2024-05-08 17:47:47 +00:00
|
|
|
{
|
|
|
|
lib, config, ... }: {
|
2023-10-28 15:50:37 +00:00
|
|
|
systemd.tmpfiles.rules = [
|
2024-05-08 17:47:47 +00:00
|
|
|
"d '/srv/www/${config.pub-solar-os.networking.domain}' 0750 hakkonaut hakkonaut - -"
|
2023-10-28 15:50:37 +00:00
|
|
|
];
|
|
|
|
|
2023-10-28 14:26:02 +00:00
|
|
|
services.nginx.virtualHosts = {
|
2024-05-08 17:47:47 +00:00
|
|
|
"www.${config.pub-solar-os.networking.domain}" = {
|
2023-10-28 15:50:37 +00:00
|
|
|
enableACME = true;
|
|
|
|
addSSL = true;
|
2024-02-25 16:01:34 +00:00
|
|
|
|
|
|
|
extraConfig = ''
|
|
|
|
error_log /dev/null;
|
|
|
|
access_log /dev/null;
|
|
|
|
'';
|
|
|
|
|
2023-10-28 15:50:37 +00:00
|
|
|
locations."/" = {
|
|
|
|
extraConfig = ''
|
2024-05-08 17:47:47 +00:00
|
|
|
return 301 https://${config.pub-solar-os.networking.domain}$request_uri;
|
2023-10-28 15:50:37 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
2023-10-28 14:26:02 +00:00
|
|
|
|
2024-05-08 17:47:47 +00:00
|
|
|
"${config.pub-solar-os.networking.domain}" = {
|
2023-10-28 14:26:02 +00:00
|
|
|
default = true;
|
|
|
|
enableACME = true;
|
2023-10-28 15:50:37 +00:00
|
|
|
forceSSL = true;
|
2023-10-28 14:26:02 +00:00
|
|
|
|
2024-02-25 16:01:34 +00:00
|
|
|
extraConfig = ''
|
|
|
|
error_log /dev/null;
|
|
|
|
access_log /dev/null;
|
|
|
|
'';
|
|
|
|
|
2023-10-28 14:26:02 +00:00
|
|
|
locations = {
|
|
|
|
# serve base domain pub.solar for mastodon.pub.solar
|
|
|
|
# https://masto.host/mastodon-usernames-different-from-the-domain-used-for-installation/
|
|
|
|
"/.well-known/host-meta" = {
|
|
|
|
extraConfig = ''
|
2024-05-08 17:47:47 +00:00
|
|
|
return 301 https://mastodon.${config.pub-solar-os.networking.domain}$request_uri;
|
2023-10-28 14:26:02 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
# Tailscale OIDC webfinger requirement plus Mastodon webfinger redirect
|
|
|
|
"/.well-known/webfinger" = {
|
|
|
|
# Redirect requests that match /.well-known/webfinger?resource=* to Mastodon
|
|
|
|
extraConfig = ''
|
2023-10-28 15:50:37 +00:00
|
|
|
if ($arg_resource) {
|
2024-05-08 17:47:47 +00:00
|
|
|
return 301 https://mastodon.${config.pub-solar-os.networking.domain}$request_uri;
|
2023-10-28 14:26:02 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
add_header Content-Type text/plain;
|
2024-05-08 17:47:47 +00:00
|
|
|
return 200 '{\n "subject": "acct:admins@pub.solar",\n "links": [\n {\n "rel": "http://openid.net/specs/connect/1.0/issuer",\n "href": "https://auth.${config.pub-solar-os.networking.domain}/realms/pub.solar"\n }\n ]\n}';
|
2023-10-28 14:26:02 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2024-03-22 11:38:29 +00:00
|
|
|
# Responsible disclosure information https://securitytxt.org/
|
|
|
|
"/.well-known/security.txt" = let
|
|
|
|
securityTXT = lib.lists.foldr (a: b: a + "\n" + b) "" [
|
|
|
|
"Contact: mailto:admins@pub.solar"
|
|
|
|
"Expires: 2025-01-04T23:00:00.000Z"
|
|
|
|
"Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/8A8987ADE3736C8CA2EB315A9B809EBBDD62BAE3"
|
|
|
|
"Preferred-Languages: en,de"
|
2024-05-08 17:47:47 +00:00
|
|
|
"Canonical: https://${config.pub-solar-os.networking.domain}/.well-known/security.txt"
|
2024-03-22 11:38:29 +00:00
|
|
|
];
|
|
|
|
in {
|
|
|
|
extraConfig = ''
|
|
|
|
add_header Content-Type text/plain;
|
|
|
|
return 200 '${securityTXT}';
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-10-28 14:26:02 +00:00
|
|
|
"/satzung" = {
|
|
|
|
extraConfig = ''
|
2024-05-08 17:47:47 +00:00
|
|
|
return 302 https://cloud.${config.pub-solar-os.networking.domain}/s/iaKqiW25QJpHPYs;
|
2023-10-28 14:26:02 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
"/" = {
|
2024-05-08 17:47:47 +00:00
|
|
|
root = "/srv/www/${config.pub-solar-os.networking.domain}";
|
2023-10-28 14:26:02 +00:00
|
|
|
index = "index.html";
|
2023-10-28 15:50:37 +00:00
|
|
|
tryFiles = "$uri $uri/ =404";
|
2023-10-28 14:26:02 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|