fi/nix-infra
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Migrate Mastodon to NixOS

Browse source
This commit is contained in:
yuri 2023-10-10 04:14:29 +02:00
commit 6b447c40aa
11 changed files with 256 additions and 78 deletions
Download patch file Download diff file Expand all files Collapse all files

2
config/hosts/web-public-2/nginx.nix
View file

@ -25,7 +25,7 @@
nekover.se 127.0.0.1:8443;
nextcloud.grzb.de 127.0.0.1:8443;
nix-cache.nekover.se 10.202.41.121:8443;
social.nekover.se 127.0.0.1:8443;
social.nekover.se 10.202.41.104:8443;
}
server {

105
config/hosts/web-public-2/virtualHosts/acme-challenge.nix
View file

@ -1,57 +1,68 @@
{ ... }:
{
services.nginx.virtualHosts."jellyfin.grzb.de" = {
listen = [{
addr = "0.0.0.0";
port = 80;
}];
locations."^~ /.well-known/acme-challenge/" = {
proxyPass = "http://jellyfin.vs.grzb.de:80";
services.nginx.virtualHosts = {
"jellyfin.grzb.de" = {
listen = [{
addr = "0.0.0.0";
port = 80;
}];
locations."^~ /.well-known/acme-challenge/" = {
proxyPass = "http://jellyfin.vs.grzb.de:80";
};
};
};
services.nginx.virtualHosts."mail-1.grzb.de" = {
listen = [{
addr = "0.0.0.0";
port = 80;
}];
locations."^~ /.well-known/acme-challenge/" = {
proxyPass = "http://mail-1.vs.grzb.de:80";
"mail-1.grzb.de" = {
listen = [{
addr = "0.0.0.0";
port = 80;
}];
locations."^~ /.well-known/acme-challenge/" = {
proxyPass = "http://mail-1.vs.grzb.de:80";
};
};
};
services.nginx.virtualHosts."matrix.nekover.se" = {
listen = [{
addr = "0.0.0.0";
port = 80;
}];
locations."^~ /.well-known/acme-challenge/" = {
proxyPass = "http://matrix.vs.grzb.de:80";
"mastodon.nekover.se" = {
listen = [{
addr = "0.0.0.0";
port = 80;
}];
locations."^~ /.well-known/acme-challenge/" = {
proxyPass = "http://mastodon.vs.grzb.de:80";
};
};
};
services.nginx.virtualHosts."netbox.grzb.de" = {
listen = [{
addr = "0.0.0.0";
port = 80;
}];
locations."^~ /.well-known/acme-challenge/" = {
proxyPass = "http://netbox.vs.grzb.de:80";
"matrix.nekover.se" = {
listen = [{
addr = "0.0.0.0";
port = 80;
}];
locations."^~ /.well-known/acme-challenge/" = {
proxyPass = "http://matrix.vs.grzb.de:80";
};
};
};
services.nginx.virtualHosts."grafana.grzb.de" = {
listen = [{
addr = "0.0.0.0";
port = 80;
}];
locations."^~ /.well-known/acme-challenge/" = {
proxyPass = "http://metrics.vs.grzb.de:80";
"netbox.grzb.de" = {
listen = [{
addr = "0.0.0.0";
port = 80;
}];
locations."^~ /.well-known/acme-challenge/" = {
proxyPass = "http://netbox.vs.grzb.de:80";
};
};
};
services.nginx.virtualHosts."turn.nekover.se" = {
listen = [{
addr = "0.0.0.0";
port = 80;
}];
locations."^~ /.well-known/acme-challenge/" = {
proxyPass = "http://coturn.vs.grzb.de:80";
"grafana.grzb.de" = {
listen = [{
addr = "0.0.0.0";
port = 80;
}];
locations."^~ /.well-known/acme-challenge/" = {
proxyPass = "http://metrics.vs.grzb.de:80";
};
};
"turn.nekover.se" = {
listen = [{
addr = "0.0.0.0";
port = 80;
}];
locations."^~ /.well-known/acme-challenge/" = {
proxyPass = "http://coturn.vs.grzb.de:80";
};
};
};
}

1
config/hosts/web-public-2/virtualHosts/default.nix
View file

@ -8,7 +8,6 @@
./git.grzb.de.nix
./mewtube.nekover.se.nix
./nekover.se.nix
./social.nekover.se.nix
];
services.nginx.virtualHosts."_" = {

29
config/hosts/web-public-2/virtualHosts/social.nekover.se.nix
View file

@ -1,29 +0,0 @@
{ ... }:
{
services.nginx.virtualHosts."social.nekover.se" = {
forceSSL = true;
enableACME = true;
listen = [
{
addr = "localhost";
port = 1234;
} # workaround for enableACME check
{
addr = "localhost";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
locations."/" = {
proxyPass = "http://mastodon.vs.grzb.de:80";
proxyWebsockets = true;
};
extraConfig = ''
client_max_body_size 80m;
set_real_ip_from 127.0.0.1;
real_ip_header proxy_protocol;
'';
};
}