nginx: streamline all forceSSL and enableACME directives in one file

This commit is contained in:
Rouven Seifert 2024-03-25 19:34:47 +01:00
parent bedee4f90c
commit 4f1f88a779
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
32 changed files with 2 additions and 91 deletions

View file

@ -5,6 +5,8 @@
services.nginx.virtualHosts = mkOption {
type = types.attrsOf (types.submodule
({ name, ... }: {
enableACME = true;
forceSSL = true;
# split up nginx access logs per vhost
extraConfig = ''
access_log /var/log/nginx/${name}_access.log;

View file

@ -45,9 +45,6 @@ in
};
services.nginx.virtualHosts.${hostName} = {
enableACME = true;
forceSSL = true;
# phil redirects
locations =
let

View file

@ -19,8 +19,6 @@ in
services.nginx = {
virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:5055";
};

View file

@ -109,8 +109,6 @@ in
'';
services.nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/";
proxyWebsockets = true;

View file

@ -68,8 +68,6 @@ in
recommendedProxySettings = true;
virtualHosts = {
"${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://[::1]:${toString config.services.hedgedoc.settings.port}";
proxyWebsockets = true;

View file

@ -60,8 +60,6 @@ in
};
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.hydra.port}";
};

View file

@ -35,14 +35,10 @@ in
services.nginx.enable = true;
services.nginx = {
virtualHosts."${domain_short}" = {
enableACME = true;
forceSSL = true;
locations."/".return = "301 $scheme://${domain}$request_uri";
};
virtualHosts."${domain}" = {
addSSL = true;
enableACME = true;
root = "/srv/web/kanboard";
extraConfig = ''
index index.html index.php;

View file

@ -113,8 +113,6 @@ in
services.nginx = {
enable = true;
virtualHosts."${config.services.portunus.domain}" = {
forceSSL = true;
enableACME = true;
locations = {
"/".proxyPass = "http://localhost:${toString config.services.portunus.port}";
"/dex".proxyPass = "http://localhost:${toString config.services.portunus.dex.port}";

View file

@ -11,11 +11,6 @@ in
./mailman.nix
];
# Get SSL certs for dovecot and postfix via ngnix
services.nginx.virtualHosts."${hostname}" = {
forceSSL = true;
enableACME = true;
};
security.acme.certs."${hostname}" = {
reloadServices = [
"postfix.service"

View file

@ -64,8 +64,6 @@
ensureDatabases = [ "mailman" "mailman-web" ];
};
services.nginx.virtualHosts."lists.${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations."/robots.txt" = {
extraConfig = ''
add_header Content-Type text/plain;

View file

@ -117,8 +117,6 @@ in
};
nginx = {
virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
proxyPass = "http://127.0.0.1:11334";

View file

@ -65,11 +65,7 @@ in
proxy_buffers 8 64k;
proxy_buffer_size 64k;
'';
forceSSL = true;
enableACME = true;
locations = {
"^~/SOGo".extraConfig = lib.mkForce ''
proxy_pass http://127.0.0.1:20000;
proxy_redirect http://127.0.0.1:20000 default;

View file

@ -41,9 +41,6 @@ in
virtualHosts = {
# synapse
"${domainServer}" = {
enableACME = true;
forceSSL = true;
# homeserver discovery
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
@ -58,9 +55,6 @@ in
# element
"${domainClient}" = {
enableACME = true;
forceSSL = true;
root = pkgs.element-web.override {
conf = {
default_server_config = {

View file

@ -45,12 +45,6 @@ in
];
};
# Enable ACME and force SSL
nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
};
};
# ensure that postgres is running *before* running the setup

View file

@ -10,8 +10,6 @@ in
port = 5002;
};
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.nix-serve.port}";
};

View file

@ -24,8 +24,6 @@ in
services.nginx = {
virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
root = "/srv/web/padlist";
locations = {
"= /" = {

View file

@ -4,8 +4,6 @@
nginx = {
virtualHosts = {
"stream.${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations."/" =
let
cfg = config.services.owncast;

View file

@ -31,8 +31,6 @@ in
ensureDatabases = [ "vaultwarden" ];
};
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.rocketPort}";
};

View file

@ -42,8 +42,6 @@ in
services.nginx = {
virtualHosts."${cms-domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
extraConfig = ''
if ($request_method = 'OPTIONS') {
@ -64,8 +62,6 @@ in
};
};
virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."= /" = {
return = "301 /2023/";
};

View file

@ -37,8 +37,6 @@ in
services.nginx.enable = true;
services.nginx = {
virtualHosts."${domain}" = {
addSSL = true;
enableACME = true;
root = "/srv/web/fsrewsp";
extraConfig = ''
index index.php index.html;

View file

@ -5,8 +5,6 @@ in
{
services.nginx.additionalModules = [ pkgs.nginxModules.fancyindex ];
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
root = "/srv/ftp";
extraConfig = ''
fancyindex on;

View file

@ -32,14 +32,9 @@ in
services.nginx = {
virtualHosts."www.${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations."/".return = "301 $scheme://ifsr.de$request_uri";
};
virtualHosts."${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
root = "/srv/web/ifsrde";
extraConfig = ''
index index.html index.php;

View file

@ -6,8 +6,6 @@ in
services.nginx = {
enable = true;
virtualHosts."${domain}" = {
addSSL = true;
enableACME = true;
root = "/srv/web/infoscreen/dist";
};
};

View file

@ -7,9 +7,4 @@ in
enable = true;
hostName = domain;
};
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
};
}

View file

@ -7,10 +7,4 @@ in
enable = true;
hostName = domain;
};
services.nginx = {
virtualHosts."${domain}" = {
addSSL = true;
enableACME = true;
};
};
}

View file

@ -34,8 +34,6 @@ in
services.nginx = {
virtualHosts."${domain}" = {
addSSL = true;
enableACME = true;
root = "/srv/web/nightline";
extraConfig = ''
index index.php index.html;

View file

@ -33,8 +33,6 @@ in
enable = true;
virtualHosts."${domain}" = {
addSSL = true;
enableACME = true;
root = "/srv/web/sharepic";
extraConfig = ''
index index.php index.html;

View file

@ -61,9 +61,6 @@ in
};
services.nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString port}";
extraConfig = ''

View file

@ -30,8 +30,6 @@ in
};
services.nginx = {
virtualHosts."${domain}" = {
addSSL = true;
enableACME = true;
root = "/srv/web/wiki.ese";
extraConfig = ''
index index.php;

View file

@ -102,8 +102,6 @@ in
nginx = {
recommendedProxySettings = true;
virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
locations."/robots.txt" = {
extraConfig = ''
add_header Content-Type text/plain;

View file

@ -30,8 +30,6 @@ in
};
services.nginx = {
virtualHosts."${domain}" = {
addSSL = true;
enableACME = true;
root = "/srv/web/vernetzung";
extraConfig = ''
index index.php;

View file

@ -20,8 +20,6 @@ in
'';
services.nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.zammad.port}";
};