fix acme and jitsi stuff

This commit is contained in:
Schrottkatze 2023-07-30 18:19:44 +02:00
parent 3b666eee63
commit 02a6440717
4 changed files with 21 additions and 7 deletions

View file

@ -49,7 +49,7 @@
./modules/base-stuff.nix
./modules/proxy.nix
./modules/postgres.nix
# ./modules/jitsi.nix
./modules/jitsi.nix
./modules/containers
./modules/conduit.nix
./modules/keycloak.nix

View file

@ -1,5 +1,7 @@
{ pkgs, ... }:
{
# Jitsi for some reason needs 127.0.0.1:8080, and will fail if it can't get it
# what the fuck is this service...
services.jitsi-meet = {
enable = true;
hostName = "meet.katzen.cafe";

View file

@ -5,7 +5,7 @@
settings = {
http-port = 8080;
http-host = "127.0.0.1";
http-host = "127.0.0.3";
http-enabled = true;
https-port = 8443;

View file

@ -35,10 +35,10 @@
group = "nginx";
keyType = "rsa4096";
};
# "mumble.katzen.cafe" = {
# group = "murmur";
# keyType = "rsa4096";
# };
"mumble.katzen.cafe" = {
group = "murmur";
keyType = "rsa4096";
};
"hc-vault.katzen.cafe" = {
group = "nginx";
keyType = "rsa4096";
@ -57,6 +57,8 @@
# };
};
};
users.users.nginx.extraGroups = [ "acme" ];
services.nginx = {
enable = true;
@ -68,6 +70,16 @@
statusPage = true;
virtualHosts = {
"_.katzen.cafe" = {
# Catchall vhost, will redirect users to HTTPS for all vhosts
serverAliases = [ "*.katzen.cafe" ];
locations."/.well-known/acme-challenge" = {
root = "/var/lib/acme/acme-challenge";
};
locations."/" = {
return = "301 https://$host$request_uri";
};
};
"grafana.katzen.cafe" = {
forceSSL = true;
enableACME = true;
@ -102,7 +114,7 @@
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8080";
proxyPass = "http://127.0.0.3:8080";
# proxy_set_header Host $host;
extraConfig = ''
proxy_buffers 4 256k;