fix acme and jitsi stuff

This commit is contained in:
Schrottkatze 2023-07-30 18:19:44 +02:00
parent 3b666eee63
commit 02a6440717
4 changed files with 21 additions and 7 deletions

View file

@ -49,7 +49,7 @@
./modules/base-stuff.nix ./modules/base-stuff.nix
./modules/proxy.nix ./modules/proxy.nix
./modules/postgres.nix ./modules/postgres.nix
# ./modules/jitsi.nix ./modules/jitsi.nix
./modules/containers ./modules/containers
./modules/conduit.nix ./modules/conduit.nix
./modules/keycloak.nix ./modules/keycloak.nix

View file

@ -1,5 +1,7 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
# Jitsi for some reason needs 127.0.0.1:8080, and will fail if it can't get it
# what the fuck is this service...
services.jitsi-meet = { services.jitsi-meet = {
enable = true; enable = true;
hostName = "meet.katzen.cafe"; hostName = "meet.katzen.cafe";

View file

@ -5,7 +5,7 @@
settings = { settings = {
http-port = 8080; http-port = 8080;
http-host = "127.0.0.1"; http-host = "127.0.0.3";
http-enabled = true; http-enabled = true;
https-port = 8443; https-port = 8443;

View file

@ -35,10 +35,10 @@
group = "nginx"; group = "nginx";
keyType = "rsa4096"; keyType = "rsa4096";
}; };
# "mumble.katzen.cafe" = { "mumble.katzen.cafe" = {
# group = "murmur"; group = "murmur";
# keyType = "rsa4096"; keyType = "rsa4096";
# }; };
"hc-vault.katzen.cafe" = { "hc-vault.katzen.cafe" = {
group = "nginx"; group = "nginx";
keyType = "rsa4096"; keyType = "rsa4096";
@ -57,6 +57,8 @@
# }; # };
}; };
}; };
users.users.nginx.extraGroups = [ "acme" ];
services.nginx = { services.nginx = {
enable = true; enable = true;
@ -68,6 +70,16 @@
statusPage = true; statusPage = true;
virtualHosts = { virtualHosts = {
"_.katzen.cafe" = {
# Catchall vhost, will redirect users to HTTPS for all vhosts
serverAliases = [ "*.katzen.cafe" ];
locations."/.well-known/acme-challenge" = {
root = "/var/lib/acme/acme-challenge";
};
locations."/" = {
return = "301 https://$host$request_uri";
};
};
"grafana.katzen.cafe" = { "grafana.katzen.cafe" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@ -102,7 +114,7 @@
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:8080"; proxyPass = "http://127.0.0.3:8080";
# proxy_set_header Host $host; # proxy_set_header Host $host;
extraConfig = '' extraConfig = ''
proxy_buffers 4 256k; proxy_buffers 4 256k;