fix acme and jitsi stuff

2024-11-05 15:36:23 +01:00 · 2023-07-30 18:19:44 +02:00 · 2023-07-30 18:19:44 +02:00 · 02a6440717
parent 3b666eee63
commit 02a6440717
4 changed files with 21 additions and 7 deletions
--- a/flake.nix
+++ b/flake.nix
@ -49,7 +49,7 @@
            ./modules/base-stuff.nix
            ./modules/proxy.nix
            ./modules/postgres.nix
-            # ./modules/jitsi.nix
+            ./modules/jitsi.nix
            ./modules/containers
            ./modules/conduit.nix
            ./modules/keycloak.nix
--- a/modules/jitsi.nix
+++ b/modules/jitsi.nix
@ -1,5 +1,7 @@
 { pkgs, ... }: 
 {
+  # Jitsi for some reason needs 127.0.0.1:8080, and will fail if it can't get it
+  # what the fuck is this service...
  services.jitsi-meet = {
    enable = true;
    hostName = "meet.katzen.cafe";
--- a/modules/keycloak.nix
+++ b/modules/keycloak.nix
@ -5,7 +5,7 @@

    settings = {
      http-port = 8080;
-      http-host = "127.0.0.1";
+      http-host = "127.0.0.3";
      http-enabled = true;
      https-port = 8443;

--- a/modules/proxy.nix
+++ b/modules/proxy.nix
@ -35,10 +35,10 @@
        group = "nginx";
        keyType = "rsa4096";
      };
-      # "mumble.katzen.cafe" = {
-      #   group = "murmur";
-      #   keyType = "rsa4096";
-      # };
+      "mumble.katzen.cafe" = {
+        group = "murmur";
+        keyType = "rsa4096";
+      };
      "hc-vault.katzen.cafe" = {
        group = "nginx";
        keyType = "rsa4096";
@ -57,6 +57,8 @@
      # };
    };
  };
+  
+  users.users.nginx.extraGroups = [ "acme" ];
  services.nginx = {
    enable = true;
    
@ -68,6 +70,16 @@
    statusPage = true;

    virtualHosts = {
+      "_.katzen.cafe" = {
+        # Catchall vhost, will redirect users to HTTPS for all vhosts
+        serverAliases = [ "*.katzen.cafe" ];
+        locations."/.well-known/acme-challenge" = {
+          root = "/var/lib/acme/acme-challenge";
+        };
+        locations."/" = {
+          return = "301 https://$host$request_uri";
+        };
+      };      
      "grafana.katzen.cafe" = {
        forceSSL = true;
        enableACME = true;
@ -102,7 +114,7 @@
        forceSSL = true;
        enableACME = true;
        locations."/" = {
-          proxyPass = "http://127.0.0.1:8080";
+          proxyPass = "http://127.0.0.3:8080";
              # proxy_set_header Host $host;
          extraConfig = ''
              proxy_buffers 4 256k;