From dc7c5225adb13b3641320b3a78a639e145053d3c Mon Sep 17 00:00:00 2001
From: yuri <yuri@nekover.se>
Date: Sat, 5 Aug 2023 06:49:48 +0200
Subject: [PATCH] Enable proxyprotocol for nitter host

---
 hosts.nix                                     |  1 +
 hosts/nitter/configuration.nix                |  5 ++-
 hosts/nitter/nginx.nix                        | 44 +++++++++----------
 hosts/nitter/nitter.nix                       |  2 +-
 hosts/web-public-2/nginx.nix                  |  2 +-
 .../virtualHosts/birdsite.nekover.se.nix      | 26 -----------
 hosts/web-public-2/virtualHosts/default.nix   |  1 -
 7 files changed, 29 insertions(+), 52 deletions(-)
 delete mode 100644 hosts/web-public-2/virtualHosts/birdsite.nekover.se.nix

diff --git a/hosts.nix b/hosts.nix
index 9c83870..8a451d1 100644
--- a/hosts.nix
+++ b/hosts.nix
@@ -45,6 +45,7 @@ in
       site = "vs";
     };
     nitter = {
+      hostNixpkgs = nixpkgs-unstable;
       site = "vs";
     };
     nixos-coturn = {
diff --git a/hosts/nitter/configuration.nix b/hosts/nitter/configuration.nix
index a7002d0..bc54db7 100644
--- a/hosts/nitter/configuration.nix
+++ b/hosts/nitter/configuration.nix
@@ -7,7 +7,10 @@
 
   networking = {
     hostName = "nitter";
-    firewall.enable = false;
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 8443 ];
+    };
   };
 
   system.stateVersion = "23.05";
diff --git a/hosts/nitter/nginx.nix b/hosts/nitter/nginx.nix
index cdec9b4..d0f47ed 100644
--- a/hosts/nitter/nginx.nix
+++ b/hosts/nitter/nginx.nix
@@ -1,28 +1,28 @@
-{ ... }:
+{ config, ... }:
 {
   services.nginx = {
     enable = true;
-    enableReload = true;
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-
-    virtualHosts = {
-      "nixos-nitter.vs.grzb.de" = {
-        locations."/robots.txt" = {
-          return = "200 \"User-agent: *\\nDisallow: /\\n\"";
-        };
-
-        locations."/" = {
-          proxyPass = "http://localhost:8080";
-          extraConfig =
-            "proxy_http_version 1.1;" +
-            "proxy_set_header Upgrade $http_upgrade;" +
-            "proxy_set_header Connection \"upgrade\";" +
-            "proxy_set_header Host $host;"
-            ;
-        };
+    virtualHosts."birdsite.nekover.se" = {
+      forceSSL = true;
+      enableACME = true;
+      listen = [
+        { 
+          addr = "localhost";
+          port = 1234;
+        } # workaround for enableACME check
+        {
+          addr = "0.0.0.0";
+          port = 8443;
+          ssl = true;
+          proxyProtocol = true;
+        }
+      ];
+      locations."/robots.txt" = {
+        return = "200 \"User-agent: *\\nDisallow: /\\n\"";
+      };
+      locations."/" = {
+        proxyPass = "http://${config.services.nitter.server.address}:${builtins.toString config.services.nitter.server.port}";
+        proxyWebsockets = true;
       };
     };
   };
diff --git a/hosts/nitter/nitter.nix b/hosts/nitter/nitter.nix
index 301a7ca..94165c4 100644
--- a/hosts/nitter/nitter.nix
+++ b/hosts/nitter/nitter.nix
@@ -6,7 +6,7 @@
     server = {
       title = "Birdsite";
       https = true;
-      address = "0.0.0.0";
+      address = "127.0.0.1";
       port = 8080;
       hostname = "birdsite.nekover.se";
     };
diff --git a/hosts/web-public-2/nginx.nix b/hosts/web-public-2/nginx.nix
index a72db45..713a09d 100644
--- a/hosts/web-public-2/nginx.nix
+++ b/hosts/web-public-2/nginx.nix
@@ -10,7 +10,7 @@
     streamConfig = ''
       map $ssl_preread_server_name $address {
         anisync.grzb.de 127.0.0.1:8443;
-        birdsite.nekover.se 127.0.0.1:8443;
+        birdsite.nekover.se 10.202.41.107:8443;
         cloud.nekover.se 10.202.41.122:8443;
         element.nekover.se 127.0.0.1:8443;
         gameserver.grzb.de 127.0.0.1:8443;
diff --git a/hosts/web-public-2/virtualHosts/birdsite.nekover.se.nix b/hosts/web-public-2/virtualHosts/birdsite.nekover.se.nix
deleted file mode 100644
index a043d8e..0000000
--- a/hosts/web-public-2/virtualHosts/birdsite.nekover.se.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ ... }:
-{
-  services.nginx.virtualHosts."birdsite.nekover.se" = {
-    forceSSL = true;
-    enableACME = true;
-    listen = [
-      { 
-        addr = "localhost";
-        port = 1234;
-      } # workaround for enableACME check
-      {
-        addr = "localhost";
-        port = 8443;
-        ssl = true;
-        proxyProtocol = true;
-      }
-    ];
-    locations."/" = {
-      proxyPass = "http://nitter.vs.grzb.de:8080";
-      proxyWebsockets = true;
-    };
-    locations."/robots.txt" = {
-      return = "200 \"User-agent: *\\nDisallow: /\\n\"";
-    };
-  };
-}
diff --git a/hosts/web-public-2/virtualHosts/default.nix b/hosts/web-public-2/virtualHosts/default.nix
index c5ec5ef..06d0bfd 100644
--- a/hosts/web-public-2/virtualHosts/default.nix
+++ b/hosts/web-public-2/virtualHosts/default.nix
@@ -3,7 +3,6 @@
   imports = [
     ./acme-challenge.nix
     ./anisync.grzb.de.nix
-    ./birdsite.nekover.se.nix
     ./element.nekover.se.nix
     ./gameserver.grzb.de.nix
     ./git.grzb.de.nix