wurzel/fruitbasket
9
1
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity

nginx: streamline all forceSSL and enableACME directives in one file #88

Merged
rouven0 merged 1 commit from streamlined-acme into main 2024-03-25 22:07:46 +01:00
Conversation 0 Commits 1 Files changed 32 +2 -91
32 changed files with 2 additions and 91 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
modules/core/nginx.nix
View file

@ -5,6 +5,8 @@
services.nginx.virtualHosts = mkOption { services.nginx.virtualHosts = mkOption {
type = types.attrsOf (types.submodule type = types.attrsOf (types.submodule
({ name, ... }: { ({ name, ... }: {
enableACME = true;
forceSSL = true;
# split up nginx access logs per vhost # split up nginx access logs per vhost
extraConfig = '' extraConfig = ''
access_log /var/log/nginx/${name}_access.log; access_log /var/log/nginx/${name}_access.log;

3
modules/courses/default.nix
View file

@ -45,9 +45,6 @@ in
}; };
services.nginx.virtualHosts.${hostName} = { services.nginx.virtualHosts.${hostName} = {
enableACME = true;
forceSSL = true;
# phil redirects # phil redirects
locations = locations =
let let

2
modules/decisions.nix
View file

@ -19,8 +19,6 @@ in
services.nginx = { services.nginx = {
virtualHosts."${domain}" = { virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:5055"; proxyPass = "http://127.0.0.1:5055";
}; };

2
modules/gitea.nix
View file

@ -109,8 +109,6 @@ in
''; '';
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/";
proxyWebsockets = true; proxyWebsockets = true;

2
modules/hedgedoc.nix
View file

@ -68,8 +68,6 @@ in
recommendedProxySettings = true; recommendedProxySettings = true;
virtualHosts = { virtualHosts = {
"${domain}" = { "${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://[::1]:${toString config.services.hedgedoc.settings.port}"; proxyPass = "http://[::1]:${toString config.services.hedgedoc.settings.port}";
proxyWebsockets = true; proxyWebsockets = true;

2
modules/hydra.nix
View file

@ -60,8 +60,6 @@ in
}; };
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.hydra.port}"; proxyPass = "http://127.0.0.1:${toString config.services.hydra.port}";
}; };

4
modules/kanboard.nix
View file

@ -35,14 +35,10 @@ in
services.nginx.enable = true; services.nginx.enable = true;
services.nginx = { services.nginx = {
virtualHosts."${domain_short}" = { virtualHosts."${domain_short}" = {
enableACME = true;
forceSSL = true;
locations."/".return = "301 $scheme://${domain}$request_uri"; locations."/".return = "301 $scheme://${domain}$request_uri";
}; };
virtualHosts."${domain}" = { virtualHosts."${domain}" = {
addSSL = true;
enableACME = true;
root = "/srv/web/kanboard"; root = "/srv/web/kanboard";
extraConfig = '' extraConfig = ''
index index.html index.php; index index.html index.php;

2
modules/ldap/default.nix
View file

@ -113,8 +113,6 @@ in
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts."${config.services.portunus.domain}" = { virtualHosts."${config.services.portunus.domain}" = {
forceSSL = true;
enableACME = true;
locations = { locations = {
"/".proxyPass = "http://localhost:${toString config.services.portunus.port}"; "/".proxyPass = "http://localhost:${toString config.services.portunus.port}";
"/dex".proxyPass = "http://localhost:${toString config.services.portunus.dex.port}"; "/dex".proxyPass = "http://localhost:${toString config.services.portunus.dex.port}";

5
modules/mail/default.nix
View file

@ -11,11 +11,6 @@ in
./mailman.nix ./mailman.nix
]; ];
# Get SSL certs for dovecot and postfix via ngnix
services.nginx.virtualHosts."${hostname}" = {
forceSSL = true;
enableACME = true;
};
security.acme.certs."${hostname}" = { security.acme.certs."${hostname}" = {
reloadServices = [ reloadServices = [
"postfix.service" "postfix.service"

2
modules/mail/mailman.nix
View file

@ -64,8 +64,6 @@
ensureDatabases = [ "mailman" "mailman-web" ]; ensureDatabases = [ "mailman" "mailman-web" ];
}; };
services.nginx.virtualHosts."lists.${config.networking.domain}" = { services.nginx.virtualHosts."lists.${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations."/robots.txt" = { locations."/robots.txt" = {
extraConfig = '' extraConfig = ''
add_header Content-Type text/plain; add_header Content-Type text/plain;

2
modules/mail/rspamd.nix
View file

@ -117,8 +117,6 @@ in
}; };
nginx = { nginx = {
virtualHosts."${domain}" = { virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://127.0.0.1:11334"; proxyPass = "http://127.0.0.1:11334";

4
modules/mail/sogo.nix
View file

@ -65,11 +65,7 @@ in
proxy_buffers 8 64k; proxy_buffers 8 64k;
proxy_buffer_size 64k; proxy_buffer_size 64k;
''; '';
forceSSL = true;
enableACME = true;
locations = { locations = {
"^~/SOGo".extraConfig = lib.mkForce '' "^~/SOGo".extraConfig = lib.mkForce ''
proxy_pass http://127.0.0.1:20000; proxy_pass http://127.0.0.1:20000;
proxy_redirect http://127.0.0.1:20000 default; proxy_redirect http://127.0.0.1:20000 default;

6
modules/matrix/default.nix
View file

@ -41,9 +41,6 @@ in
virtualHosts = { virtualHosts = {
# synapse # synapse
"${domainServer}" = { "${domainServer}" = {
enableACME = true;
forceSSL = true;
# homeserver discovery # homeserver discovery
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
@ -58,9 +55,6 @@ in
# element # element
"${domainClient}" = { "${domainClient}" = {
enableACME = true;
forceSSL = true;
root = pkgs.element-web.override { root = pkgs.element-web.override {
conf = { conf = {
default_server_config = { default_server_config = {

6
modules/nextcloud.nix
View file

@ -45,12 +45,6 @@ in
]; ];
}; };
# Enable ACME and force SSL
nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
};
}; };
# ensure that postgres is running *before* running the setup # ensure that postgres is running *before* running the setup

2
modules/nix-serve.nix
View file

@ -10,8 +10,6 @@ in
port = 5002; port = 5002;
}; };
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.nix-serve.port}"; proxyPass = "http://127.0.0.1:${toString config.services.nix-serve.port}";
}; };

2
modules/padlist.nix
View file

@ -24,8 +24,6 @@ in
services.nginx = { services.nginx = {
virtualHosts.${domain} = { virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
root = "/srv/web/padlist"; root = "/srv/web/padlist";
locations = { locations = {
"= /" = { "= /" = {

2
modules/stream.nix
View file

@ -4,8 +4,6 @@
nginx = { nginx = {
virtualHosts = { virtualHosts = {
"stream.${config.networking.domain}" = { "stream.${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = locations."/" =
let let
cfg = config.services.owncast; cfg = config.services.owncast;

2
modules/vaultwarden.nix
View file

@ -31,8 +31,6 @@ in
ensureDatabases = [ "vaultwarden" ]; ensureDatabases = [ "vaultwarden" ];
}; };
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.rocketPort}"; proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.rocketPort}";
}; };

4
modules/web/ese.nix
View file

@ -42,8 +42,6 @@ in
services.nginx = { services.nginx = {
virtualHosts."${cms-domain}" = { virtualHosts."${cms-domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = { locations."/" = {
extraConfig = '' extraConfig = ''
if ($request_method = 'OPTIONS') { if ($request_method = 'OPTIONS') {
@ -64,8 +62,6 @@ in
}; };
}; };
virtualHosts."${domain}" = { virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."= /" = { locations."= /" = {
return = "301 /2023/"; return = "301 /2023/";
}; };

2
modules/web/fsrewsp.nix
View file

@ -37,8 +37,6 @@ in
services.nginx.enable = true; services.nginx.enable = true;
services.nginx = { services.nginx = {
virtualHosts."${domain}" = { virtualHosts."${domain}" = {
addSSL = true;
enableACME = true;
root = "/srv/web/fsrewsp"; root = "/srv/web/fsrewsp";
extraConfig = '' extraConfig = ''
index index.php index.html; index index.php index.html;

2
modules/web/ftp.nix
View file

@ -5,8 +5,6 @@ in
{ {
services.nginx.additionalModules = [ pkgs.nginxModules.fancyindex ]; services.nginx.additionalModules = [ pkgs.nginxModules.fancyindex ];
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
root = "/srv/ftp"; root = "/srv/ftp";
extraConfig = '' extraConfig = ''
fancyindex on; fancyindex on;

5
modules/web/ifsrde.nix
View file

@ -32,14 +32,9 @@ in
services.nginx = { services.nginx = {
virtualHosts."www.${config.networking.domain}" = { virtualHosts."www.${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations."/".return = "301 $scheme://ifsr.de$request_uri"; locations."/".return = "301 $scheme://ifsr.de$request_uri";
}; };
virtualHosts."${config.networking.domain}" = { virtualHosts."${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
root = "/srv/web/ifsrde"; root = "/srv/web/ifsrde";
extraConfig = '' extraConfig = ''
index index.html index.php; index index.html index.php;

2
modules/web/infoscreen.nix
View file

@ -6,8 +6,6 @@ in
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts."${domain}" = { virtualHosts."${domain}" = {
addSSL = true;
enableACME = true;
root = "/srv/web/infoscreen/dist"; root = "/srv/web/infoscreen/dist";
}; };
}; };

5
modules/web/kpp.nix
View file

@ -7,9 +7,4 @@ in
enable = true; enable = true;
hostName = domain; hostName = domain;
}; };
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
};
} }

6
modules/web/manual.nix
View file

@ -7,10 +7,4 @@ in
enable = true; enable = true;
hostName = domain; hostName = domain;
}; };
services.nginx = {
virtualHosts."${domain}" = {
addSSL = true;
enableACME = true;
};
};
} }

2
modules/web/nightline.nix
View file

@ -34,8 +34,6 @@ in
services.nginx = { services.nginx = {
virtualHosts."${domain}" = { virtualHosts."${domain}" = {
addSSL = true;
enableACME = true;
root = "/srv/web/nightline"; root = "/srv/web/nightline";
extraConfig = '' extraConfig = ''
index index.php index.html; index index.php index.html;

2
modules/web/sharepic.nix
View file

@ -33,8 +33,6 @@ in
enable = true; enable = true;
virtualHosts."${domain}" = { virtualHosts."${domain}" = {
addSSL = true;
enableACME = true;
root = "/srv/web/sharepic"; root = "/srv/web/sharepic";
extraConfig = '' extraConfig = ''
index index.php index.html; index index.php index.html;

3
modules/web/userdir.nix
View file

@ -61,9 +61,6 @@ in
}; };
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://localhost:${toString port}"; proxyPass = "http://localhost:${toString port}";
extraConfig = '' extraConfig = ''

2
modules/wiki/ese.nix
View file

@ -30,8 +30,6 @@ in
}; };
services.nginx = { services.nginx = {
virtualHosts."${domain}" = { virtualHosts."${domain}" = {
addSSL = true;
enableACME = true;
root = "/srv/web/wiki.ese"; root = "/srv/web/wiki.ese";
extraConfig = '' extraConfig = ''
index index.php; index index.php;

2
modules/wiki/fsr.nix
View file

@ -102,8 +102,6 @@ in
nginx = { nginx = {
recommendedProxySettings = true; recommendedProxySettings = true;
virtualHosts.${domain} = { virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
locations."/robots.txt" = { locations."/robots.txt" = {
extraConfig = '' extraConfig = ''
add_header Content-Type text/plain; add_header Content-Type text/plain;

2
modules/wiki/vernetzung.nix
View file

@ -30,8 +30,6 @@ in
}; };
services.nginx = { services.nginx = {
virtualHosts."${domain}" = { virtualHosts."${domain}" = {
addSSL = true;
enableACME = true;
root = "/srv/web/vernetzung"; root = "/srv/web/vernetzung";
extraConfig = '' extraConfig = ''
index index.php; index index.php;

2
modules/zammad.nix
View file

@ -20,8 +20,6 @@ in
''; '';
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://localhost:${toString config.services.zammad.port}"; proxyPass = "http://localhost:${toString config.services.zammad.port}";
}; };