mirror of
https://forge.katzen.cafe/katzen-cafe/katzen-cafe.git
synced 2024-11-05 15:36:23 +01:00
fix acme and jitsi stuff
This commit is contained in:
Schrottkatze
parent
3b666eee63
commit
02a6440717
|
|
@ -49,7 +49,7 @@
|
||||||
./modules/base-stuff.nix
|
./modules/base-stuff.nix
|
||||||
./modules/proxy.nix
|
./modules/proxy.nix
|
||||||
./modules/postgres.nix
|
./modules/postgres.nix
|
||||||
# ./modules/jitsi.nix
|
./modules/jitsi.nix
|
||||||
./modules/containers
|
./modules/containers
|
||||||
./modules/conduit.nix
|
./modules/conduit.nix
|
||||||
./modules/keycloak.nix
|
./modules/keycloak.nix
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,7 @@
|
||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
{
|
{
|
||||||
|
# Jitsi for some reason needs 127.0.0.1:8080, and will fail if it can't get it
|
||||||
|
# what the fuck is this service...
|
||||||
services.jitsi-meet = {
|
services.jitsi-meet = {
|
||||||
enable = true;
|
enable = true;
|
||||||
hostName = "meet.katzen.cafe";
|
hostName = "meet.katzen.cafe";
|
||||||
|
|
|
||||||
|
|
@ -5,7 +5,7 @@
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
http-port = 8080;
|
http-port = 8080;
|
||||||
http-host = "127.0.0.1";
|
http-host = "127.0.0.3";
|
||||||
http-enabled = true;
|
http-enabled = true;
|
||||||
https-port = 8443;
|
https-port = 8443;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -35,10 +35,10 @@
|
||||||
group = "nginx";
|
group = "nginx";
|
||||||
keyType = "rsa4096";
|
keyType = "rsa4096";
|
||||||
};
|
};
|
||||||
# "mumble.katzen.cafe" = {
|
"mumble.katzen.cafe" = {
|
||||||
# group = "murmur";
|
group = "murmur";
|
||||||
# keyType = "rsa4096";
|
keyType = "rsa4096";
|
||||||
# };
|
};
|
||||||
"hc-vault.katzen.cafe" = {
|
"hc-vault.katzen.cafe" = {
|
||||||
group = "nginx";
|
group = "nginx";
|
||||||
keyType = "rsa4096";
|
keyType = "rsa4096";
|
||||||
|
|
@ -57,6 +57,8 @@
|
||||||
# };
|
# };
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
users.users.nginx.extraGroups = [ "acme" ];
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
|
|
@ -68,6 +70,16 @@
|
||||||
statusPage = true;
|
statusPage = true;
|
||||||
|
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
|
"_.katzen.cafe" = {
|
||||||
|
# Catchall vhost, will redirect users to HTTPS for all vhosts
|
||||||
|
serverAliases = [ "*.katzen.cafe" ];
|
||||||
|
locations."/.well-known/acme-challenge" = {
|
||||||
|
root = "/var/lib/acme/acme-challenge";
|
||||||
|
};
|
||||||
|
locations."/" = {
|
||||||
|
return = "301 https://$host$request_uri";
|
||||||
|
};
|
||||||
|
};
|
||||||
"grafana.katzen.cafe" = {
|
"grafana.katzen.cafe" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
|
@ -102,7 +114,7 @@
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:8080";
|
proxyPass = "http://127.0.0.3:8080";
|
||||||
# proxy_set_header Host $host;
|
# proxy_set_header Host $host;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
proxy_buffers 4 256k;
|
proxy_buffers 4 256k;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue