genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-03-27 01:17:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
dots/modules/hosts/nixos/hetznix02/post-install/nginx.nix
Gene Liverman 5c819eca1e Enable HTTPS for genebean.me with Let's Encrypt HTTP-01 challenge 
- Configure ACME with HTTP-01 challenge for Let's Encrypt cert
- Add manual proxy config for Plausible analytics (stats.technicalissues.us)
- Fix issue where recommendedProxySettings caused upstream redirect by
  explicitly setting Host header to stats.technicalissues.us instead of
  passing the genebean.me host
2026-03-11 00:47:57 -04:00

109 lines
4 KiB
Nix
Raw Blame History

{ pkgs, ... }: let
domain = "genebean.me";
in {
environment.etc.nginx-littlelinks = {
# Info generated via
# nurl https://github.com/genebean/littlelink genebean-sometag
source = pkgs.fetchFromGitHub {
owner = "genebean";
repo = "littlelink";
rev = "genebean-1.0.2";
hash = "sha256-Fr1Qt/YaXNoDI4WHUuI2s852ENte8GjOmJrtEpq/SfY=";
};
};
security.acme.certs."${domain}" = {
email = "lets-encrypt@technicalissues.us";
inheritDefaults = false;
# server = "https://acme-staging-v02.api.letsencrypt.org/directory";
};
services.nginx = {
enable = true;
recommendedBrotliSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
#recommendedProxySettings = true;
recommendedTlsSettings = true;
appendHttpConfig = ''
# Add HSTS header with preloading to HTTPS requests.
# Adding this header to HTTP requests is discouraged
map $scheme $hsts_header {
https "max-age=31536000;";
}
add_header Strict-Transport-Security $hsts_header;
'';
virtualHosts = {
"${domain}" = {
serverAliases = [
"www.${domain}"
];
default = true;
enableACME = true;
forceSSL = true;
root = "/etc/nginx-littlelinks";
locations = {
"/.well-known/lnurlp/genebean" = {
return = ''
200 '{"status":"OK","tag":"payRequest","commentAllowed":255,"callback":"https://getalby.com/lnurlp/genebean/callback","metadata":"[[\\"text/identifier\\",\\"genebean@getalby.com\\"],[\\"text/plain\\",\\"Sats for GeneBean\\"]]","minSendable":1000,"maxSendable":10000000000,"payerData":{"name":{"mandatory":false},"email":{"mandatory":false},"pubkey":{"mandatory":false}},"nostrPubkey":"79f00d3f5a19ec806189fcab03c1be4ff81d18ee4f653c88fac41fe03570f432","allowsNostr":true}'
'';
extraConfig = ''
default_type application/json;
source_charset utf-8;
charset utf-8;
add_header Access-Control-Allow-Origin *;
'';
};
"/.well-known/nostr.json" = {
return = ''
200 '{"names": {"genebean": "dba168fc95fdbd94b40096f4a6db1a296c0e85c4231bfc9226fca5b7fcc3e5ca"}}'
'';
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
'';
};
"/api/event" = {
proxyPass = "https://stats.technicalissues.us/api/event";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Host stats.technicalissues.us;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
'';
};
"/github" = {
return = "301 https://github.com/genebean";
};
"/js/script.hash.outbound-links.js" = {
proxyPass = "https://stats.technicalissues.us/js/script.hash.outbound-links.js";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Host stats.technicalissues.us;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
'';
};
"/mastodon" = {
return = "302 https://fosstodon.org/@genebean";
};
"/nostr" = {
return = "302 https://primal.net/p/npub1mwsk3ly4lk7efdqqjm62dkc699kqapwyyvdley3xljjm0lxruh9qzvu46p";
};
"/server_status" = {
extraConfig = ''
stub_status;
allow 127.0.0.1;
deny all;
'';
};
};
}; # end bare domain
}; # end virtualHosts
}; # end nginx
}
Reference in a new issue View git blame Copy permalink