move terranix.org to github and fix matrix.terranix.org
This commit is contained in:
parent
cc8f610382
commit
acaec28a55
7 changed files with 167 additions and 29 deletions
|
@ -141,21 +141,6 @@ in
|
|||
};
|
||||
} // error.locations;
|
||||
};
|
||||
"terranix.org" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
extraConfig = error.extraConfig;
|
||||
locations = {
|
||||
"/" = {
|
||||
root = "/srv/www/terranix";
|
||||
extraConfig = ''
|
||||
if (-d $request_filename) {
|
||||
rewrite [^/]$ $scheme://$http_host$request_uri/ permanent;
|
||||
}
|
||||
'';
|
||||
};
|
||||
} // error.locations;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -3,7 +3,8 @@ let
|
|||
|
||||
inherit (config.services.dendrite.settings.global) server_name;
|
||||
|
||||
nginx-vhost = "matrix.terranix.org";
|
||||
matrix_host = "matrix.terranix.org";
|
||||
element_host = "element.terranix.org";
|
||||
element-web-terranix.org =
|
||||
pkgs.runCommand "element-web-with-config"
|
||||
{
|
||||
|
@ -11,9 +12,9 @@ let
|
|||
} ''
|
||||
cp -r ${pkgs.element-web} $out
|
||||
chmod -R u+w $out
|
||||
jq '."default_server_config"."m.homeserver" = { "base_url": "https://${nginx-vhost}:443", "server_name": "${server_name}" }' \
|
||||
jq '."default_server_config"."m.homeserver" = { "base_url": "https://${matrix_host}:443", "server_name": "${server_name}" }' \
|
||||
> $out/config.json < ${pkgs.element-web}/config.json
|
||||
ln -s $out/config.json $out/config.${nginx-vhost}.json
|
||||
ln -s $out/config.json $out/config.${matrix_host}.json
|
||||
'';
|
||||
in
|
||||
{
|
||||
|
@ -86,7 +87,37 @@ in
|
|||
"matrix-server-key:${config.sops.secrets.matrix-server-key.path}"
|
||||
];
|
||||
|
||||
services.nginx.virtualHosts.${nginx-vhost} = {
|
||||
# Verify if federation works with
|
||||
# https://federationtester.matrix.org/#terranix.org
|
||||
services.nginx.virtualHosts.${matrix_host} = {
|
||||
serverAliases = [ "terranix.org" ];
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 443;
|
||||
ssl = true;
|
||||
}
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 8448;
|
||||
ssl = true;
|
||||
extraParameters = [ "default_server" ];
|
||||
}
|
||||
];
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_read_timeout 600;
|
||||
'';
|
||||
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.dendrite.httpPort}";
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 8448 ];
|
||||
networking.firewall.allowedUDPPorts = [ 8448 ];
|
||||
|
||||
services.nginx.virtualHosts.${element_host} = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
extraConfig = ''
|
||||
|
@ -94,16 +125,7 @@ in
|
|||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_read_timeout 600;
|
||||
'';
|
||||
locations."/_matrix".proxyPass = "http://127.0.0.1:${toString config.services.dendrite.httpPort}";
|
||||
# for remote admin access
|
||||
locations."/_synapse".proxyPass = "http://127.0.0.1:${toString config.services.dendrite.httpPort}";
|
||||
locations."/".root = element-web-terranix.org;
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts.${server_name} = {
|
||||
locations."= /.well-known/matrix/server".alias =
|
||||
pkgs.writeText "matrix-server" (builtins.toJSON { "m.server" = "${nginx-vhost}:443"; });
|
||||
locations."= /.well-known/matrix/client".alias =
|
||||
pkgs.writeText "matrix-client" (builtins.toJSON { "m.homeserver".base_url = "https://${nginx-vhost}"; });
|
||||
};
|
||||
}
|
||||
|
|
1
terranix/terranix.org/.gitignore
vendored
Normal file
1
terranix/terranix.org/.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
terraform.tfstate*
|
19
terranix/terranix.org/targets/namecheap/__provider.tf
Normal file
19
terranix/terranix.org/targets/namecheap/__provider.tf
Normal file
|
@ -0,0 +1,19 @@
|
|||
# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa
|
||||
terraform {
|
||||
required_providers {
|
||||
namecheap = {
|
||||
source = "namecheap/namecheap"
|
||||
version = ">= 2.0.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Namecheap API credentials
|
||||
provider "namecheap" {
|
||||
user_name = var.namecheap_user
|
||||
api_user = var.namecheap_user
|
||||
api_key = var.namecheap_api_key
|
||||
}
|
||||
|
||||
variable "namecheap_user" {}
|
||||
variable "namecheap_api_key" {}
|
68
terranix/terranix.org/targets/namecheap/main.tf
Normal file
68
terranix/terranix.org/targets/namecheap/main.tf
Normal file
|
@ -0,0 +1,68 @@
|
|||
locals {
|
||||
minutes = 60
|
||||
hours = 60 * local.minutes
|
||||
days = 24 * local.hours
|
||||
|
||||
normal_ttl = 12 * local.hours
|
||||
short_ttl = 30 * local.minutes
|
||||
very_short_ttl = 2 * local.minutes
|
||||
}
|
||||
|
||||
resource "namecheap_domain_records" "terranix" {
|
||||
domain = "terranix.org"
|
||||
mode = "OVERWRITE"
|
||||
email_type = "OX"
|
||||
|
||||
# terranix.org
|
||||
record {
|
||||
address = "terranix.github.io"
|
||||
hostname = "@"
|
||||
mx_pref = 10
|
||||
ttl = local.normal_ttl
|
||||
type = "CNAME"
|
||||
}
|
||||
|
||||
# subdomain regex
|
||||
record {
|
||||
address = "144.76.13.147"
|
||||
hostname = "*"
|
||||
mx_pref = 10
|
||||
ttl = local.normal_ttl
|
||||
type = "A"
|
||||
}
|
||||
|
||||
# matrix.terranix.org (needed?)
|
||||
record {
|
||||
address = "144.76.13.147"
|
||||
hostname = "matrix"
|
||||
mx_pref = 10
|
||||
ttl = local.normal_ttl
|
||||
type = "A"
|
||||
}
|
||||
|
||||
# Github Challenges
|
||||
record {
|
||||
address = "c3fd9329fe"
|
||||
hostname = "_github-challenge-terranix-org"
|
||||
mx_pref = 10
|
||||
ttl = local.normal_ttl
|
||||
type = "TXT"
|
||||
}
|
||||
record {
|
||||
address = "ece2e1608cde1d7785b1315d0b0019"
|
||||
hostname = "_github-pages-challenge-terranix"
|
||||
mx_pref = 10
|
||||
ttl = local.normal_ttl
|
||||
type = "TXT"
|
||||
}
|
||||
|
||||
# Mail Challenges
|
||||
record {
|
||||
address = "v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlSGd9dcuYFJ8CNAIgF/IWzKD8MlW41V4QeMgWgAQvKCW4JU2pF9IlcQGN+7IQf4PtJlzr/ClUspex58q75IZUjcLCGU0QdaqWPveQuIlS4JwgQadfNc8JtOiDlUSxMWfpROyvNyLtXUQftUvmppJDml2evo2OA5CpN7cKPzR4KcVINHlaL23m7mw9rLWWIpoxaGgp/aTi/a9m3PovUQ/lfDPrgvnmEGIc9piVO3DVE64dB/7yAZe9Jd2Qka3nwq5x3so1YPIOKXVK8G40NlyBOfPdKOeKhERuFL5zMIsLlcJd0BeLiuVqobc6DWLQMjrKDUEVnBsx2dJmhosqeG2wIDAQAB"
|
||||
hostname = "default._domainkey"
|
||||
mx_pref = 10
|
||||
ttl = local.normal_ttl
|
||||
type = "TXT"
|
||||
}
|
||||
|
||||
}
|
30
terranix/terranix.org/targets/namecheap/terragrunt.hcl
Normal file
30
terranix/terranix.org/targets/namecheap/terragrunt.hcl
Normal file
|
@ -0,0 +1,30 @@
|
|||
|
||||
inputs = {
|
||||
namecheap_user = run_cmd("--terragrunt-quiet", "pass", "show", "development/namecheap.com/username")
|
||||
namecheap_api_key = run_cmd("--terragrunt-quiet", "pass", "show", "development/namecheap.com/api-key")
|
||||
}
|
||||
|
||||
generate "provider" {
|
||||
path = "__provider.tf"
|
||||
if_exists = "overwrite_terragrunt"
|
||||
contents = <<EOF
|
||||
terraform {
|
||||
required_providers {
|
||||
namecheap = {
|
||||
source = "namecheap/namecheap"
|
||||
version = ">= 2.0.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Namecheap API credentials
|
||||
provider "namecheap" {
|
||||
user_name = var.namecheap_user
|
||||
api_user = var.namecheap_user
|
||||
api_key = var.namecheap_api_key
|
||||
}
|
||||
|
||||
variable "namecheap_user" { }
|
||||
variable "namecheap_api_key" { }
|
||||
EOF
|
||||
}
|
13
treefmt.toml
13
treefmt.toml
|
@ -33,3 +33,16 @@ includes = [
|
|||
"*.yaml",
|
||||
"*.yml",
|
||||
]
|
||||
|
||||
[formatter.terragrunt]
|
||||
command = "terragrunt"
|
||||
options = [ "hclfmt" ]
|
||||
includes = [ "*.hcl" ]
|
||||
excludes = [ "*/.terraform" ]
|
||||
|
||||
[formatter.terraform]
|
||||
command = "terraform"
|
||||
options = [ "fmt" ]
|
||||
includes = [ "*.tf" ]
|
||||
excludes = [ "*/.terraform" ]
|
||||
|
||||
|
|
Loading…
Reference in a new issue