nginx configuration

2024-02-25 15:14:02 -08:00 · 2024-02-25 15:14:02 -08:00 · 1fc5af3791
parent 175f946c3c
commit 1fc5af3791
2 changed files with 67 additions and 13 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -36,19 +36,6 @@
    killall
  ];

-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "admin+acme@heartles.xyz";
-    certs."egirls.gay" = {
-      domain = "egirls.gay";
-      dnsProvider = "namecheap";
-      credentialsFile = "/etc/nixos-secrets/namecheap-acme";
-      group = "nginx";
-    };
-  };
-
-  services.nginx = { enable = true; };
-
  systemd.network.enable = true;
  systemd.network.networks."10-wan" = {
    matchConfig.Name = "enp1s0";
--- a/misskey-service.nix
+++ b/misskey-service.nix
@ -0,0 +1,67 @@
+{ pkgs, ... }: {
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_15;
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "admin+acme@heartles.xyz";
+    certs."egirls.gay" = {
+      domain = "egirls.gay";
+      dnsProvider = "namecheap";
+      credentialsFile = "/etc/nixos-secrets/namecheap-acme";
+      group = "nginx";
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+
+    virtualHosts."egirls.gay" = {
+      listen = [
+        {
+          port = 443;
+          addr = "0.0.0.0";
+          ssl = true;
+        }
+        {
+          port = 80;
+          addr = "0.0.0.0";
+        }
+      ];
+
+      forceSSL = true;
+      locations."/" = {
+        proxyWebsockets = true;
+        proxyPass = "http://127.0.0.1:3000";
+        extraConfig = ''
+          proxy_cache off;
+        '';
+      };
+
+      locations."/api/drive/files/create" = {
+        proxyWebsockets = true;
+        proxyPass = "http://127.0.0.1:3000";
+        extraConfig = ''
+          # increase max size and don't buffer file uploads
+          client_max_body_size 2g;
+          proxy_request_buffering off;
+          proxy_cache off;
+        '';
+      };
+
+      locations."/.well-known/matrix/server".extraConfig = ''
+        add_header Content-Type application/json;
+        add_header Access-Control-Allow-Origin '*';
+        return 200 '{"m.server":"synapse.egirls.gay"}';
+      '';
+      locations."/.well-known/matrix/client".extraConfig = ''
+        add_header Content-Type application/json;
+        add_header Access-Control-Allow-Origin '*';
+        return 200 '{"m.homeserver":{"base_url":"https://synapse.egirls.gay"}}';
+      '';
+    };
+  };
+}