3 files changed, 26 insertions, 117 deletions

diff --git a/machines/nixos/x86_64-linux/do-rproxy.nix b/machines/nixos/x86_64-linux/do-rproxy.nix
index fe61be2..da606b6 100644
--- a/machines/nixos/x86_64-linux/do-rproxy.nix
+++ b/machines/nixos/x86_64-linux/do-rproxy.nix
@@ -1,11 +1,4 @@
-{
-  inputs,
-  lib,
-  pkgs,
-  config,
-  adminUser,
-  ...
-}:
+{ config, adminUser, ... }:
 {
   imports = [
     ../../../profiles/cgroups.nix
@@ -74,18 +67,6 @@
         reloadServices = [ "nginx.service" ];
         credentialFiles.CF_DNS_API_TOKEN_FILE = config.age.secrets."cloudflare-nginx".path;
       };
-      "go.fcuny.net" = {
-        dnsProvider = "cloudflare";
-        dnsResolver = "1.1.1.1";
-        reloadServices = [ "nginx.service" ];
-        credentialFiles.CF_DNS_API_TOKEN_FILE = config.age.secrets."cloudflare-nginx".path;
-      };
-      "id.fcuny.net" = {
-        dnsProvider = "cloudflare";
-        dnsResolver = "1.1.1.1";
-        reloadServices = [ "nginx.service" ];
-        credentialFiles.CF_DNS_API_TOKEN_FILE = config.age.secrets."cloudflare-nginx".path;
-      };
       "fcuny.net" = {
         dnsProvider = "cloudflare";
         dnsResolver = "1.1.1.1";
@@ -95,103 +76,31 @@
     };
   };
 
-  services.nginx =
-    let
-      accounts = [
-        {
-          user = "franck@fcuny.net";
-          realm = "fcuny.net";
-        }
-      ];
-      webfingerConfig = {
-        "= /.well-known/webfinger" = {
-          extraConfig = ''
-            return 307 /__webfinger/$arg_resource;
-          '';
-        };
-
-        "~ ^/__webfinger/(acct:[^/]+@[^/]+)" = {
-          root = pkgs.linkFarm "webfinger-entries" (
-            lib.listToAttrs (
-              map (acct: {
-                name = "acct:${acct.user}";
-                value = pkgs.writeText "webfinger-${acct.user}" ''
-                  {
-                    "subject": "acct:${acct.user}",
-                    "links": [
-                      {
-                        "rel": "http://openid.net/specs/connect/1.0/issuer",
-                        "href": "https://id.fcuny.net/realms/${acct.realm}"
-                      }
-                    ]
-                  }
-                '';
-              }) accounts
-            )
-          );
-
-          tryFiles = "/$1 =404";
-
-          extraConfig = ''
-            add_header Content-Type application/json;
-          '';
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedTlsSettings = true;
+    virtualHosts = {
+      "code.fcuny.net" = {
+        enableACME = true;
+        acmeRoot = null;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://10.100.0.60";
         };
       };
-    in
-    {
-      enable = true;
-      recommendedProxySettings = true;
-      recommendedGzipSettings = true;
-      recommendedOptimisation = true;
-      recommendedTlsSettings = true;
-      virtualHosts = {
-        "code.fcuny.net" = {
-          enableACME = true;
-          acmeRoot = null;
-          forceSSL = true;
-          locations."/" = {
-            proxyPass = "http://10.100.0.60";
-          };
-        };
-        "go.fcuny.net" = {
-          enableACME = true;
-          acmeRoot = null;
-          forceSSL = true;
-          locations."/" = {
-            proxyPass = "http://10.100.0.40:8070";
-          };
-        };
-        "id.fcuny.net" = {
-          enableACME = true;
-          acmeRoot = null;
-          forceSSL = true;
-          locations = (
-            {
-              "/" = {
-                proxyPass = "http://10.100.0.60:8080";
-              };
-            }
-            // webfingerConfig
-          );
-        };
-        "fcuny.net" = {
-          enableACME = true;
-          acmeRoot = null;
-          forceSSL = true;
-
-          root = "${inputs.my-site.packages.x86_64-linux.default}/";
-
-          locations = {
-            "/".tryFiles = "$uri $uri/ $uri/index.html =404";
-          }
-          // webfingerConfig;
-
-          extraConfig = ''
-            error_page 404 /404;
-          '';
+      "fcuny.net" = {
+        enableACME = true;
+        acmeRoot = null;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://10.100.0.60:8070";
         };
       };
     };
+  };
 
   home-manager = {
     users.${adminUser.name} = {
diff --git a/machines/nixos/x86_64-linux/rivendell.nix b/machines/nixos/x86_64-linux/rivendell.nix
index 6ba2af2..1fab968 100644
--- a/machines/nixos/x86_64-linux/rivendell.nix
+++ b/machines/nixos/x86_64-linux/rivendell.nix
@@ -65,6 +65,11 @@
   networking.firewall.trustedInterfaces = [ "wg0" ];
   networking.firewall.allowedUDPPorts = [ 51871 ];
 
+  services.website = {
+    enable = true;
+    openFirewall = true;
+  };
+
   home-manager = {
     users.${adminUser.name} = {
       imports = [
diff --git a/machines/nixos/x86_64-linux/synology-vm.nix b/machines/nixos/x86_64-linux/synology-vm.nix
index a905be5..600312d 100644
--- a/machines/nixos/x86_64-linux/synology-vm.nix
+++ b/machines/nixos/x86_64-linux/synology-vm.nix
@@ -73,11 +73,6 @@
     };
   };
 
-  services.goget = {
-    enable = true;
-    openFirewall = true;
-  };
-
   networking.firewall.allowedUDPPorts = [ 51871 ];
 
   home-manager = {