feature/pub-solar-website #20
47
hosts/nachtigall/apps/nginx-website.nix
Normal file
47
hosts/nachtigall/apps/nginx-website.nix
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.nginx.virtualHosts = {
|
||||||
|
"www.pub.solar".locations."/".extraConfig = "return 301 https://pub.solar$request_uri";
|
||||||
|
|
||||||
|
"pub.solar" = {
|
||||||
|
default = true;
|
||||||
|
enableACME = true;
|
||||||
|
|
||||||
|
locations = {
|
||||||
|
# serve base domain pub.solar for mastodon.pub.solar
|
||||||
|
# https://masto.host/mastodon-usernames-different-from-the-domain-used-for-installation/
|
||||||
|
"/.well-known/host-meta" = {
|
||||||
|
extraConfig = ''
|
||||||
|
return 301 https://mastodon.pub.solar$request_uri;
|
||||||
hensoko marked this conversation as resolved
|
|||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
# Tailscale OIDC webfinger requirement plus Mastodon webfinger redirect
|
||||||
|
"/.well-known/webfinger" = {
|
||||||
|
# Redirect requests that match /.well-known/webfinger?resource=* to Mastodon
|
||||||
|
extraConfig = ''
|
||||||
|
if ($arg_resource) = {
|
||||||
|
return 301 https://mastodon.pub.solar$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
add_header Content-Type text/plain;
|
||||||
|
return 200 '{\n "subject": "acct:admins@pub.solar",\n "links": [\n {\n "rel": "http://openid.net/specs/connect/1.0/issuer",\n "href": "https://auth.pub.solar/realms/pub.solar"\n }\n ]\n}';
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
"/satzung" = {
|
||||||
|
extraConfig = ''
|
||||||
|
return 302 /satzung https://cloud.pub.solar/s/2tRCP9aZFCiWxQy;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
"/" = {
|
||||||
|
root = "/srv/www/pub.solar";
|
||||||
|
index = "index.html";
|
||||||
|
tryFiles = "$uri $uri/";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -16,7 +16,7 @@ in {
|
||||||
|
|
||||||
security.acme = {
|
security.acme = {
|
||||||
acceptTerms = true;
|
acceptTerms = true;
|
||||||
email = acmeEmailAddress;
|
defaults.email = acmeEmailAddress;
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [80 443];
|
networking.firewall.allowedTCPPorts = [80 443];
|
||||||
|
|
|
@ -9,5 +9,7 @@
|
||||||
./networking.nix
|
./networking.nix
|
||||||
./nix.nix
|
./nix.nix
|
||||||
./apps/nginx.nix
|
./apps/nginx.nix
|
||||||
|
|
||||||
|
./apps/nginx-website.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue
We can remove this