Move most Nginx proxies to the individual services

2024-08-26 13:07:59 -04:00 · 2024-08-26 13:07:59 -04:00 · 1f8156e868
commit 1f8156e868
parent f1d2652c53
16 changed files with 267 additions and 263 deletions
--- a/nixos/server/synapse.nix
+++ b/nixos/server/synapse.nix
@ -1,7 +1,7 @@
-{pkgs, config, ...}: {
-  services = let
-    secrets = import ../modules/secrets.nix;
-  in {
+{pkgs, config, ...}: let
+  secrets = import ../modules/secrets.nix;
+in {
+  services = {
    # Synapse Matrix server
    matrix-synapse = with config.services.coturn; {
      enable = true;
@ -92,5 +92,28 @@
      cert = "/var/lib/acme/turn.${secrets.jimDomain}.com/fullchain.pem";
      pkey = "/var/lib/acme/turn.${secrets.jimDomain}.com/key.pem";
    };
+
+    # Nginx
+    nginx.virtualHosts = {
+      "matrix.${secrets.jimDomain}" = {
+        enableACME = true;
+        forceSSL = true;
+        locations = {
+          "/".extraConfig = ''return 403;'';
+           "/client".proxyPass = "http://127.0.0.1:8009";
+           "/_matrix".proxyPass = "http://127.0.0.1:8008";
+          "/_matrix/client/unstable/org.matrix.msc3575/sync".proxyPass = "http://127.0.0.1:8009";
+           "/_synapse/client".proxyPass = "http://127.0.0.1:8008";
+        };
+      };
+      "turn.${secrets.jimDomain}" = {
+        enableACME = true;
+        forceSSL = true;
+        listen = [
+          { addr = "0.0.0.0"; port = 80; ssl = false; }
+        ];
+        locations."/".proxyPass = "http://127.0.0.1:1380";
+      };
+    };
  };
 }