blob: dd98ff253bf678d2735d7972160fe3bb8e353ec8 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
{
pkgs,
lib,
...
}:
let
httpHost = "10.100.0.60";
mkWebfinger = config: file: pkgs.writeTextDir file (lib.generators.toJSON { } config);
mkWebfingers =
{ subject, ... }@config:
map (mkWebfinger config) [
subject
(lib.escapeURL subject)
];
webfingerRoot = pkgs.symlinkJoin {
name = "felschr.com-webfinger";
paths = lib.flatten (
builtins.map mkWebfingers [
{
subject = "acct:franck@fcuny.net";
links = [
{
rel = "http://openid.net/specs/connect/1.0/issuer";
href = "https://auth.fcuny.net";
}
];
}
]
);
};
in
{
networking.firewall.allowedTCPPorts = [
80
443
];
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
virtualHosts = {
"code.fcuny.net" = {
enableACME = true;
acmeRoot = null;
forceSSL = true;
locations."/".proxyPass = "http://${httpHost}";
};
"auth.fcuny.net" = {
enableACME = true;
acmeRoot = null;
forceSSL = true;
locations."/".proxyPass = "http://${httpHost}:9092";
};
"reader.fcuny.net" = {
enableACME = true;
acmeRoot = null;
forceSSL = true;
locations."/".proxyPass = "http://${httpHost}:8002";
};
"fcuny.net" = {
enableACME = true;
acmeRoot = null;
forceSSL = true;
locations."/".proxyPass = "http://${httpHost}:8070";
locations."/.well-known/webfinger" = {
root = webfingerRoot;
extraConfig = ''
add_header Access-Control-Allow-Origin "*";
default_type "application/jrd+json";
types { application/jrd+json json; }
if ($arg_resource) {
rewrite ^(.*)$ /$arg_resource break;
}
'';
};
};
};
};
}
|
