diff --git a/hosts/nachtigall/apps/nginx-website.nix b/hosts/nachtigall/apps/nginx-website.nix new file mode 100644 index 0000000..aa458e4 --- /dev/null +++ b/hosts/nachtigall/apps/nginx-website.nix @@ -0,0 +1,47 @@ +{ ... }: + +{ + services.nginx.virtualHosts = { + "www.pub.solar".locations."/".extraConfig = "return 301 https://pub.solar$request_uri"; + + "pub.solar" = { + default = true; + enableACME = true; + + locations = { +# serve base domain pub.solar for mastodon.pub.solar +# https://masto.host/mastodon-usernames-different-from-the-domain-used-for-installation/ + "/.well-known/host-meta" = { + extraConfig = '' + return 301 https://mastodon.pub.solar$request_uri; + ''; + }; + +# Tailscale OIDC webfinger requirement plus Mastodon webfinger redirect + "/.well-known/webfinger" = { +# Redirect requests that match /.well-known/webfinger?resource=* to Mastodon + extraConfig = '' + if ($arg_resource) = { + return 301 https://mastodon.pub.solar$request_uri; + } + + add_header Content-Type text/plain; + return 200 '{\n "subject": "acct:admins@pub.solar",\n "links": [\n {\n "rel": "http://openid.net/specs/connect/1.0/issuer",\n "href": "https://auth.pub.solar/realms/pub.solar"\n }\n ]\n}'; + ''; + }; + + "/satzung" = { + extraConfig = '' + return 302 /satzung https://cloud.pub.solar/s/2tRCP9aZFCiWxQy; + ''; + }; + + "/" = { + root = "/srv/www/pub.solar"; + index = "index.html"; + tryFiles = "$uri $uri/"; + }; + }; + }; + }; +} diff --git a/hosts/nachtigall/apps/nginx.nix b/hosts/nachtigall/apps/nginx.nix index 359a8e3..37943f0 100644 --- a/hosts/nachtigall/apps/nginx.nix +++ b/hosts/nachtigall/apps/nginx.nix @@ -16,7 +16,7 @@ in { security.acme = { acceptTerms = true; - email = acmeEmailAddress; + defaults.email = acmeEmailAddress; }; networking.firewall.allowedTCPPorts = [80 443]; diff --git a/hosts/nachtigall/default.nix b/hosts/nachtigall/default.nix index 9a39d8c..6c88d79 100644 --- a/hosts/nachtigall/default.nix +++ b/hosts/nachtigall/default.nix @@ -9,5 +9,7 @@ ./networking.nix ./nix.nix ./apps/nginx.nix + + ./apps/nginx-website.nix ]; }