From 05b880da4ba62e0f9448581e2c7017e7143548cd Mon Sep 17 00:00:00 2001 From: Hendrik Sokolowski Date: Sat, 28 Oct 2023 16:25:48 +0200 Subject: [PATCH 1/3] Update to new standards --- hosts/nachtigall/apps/nginx.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/nachtigall/apps/nginx.nix b/hosts/nachtigall/apps/nginx.nix index 359a8e37..37943f05 100644 --- a/hosts/nachtigall/apps/nginx.nix +++ b/hosts/nachtigall/apps/nginx.nix @@ -16,7 +16,7 @@ in { security.acme = { acceptTerms = true; - email = acmeEmailAddress; + defaults.email = acmeEmailAddress; }; networking.firewall.allowedTCPPorts = [80 443]; From 6630dd8ce6a29195502673cdaec29f9400c4cf90 Mon Sep 17 00:00:00 2001 From: Hendrik Sokolowski Date: Sat, 28 Oct 2023 16:26:02 +0200 Subject: [PATCH 2/3] Add nginx configuration for pub.solar website --- hosts/nachtigall/apps/nginx-website.nix | 53 +++++++++++++++++++++++++ hosts/nachtigall/default.nix | 2 + 2 files changed, 55 insertions(+) create mode 100644 hosts/nachtigall/apps/nginx-website.nix diff --git a/hosts/nachtigall/apps/nginx-website.nix b/hosts/nachtigall/apps/nginx-website.nix new file mode 100644 index 00000000..b961f4f2 --- /dev/null +++ b/hosts/nachtigall/apps/nginx-website.nix @@ -0,0 +1,53 @@ +{ ... }: + +{ + services.nginx.virtualHosts = { + "www.pub.solar".locations."/".extraConfig = "return 301 https://pub.solar$request_uri"; + + "pub.solar" = { + default = true; + enableACME = true; + + locations = { +# PubSolarOS images + "/os/download" = { + root = "/data/srv/www"; + extraConfig = "autoindex on;"; + }; + +# serve base domain pub.solar for mastodon.pub.solar +# https://masto.host/mastodon-usernames-different-from-the-domain-used-for-installation/ + "/.well-known/host-meta" = { + extraConfig = '' + return 301 https://mastodon.pub.solar$request_uri; + ''; + }; + +# Tailscale OIDC webfinger requirement plus Mastodon webfinger redirect + "/.well-known/webfinger" = { +# Redirect requests that match /.well-known/webfinger?resource=* to Mastodon + extraConfig = '' + if ($arg_resource) = { + return 301 https://mastodon.pub.solar$request_uri; + } + + add_header Content-Type text/plain; + return 200 '{\n "subject": "acct:admins@pub.solar",\n "links": [\n {\n "rel": "http://openid.net/specs/connect/1.0/issuer",\n "href": "https://auth.pub.solar/realms/pub.solar"\n }\n ]\n}'; + ''; + }; + + "/satzung" = { + extraConfig = '' + return 302 /satzung https://cloud.pub.solar/s/2tRCP9aZFCiWxQy; + ''; + }; + + "/" = { + root = "/srv/www/pub.solar"; + index = "index.html"; + tryFiles = "$uri $uri/"; + }; + }; + }; + }; +} diff --git a/hosts/nachtigall/default.nix b/hosts/nachtigall/default.nix index 9a39d8cf..6c88d79e 100644 --- a/hosts/nachtigall/default.nix +++ b/hosts/nachtigall/default.nix @@ -9,5 +9,7 @@ ./networking.nix ./nix.nix ./apps/nginx.nix + + ./apps/nginx-website.nix ]; } From c56f11a034041e9705702428f2d90218d73a1f55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 16:31:16 +0200 Subject: [PATCH 3/3] chore: remove link for PubsolarOS downloads --- hosts/nachtigall/apps/nginx-website.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/hosts/nachtigall/apps/nginx-website.nix b/hosts/nachtigall/apps/nginx-website.nix index b961f4f2..aa458e4b 100644 --- a/hosts/nachtigall/apps/nginx-website.nix +++ b/hosts/nachtigall/apps/nginx-website.nix @@ -9,12 +9,6 @@ enableACME = true; locations = { -# PubSolarOS images - "/os/download" = { - root = "/data/srv/www"; - extraConfig = "autoindex on;"; - }; - # serve base domain pub.solar for mastodon.pub.solar # https://masto.host/mastodon-usernames-different-from-the-domain-used-for-installation/ "/.well-known/host-meta" = {