix +++ b/hosts/cube/matrix/default.nix @@ -2,8 +2,6 @@ inherit (config.networking) domain; inherit (lib) const enabled genAttrs merge strings; - pathSite = "/var/www/site"; - fqdn = "chat.${domain}"; port = 8002; @@ -24,24 +22,6 @@ "m.server" = "${fqdn}:443"; }; }; - - configNotFoundLocation = { - extraConfig = /* nginx */ '' - error_page 404 /404.html; - ''; - - locations."/".extraConfig = /* nginx */ '' - return 404; - ''; - - locations."/404".extraConfig = /* nginx */ '' - internal; - ''; - - locations."/assets/".extraConfig = /* nginx */ '' - return 301 https://${domain}$request_uri; - ''; - }; in { imports = [(self + /modules/nginx.nix)]; @@ -103,8 +83,8 @@ in { services.nginx.virtualHosts.${domain} = configWellKnownResponse; - services.nginx.virtualHosts.${fqdn} = merge config.services.nginx.sslTemplate configWellKnownResponse configNotFoundLocation { - root = pathSite; + services.nginx.virtualHosts.${fqdn} = merge config.services.nginx.sslTemplate configWellKnownResponse { + locations."/".return = "301 https://${domain}/404"; locations."/_matrix".proxyPass = "http://[::1]:${toString port}"; locations."/_synapse/client".proxyPass = "http://[::1]:${toString port}"; diff --git a/modules/site.nix b/modules/site.nix index 3a52ffa..7cfd535 100644 --- a/modules/site.nix +++ b/modules/site.nix @@ -2,54 +2,31 @@ inherit (config.networking) domain; inherit (lib) enabled merge; - pathSite = "/var/www/site"; - - configNotFoundLocation = { - extraConfig = /* nginx */ '' - error_page 404 /404.html; - ''; - - locations."/404".extraConfig = /* nginx */ '' - internal; - ''; - }; + root = "/var/www/site"; in { imports = [(self + /modules/nginx.nix)]; services.nginx = enabled { - virtualHosts.${domain} = merge config.services.nginx.sslTemplate configNotFoundLocation { - root = pathSite; + virtualHosts.${domain} = merge config.services.nginx.sslTemplate { + inherit root; locations."/".tryFiles = "$uri $uri.html $uri/index.html =404"; - locations."/assets/".extraConfig = /* nginx */ '' - if ($request_method = OPTIONS) { - ${config.services.nginx.headers} - add_header Content-Type text/plain always; - add_header Content-Length 0 always; - return 204; - } + extraConfig = /* nginx */ '' + error_page 404 /404.html; + ''; - expires 24h; + locations."/404".extraConfig = /* nginx */ '' + internal; ''; }; virtualHosts."www.${domain}" = merge config.services.nginx.sslTemplate { - locations."/".extraConfig = /* nginx */ '' - return 301 https://${domain}$request_uri; - ''; + locations."/".return = "301 https://${domain}$request_uri"; }; - virtualHosts._ = merge config.services.nginx.sslTemplate configNotFoundLocation { - root = pathSite; - - locations."/".extraConfig = /* nginx */ '' - return 404; - ''; - - locations."/assets/".extraConfig = /* nginx */ '' - return 301 https://${domain}$request_uri; - ''; + virtualHosts._ = merge config.services.nginx.sslTemplate { + locations."/".return = "301 https://${domain}/404"; }; }; }