From 924766af58349feee76fccd165d4604f1cdc1e5c Mon Sep 17 00:00:00 2001 From: Gene Liverman Date: Tue, 28 Jan 2025 22:19:16 -0500 Subject: [PATCH 1/4] Actually listen on port 80, redirect to https --- .../hosts/nixos/hetznix01/post-install/nginx.nix | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/modules/hosts/nixos/hetznix01/post-install/nginx.nix b/modules/hosts/nixos/hetznix01/post-install/nginx.nix index bebfa6c..f5366ba 100644 --- a/modules/hosts/nixos/hetznix01/post-install/nginx.nix +++ b/modules/hosts/nixos/hetznix01/post-install/nginx.nix @@ -1,5 +1,6 @@ { config, ... }: let domain = "technicalissues.us"; + http_port = 80; https_port = 443; in { @@ -18,10 +19,6 @@ in { } add_header Strict-Transport-Security $hsts_header; ''; - defaultListen = [ - { port = https_port; addr = "0.0.0.0"; ssl = true; } - { port = https_port; addr = "[::]"; ssl = true; } - ]; virtualHosts = { "hetznix01.${domain}" = { serverAliases = [ @@ -69,10 +66,6 @@ in { }; }; "albyhub.${domain}" = { - listen = [ - { port = https_port; addr = "0.0.0.0"; ssl = true; } - { port = https_port; addr = "[::]"; ssl = true; } - ]; enableACME = true; acmeRoot = null; forceSSL = true; @@ -85,8 +78,12 @@ in { }; "matrix.${domain}" = { listen = [ + { port = http_port; addr = "0.0.0.0"; } + { port = http_port; addr = "[::]"; } + { port = https_port; addr = "0.0.0.0"; ssl = true; } { port = https_port; addr = "[::]"; ssl = true; } + { port = 8448; addr = "0.0.0.0"; ssl = true; } { port = 8448; addr = "[::]"; ssl = true; } ]; From 2810ed2ffdd7fb52dd84051784475837f7de55ff Mon Sep 17 00:00:00 2001 From: Gene Liverman Date: Tue, 28 Jan 2025 22:17:34 -0500 Subject: [PATCH 2/4] Streaming across Tailscale for the win --- modules/hosts/nixos/hetznix01/default.nix | 2 ++ .../nixos/hetznix01/post-install/nginx.nix | 18 ++++++++++++++++-- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/modules/hosts/nixos/hetznix01/default.nix b/modules/hosts/nixos/hetznix01/default.nix index 820e3c2..0be1fcb 100644 --- a/modules/hosts/nixos/hetznix01/default.nix +++ b/modules/hosts/nixos/hetznix01/default.nix @@ -29,7 +29,9 @@ 443 # https to local Nginx 465 # SMTP with TLS 587 # SMTP with STARTTLS + 8333 # Bitcoin Core 8448 # Matrix Synapse + 9735 # LND ]; # firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. diff --git a/modules/hosts/nixos/hetznix01/post-install/nginx.nix b/modules/hosts/nixos/hetznix01/post-install/nginx.nix index f5366ba..31305c4 100644 --- a/modules/hosts/nixos/hetznix01/post-install/nginx.nix +++ b/modules/hosts/nixos/hetznix01/post-install/nginx.nix @@ -2,6 +2,7 @@ domain = "technicalissues.us"; http_port = 80; https_port = 443; + private_btc = "100.83.153.7"; in { services.nginx = { @@ -19,6 +20,19 @@ in { } add_header Strict-Transport-Security $hsts_header; ''; + streamConfig = '' + server { + listen 0.0.0.0:8333; + listen [::]:8333; + proxy_pass ${private_btc}:8333; + } + + server { + listen 0.0.0.0:9735; + listen [::]:9735; + proxy_pass ${private_btc}:9735; + } + ''; virtualHosts = { "hetznix01.${domain}" = { serverAliases = [ @@ -70,9 +84,9 @@ in { acmeRoot = null; forceSSL = true; # basicAuthFile = config.sops.secrets.owntracks_basic_auth.path; - # Albyhub container + # Albyhub via Tailscale locations."/" = { - proxyPass = "http://127.0.0.1:8080"; + proxyPass = "http://${private_btc}:59000"; proxyWebsockets = true; }; }; From f99945596bdbf592dfb702c3f6d4ffc61c86f1f9 Mon Sep 17 00:00:00 2001 From: Gene Liverman Date: Tue, 28 Jan 2025 23:36:57 -0500 Subject: [PATCH 3/4] Make match getalby version --- modules/hosts/nixos/hetznix01/post-install/nginx.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/hosts/nixos/hetznix01/post-install/nginx.nix b/modules/hosts/nixos/hetznix01/post-install/nginx.nix index 31305c4..2420bdb 100644 --- a/modules/hosts/nixos/hetznix01/post-install/nginx.nix +++ b/modules/hosts/nixos/hetznix01/post-install/nginx.nix @@ -50,7 +50,7 @@ in { }; "/.well-known/lnurlp/genebean" = { return = '' - 200 '{"status":"OK","tag":"payRequest","commentAllowed":255,"callback":"https://getalby.com/lnurlp/genebean/callback","metadata":"[[\\"text/identifier\\",\\"genebean@getalby.com\\"],[\\"text/plain\\",\\"Sats for GeneBean\\"]]","minSendable":1000,"maxSendable":150000000,"payerData":{"name":{"mandatory":false},"email":{"mandatory":false},"pubkey":{"mandatory":false}},"nostrPubkey":"79f00d3f5a19ec806189fcab03c1be4ff81d18ee4f653c88fac41fe03570f432","allowsNostr":true}' + 200 '{"status":"OK","tag":"payRequest","commentAllowed":255,"callback":"https://getalby.com/lnurlp/genebean/callback","metadata":"[[\\"text/identifier\\",\\"genebean@getalby.com\\"],[\\"text/plain\\",\\"Sats for GeneBean\\"]]","minSendable":1000,"maxSendable":10000000000,"payerData":{"name":{"mandatory":false},"email":{"mandatory":false},"pubkey":{"mandatory":false}},"nostrPubkey":"79f00d3f5a19ec806189fcab03c1be4ff81d18ee4f653c88fac41fe03570f432","allowsNostr":true}' ''; extraConfig = '' default_type application/json; From f4d2b2a9febaaaf231751fc66c3b7b7739fe1941 Mon Sep 17 00:00:00 2001 From: Gene Liverman Date: Tue, 28 Jan 2025 23:37:25 -0500 Subject: [PATCH 4/4] Add Nostr NIP-05 verification --- modules/hosts/nixos/hetznix01/post-install/nginx.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/modules/hosts/nixos/hetznix01/post-install/nginx.nix b/modules/hosts/nixos/hetznix01/post-install/nginx.nix index 2420bdb..33dbda6 100644 --- a/modules/hosts/nixos/hetznix01/post-install/nginx.nix +++ b/modules/hosts/nixos/hetznix01/post-install/nginx.nix @@ -77,6 +77,15 @@ in { add_header Access-Control-Allow-Origin *; ''; }; + "/.well-known/nostr.json" = { + return = '' + 200 '{"names": {"genebean": "dba168fc95fdbd94b40096f4a6db1a296c0e85c4231bfc9226fca5b7fcc3e5ca"}}' + ''; + extraConfig = '' + default_type application/json; + add_header Access-Control-Allow-Origin *; + ''; + }; }; }; "albyhub.${domain}" = {