diff --git a/nixos/machines/driftwood/configuration.nix b/nixos/machines/driftwood/configuration.nix index 79740d7..a39e323 100644 --- a/nixos/machines/driftwood/configuration.nix +++ b/nixos/machines/driftwood/configuration.nix @@ -35,7 +35,15 @@ }; # ACME data must be readable by the NGINX user - # users.users.nginx.extraGroups = [ - # "acme" - # ]; + users.users.nginx.extraGroups = [ + "acme" + ]; + + # Enable nginx + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; +recommendedOptimisation = true; + }; } diff --git a/nixos/machines/driftwood/containers/conduit.nix b/nixos/machines/driftwood/containers/conduit.nix index a519334..b752ead 100644 --- a/nixos/machines/driftwood/containers/conduit.nix +++ b/nixos/machines/driftwood/containers/conduit.nix @@ -38,4 +38,67 @@ system.stateVersion = "24.11"; }; }; + + services.nginx = { + virtualHosts = { + "matrix.stranger.systems" = { + forceSSL = true; + enableACME = true; + + listen = [ + { + addr = "0.0.0.0"; + port = 443; + ssl = true; + } + { + addr = "[::]"; + port = 443; + ssl = true; + } + { + addr = "0.0.0.0"; + port = 80; + ssl = false; + } + { + addr = "[::]"; + port = 80; + ssl = false; + } + { + addr = "0.0.0.0"; + port = 8448; + ssl = true; + } + { + addr = "[::]"; + port = 8448; + ssl = true; + } + ]; + + locations."/_matrix/" = { + proxyPass = "http://backend_conduit$request_uri"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header Host $host; + proxy_buffering off; + ''; + }; + + extraConfig = '' + merge_slashes off; + ''; + }; + }; + + upstreams = { + "backend_conduit" = { + servers = { + "192.168.100.11:6167" = {}; + }; + }; + }; + }; }