From 1baa1ce67114fce9f2662a27bfff7ab821cdd535 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Thu, 27 Mar 2025 02:55:22 -0400 Subject: [PATCH] ngnix for conduit --- nixos/machines/driftwood/configuration.nix | 14 ++++- .../machines/driftwood/containers/conduit.nix | 63 +++++++++++++++++++ 2 files changed, 74 insertions(+), 3 deletions(-) diff --git a/nixos/machines/driftwood/configuration.nix b/nixos/machines/driftwood/configuration.nix index 79740d7..a39e323 100644 --- a/nixos/machines/driftwood/configuration.nix +++ b/nixos/machines/driftwood/configuration.nix @@ -35,7 +35,15 @@ }; # ACME data must be readable by the NGINX user - # users.users.nginx.extraGroups = [ - # "acme" - # ]; + users.users.nginx.extraGroups = [ + "acme" + ]; + + # Enable nginx + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; +recommendedOptimisation = true; + }; } diff --git a/nixos/machines/driftwood/containers/conduit.nix b/nixos/machines/driftwood/containers/conduit.nix index a519334..b752ead 100644 --- a/nixos/machines/driftwood/containers/conduit.nix +++ b/nixos/machines/driftwood/containers/conduit.nix @@ -38,4 +38,67 @@ system.stateVersion = "24.11"; }; }; + + services.nginx = { + virtualHosts = { + "matrix.stranger.systems" = { + forceSSL = true; + enableACME = true; + + listen = [ + { + addr = "0.0.0.0"; + port = 443; + ssl = true; + } + { + addr = "[::]"; + port = 443; + ssl = true; + } + { + addr = "0.0.0.0"; + port = 80; + ssl = false; + } + { + addr = "[::]"; + port = 80; + ssl = false; + } + { + addr = "0.0.0.0"; + port = 8448; + ssl = true; + } + { + addr = "[::]"; + port = 8448; + ssl = true; + } + ]; + + locations."/_matrix/" = { + proxyPass = "http://backend_conduit$request_uri"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header Host $host; + proxy_buffering off; + ''; + }; + + extraConfig = '' + merge_slashes off; + ''; + }; + }; + + upstreams = { + "backend_conduit" = { + servers = { + "192.168.100.11:6167" = {}; + }; + }; + }; + }; }