2020-03-15 15:52:02 +01:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
let
|
|
|
|
|
|
|
|
errorPages = pkgs.fetchgit {
|
|
|
|
url = "https://git.ingolf-wagner.de/palo/http-errors.git";
|
2020-03-15 16:51:11 +01:00
|
|
|
rev = "a6bfef1fa69e2cb836a51af265f5d4f2a615d77a";
|
|
|
|
sha256 = "0lypdggya80gwmz18bdpspisw5wyy4invpri42zaq5xb3808hqyl";
|
2020-03-15 15:52:02 +01:00
|
|
|
};
|
2020-03-15 16:51:11 +01:00
|
|
|
|
2020-03-15 15:52:02 +01:00
|
|
|
error = {
|
|
|
|
extraConfig = ''
|
|
|
|
error_page 400 /errors/400.html;
|
|
|
|
error_page 401 /errors/401.html;
|
|
|
|
error_page 402 /errors/402.html;
|
|
|
|
error_page 403 /errors/403.html;
|
|
|
|
error_page 404 /errors/404.html;
|
|
|
|
error_page 405 /errors/405.html;
|
|
|
|
error_page 406 /errors/406.html;
|
|
|
|
error_page 500 /errors/500.html;
|
|
|
|
error_page 501 /errors/501.html;
|
|
|
|
error_page 502 /errors/502.html;
|
|
|
|
error_page 503 /errors/503.html;
|
|
|
|
error_page 504 /errors/504.html;
|
|
|
|
'';
|
|
|
|
locations."^~ /errors/" = {
|
|
|
|
extraConfig = "internal;";
|
|
|
|
root = "${errorPages}/";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
in {
|
2019-10-24 02:20:38 +02:00
|
|
|
|
2020-03-03 17:14:21 +01:00
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 4443 ];
|
|
|
|
networking.firewall.allowedUDPPorts = [ 80 443 4443 ];
|
2019-10-24 02:20:38 +02:00
|
|
|
|
|
|
|
services.nginx = {
|
|
|
|
enable = true;
|
2020-03-04 07:37:03 +01:00
|
|
|
recommendedProxySettings = true;
|
2019-10-24 02:20:38 +02:00
|
|
|
virtualHosts = {
|
|
|
|
|
|
|
|
"git.ingolf-wagner.de" = {
|
|
|
|
listen = [
|
2019-12-20 05:54:26 +01:00
|
|
|
{
|
|
|
|
addr = "0.0.0.0";
|
|
|
|
port = 4443;
|
|
|
|
ssl = true;
|
|
|
|
}
|
|
|
|
{
|
|
|
|
addr = "0.0.0.0";
|
|
|
|
port = 80;
|
|
|
|
ssl = false;
|
|
|
|
}
|
2019-10-24 02:20:38 +02:00
|
|
|
];
|
2019-12-20 05:54:26 +01:00
|
|
|
forceSSL = true;
|
2019-10-24 02:20:38 +02:00
|
|
|
enableACME = true;
|
2020-03-15 15:52:02 +01:00
|
|
|
extraConfig = error.extraConfig;
|
|
|
|
|
|
|
|
locations = {
|
|
|
|
"/" = { proxyPass = "http://workhorse.private:3000"; };
|
|
|
|
} // error.locations;
|
2019-10-24 02:20:38 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
"paste.ingolf-wagner.de" = {
|
|
|
|
listen = [
|
2019-12-20 05:54:26 +01:00
|
|
|
{
|
|
|
|
addr = "0.0.0.0";
|
|
|
|
port = 4443;
|
|
|
|
ssl = true;
|
|
|
|
}
|
|
|
|
{
|
|
|
|
addr = "0.0.0.0";
|
|
|
|
port = 80;
|
|
|
|
ssl = false;
|
|
|
|
}
|
2019-10-24 02:20:38 +02:00
|
|
|
];
|
2019-12-20 05:54:26 +01:00
|
|
|
forceSSL = true;
|
2019-10-24 02:20:38 +02:00
|
|
|
enableACME = true;
|
2020-03-15 15:52:02 +01:00
|
|
|
extraConfig = error.extraConfig;
|
|
|
|
locations = {
|
|
|
|
"/" = { proxyPass = "http://workhorse.private:8000"; };
|
|
|
|
} // error.locations;
|
2019-10-24 02:20:38 +02:00
|
|
|
};
|
|
|
|
|
2020-01-19 07:13:54 +01:00
|
|
|
"travel.ingolf-wagner.de" = {
|
|
|
|
listen = [
|
|
|
|
{
|
|
|
|
addr = "0.0.0.0";
|
|
|
|
port = 4443;
|
|
|
|
ssl = true;
|
|
|
|
}
|
|
|
|
{
|
|
|
|
addr = "0.0.0.0";
|
|
|
|
port = 80;
|
|
|
|
ssl = false;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
forceSSL = true;
|
|
|
|
enableACME = true;
|
2020-03-15 15:52:02 +01:00
|
|
|
extraConfig = error.extraConfig;
|
|
|
|
locations = {
|
|
|
|
"/" = {
|
|
|
|
root = "/srv/www/travel";
|
|
|
|
extraConfig = ''
|
|
|
|
if (-d $request_filename) {
|
|
|
|
rewrite [^/]$ $scheme://$http_host$request_uri/ permanent;
|
|
|
|
}
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
} // error.locations;
|
2020-01-19 07:13:54 +01:00
|
|
|
};
|
|
|
|
|
2019-10-24 02:20:38 +02:00
|
|
|
"tech.ingolf-wagner.de" = {
|
|
|
|
listen = [
|
2019-12-20 05:54:26 +01:00
|
|
|
{
|
|
|
|
addr = "0.0.0.0";
|
|
|
|
port = 4443;
|
|
|
|
ssl = true;
|
|
|
|
}
|
|
|
|
{
|
|
|
|
addr = "0.0.0.0";
|
|
|
|
port = 80;
|
|
|
|
ssl = false;
|
|
|
|
}
|
2019-10-24 02:20:38 +02:00
|
|
|
];
|
2019-12-20 05:54:26 +01:00
|
|
|
forceSSL = true;
|
2019-10-24 02:20:38 +02:00
|
|
|
enableACME = true;
|
2020-03-15 15:52:02 +01:00
|
|
|
extraConfig = error.extraConfig;
|
|
|
|
locations = {
|
|
|
|
"/" = {
|
|
|
|
root = "/srv/www/tech";
|
|
|
|
extraConfig = ''
|
|
|
|
if (-d $request_filename) {
|
|
|
|
rewrite [^/]$ $scheme://$http_host$request_uri/ permanent;
|
|
|
|
}
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
} // error.locations;
|
2019-10-24 02:20:38 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
"terranix.org" = {
|
|
|
|
listen = [
|
2019-12-20 05:54:26 +01:00
|
|
|
{
|
|
|
|
addr = "0.0.0.0";
|
|
|
|
port = 4443;
|
|
|
|
ssl = true;
|
|
|
|
}
|
|
|
|
{
|
|
|
|
addr = "0.0.0.0";
|
|
|
|
port = 80;
|
|
|
|
ssl = false;
|
|
|
|
}
|
2019-10-24 02:20:38 +02:00
|
|
|
];
|
2019-12-20 05:54:26 +01:00
|
|
|
forceSSL = true;
|
2019-10-24 02:20:38 +02:00
|
|
|
enableACME = true;
|
2020-03-15 15:52:02 +01:00
|
|
|
extraConfig = error.extraConfig;
|
|
|
|
locations = {
|
|
|
|
"/" = {
|
|
|
|
root = "/srv/www/terranix";
|
|
|
|
extraConfig = ''
|
|
|
|
if (-d $request_filename) {
|
|
|
|
rewrite [^/]$ $scheme://$http_host$request_uri/ permanent;
|
|
|
|
}
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
} // error.locations;
|
2019-10-24 02:20:38 +02:00
|
|
|
};
|
|
|
|
|
2020-03-09 16:49:15 +01:00
|
|
|
"chat.ingolf-wagner.de" = {
|
|
|
|
listen = [
|
|
|
|
{
|
|
|
|
addr = "0.0.0.0";
|
|
|
|
port = 4443;
|
|
|
|
ssl = true;
|
|
|
|
}
|
|
|
|
{
|
|
|
|
addr = "0.0.0.0";
|
|
|
|
port = 80;
|
|
|
|
ssl = false;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
forceSSL = true;
|
|
|
|
enableACME = true;
|
2020-03-15 15:52:02 +01:00
|
|
|
extraConfig = error.extraConfig;
|
2020-03-09 16:49:15 +01:00
|
|
|
locations = {
|
|
|
|
"/" = {
|
|
|
|
proxyPass = "http://chat.workhorse.private";
|
|
|
|
proxyWebsockets = true;
|
|
|
|
extraConfig = ''
|
|
|
|
sub_filter "http://chat.ingolf-wagner.de" "https://chat.ingolf-wagner.de";
|
|
|
|
sub_filter "chat.workhorse.private" "chat.ingolf-wagner.de";
|
|
|
|
'';
|
|
|
|
};
|
2020-03-15 15:52:02 +01:00
|
|
|
} // error.locations;
|
2020-03-09 16:49:15 +01:00
|
|
|
};
|
|
|
|
|
2020-03-03 17:14:21 +01:00
|
|
|
"nextcloud.ingolf-wagner.de" = {
|
|
|
|
listen = [
|
|
|
|
{
|
|
|
|
addr = "0.0.0.0";
|
|
|
|
port = 4443;
|
|
|
|
ssl = true;
|
|
|
|
}
|
|
|
|
{
|
|
|
|
addr = "0.0.0.0";
|
|
|
|
port = 80;
|
|
|
|
ssl = false;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
forceSSL = true;
|
|
|
|
enableACME = true;
|
2020-03-15 15:52:02 +01:00
|
|
|
extraConfig = error.extraConfig;
|
2020-03-06 08:28:19 +01:00
|
|
|
locations = {
|
|
|
|
"/" = {
|
|
|
|
proxyPass = "http://nextcloud.workhorse.private";
|
|
|
|
extraConfig = ''
|
|
|
|
sub_filter "http://nextcloud.ingolf-wagner.de" "https://nextcloud.ingolf-wagner.de";
|
|
|
|
sub_filter "nextcloud.workhorse.private" "nextcloud.ingolf-wagner.de";
|
|
|
|
# used for view/edit office file via Office Online Server
|
|
|
|
client_max_body_size 0;
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
"= /.well-known/carddav" = {
|
|
|
|
priority = 210;
|
|
|
|
extraConfig = "return 301 $scheme://$host/remote.php/dav;";
|
|
|
|
};
|
|
|
|
"= /.well-known/caldav" = {
|
|
|
|
priority = 210;
|
|
|
|
extraConfig = "return 301 $scheme://$host/remote.php/dav;";
|
|
|
|
};
|
|
|
|
|
2020-03-15 15:52:02 +01:00
|
|
|
} // error.locations;
|
2020-03-03 17:14:21 +01:00
|
|
|
};
|
|
|
|
|
2019-10-24 02:20:38 +02:00
|
|
|
"gaykraft.com" = {
|
|
|
|
listen = [
|
2019-12-20 05:54:26 +01:00
|
|
|
{
|
|
|
|
addr = "0.0.0.0";
|
|
|
|
port = 4443;
|
|
|
|
ssl = true;
|
|
|
|
}
|
|
|
|
{
|
|
|
|
addr = "0.0.0.0";
|
|
|
|
port = 80;
|
|
|
|
ssl = false;
|
|
|
|
}
|
2019-10-24 02:20:38 +02:00
|
|
|
];
|
2019-12-20 05:54:26 +01:00
|
|
|
forceSSL = true;
|
2019-10-24 02:20:38 +02:00
|
|
|
enableACME = true;
|
2020-03-15 15:52:02 +01:00
|
|
|
extraConfig = error.extraConfig;
|
|
|
|
locations = {
|
|
|
|
"/" = { root = "/srv/www/gaykraft"; };
|
|
|
|
} // error.locations;
|
2019-10-24 02:20:38 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
services.sslh = {
|
|
|
|
enable = true;
|
|
|
|
listenAddress = "0.0.0.0";
|
|
|
|
port = 443;
|
|
|
|
verbose = false;
|
|
|
|
transparent = true;
|
2019-12-20 05:54:26 +01:00
|
|
|
appendConfig = # json
|
|
|
|
''
|
|
|
|
protocols:
|
|
|
|
(
|
|
|
|
{ name: "ssh"; service: "ssh"; host: "localhost"; port: "2222"; probe: "builtin"; },
|
|
|
|
{ name: "ssl"; host: "localhost"; port: "4443"; probe: "builtin"; },
|
|
|
|
{ name: "tinc"; host: "localhost"; port: "655"; probe: "builtin"; }
|
|
|
|
);
|
|
|
|
'';
|
2019-10-24 02:20:38 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
systemd.services."socat-proxy" = {
|
|
|
|
wantedBy = [ "sslh.service" "multi-user.target" ];
|
|
|
|
after = [ "sslh.service" ];
|
|
|
|
script = ''
|
|
|
|
${pkgs.socat}/bin/socat TCP-LISTEN:2222,fork TCP:workhorse.private:2222
|
|
|
|
'';
|
|
|
|
#serviceConfig.User = "sslh";
|
|
|
|
};
|
|
|
|
|
|
|
|
}
|