qbit/xin
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

h: switch to openresty and dynamically build the webfinger for tapenet

Browse Source
This commit is contained in:
Aaron Bieber 2023-09-22 09:42:34 -06:00
parent 36ee3a71e7
commit 5eb3031d5f
No known key found for this signature in database
1 changed files with 53 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
hosts/h/default.nix
View File

@ -458,6 +458,8 @@ in
nginx = { nginx = {
enable = true; enable = true;
package = pkgs.openresty;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
@ -517,27 +519,6 @@ in
enableACME = true; enableACME = true;
root = "/var/www/bolddaemon.com"; root = "/var/www/bolddaemon.com";
locations = {
"/.well-known/webfinger" = {
extraConfig = ''
add_header Strict-Transport-Security $hsts_header;
add_header Referrer-Policy origin-when-cross-origin;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header Content-Type application/json;
return 200 '${builtins.toJSON {
subject = "acct:aaron@bolddaemon.com";
links = [
{
rel = "http://openid.net/specs/connect/1.0/issuer";
href = "https://git.tapenet.org/";
}
];
}}';
'';
};
};
}; };
"relay.bolddaemon.com" = { "relay.bolddaemon.com" = {
forceSSL = true; forceSSL = true;
@ -758,13 +739,39 @@ in
}"; }";
}; };
}; };
"tapenet.org" = "tapenet.org" = {
if config.services.sliding-sync.enable
then {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
root = "/var/www/tapenet.org"; root = "/var/www/tapenet.org";
locations = { locations = {
"/.well-known/webfinger" = {
extraConfig = ''
default_type 'application/json';
content_by_lua_block {
local acct = ngx.unescape_uri(ngx.var.arg_resource)
local json = '${builtins.toJSON {
subject = "%s";
links = [
{
rel = "http://openid.net/specs/connect/1.0/issuer";
href = "https://git.tapenet.org/";
}
];
}}';
local newjson, n, err = ngx.re.sub(json, "%s", acct)
if not err then
ngx.say(newjson)
else
ngx.say("")
end
return
}
'';
};
}
// (if config.services.sliding-sync.enable
then {
"/.well-known/matrix/client".extraConfig = "/.well-known/matrix/client".extraConfig =
mkMatrixWellKnown matrixClientConfig; mkMatrixWellKnown matrixClientConfig;
"/.well-known/matrix/server".extraConfig = "/.well-known/matrix/server".extraConfig =
@ -776,13 +783,8 @@ in
"/_matrix" = mkMatrixLoc; "/_matrix" = mkMatrixLoc;
"/_synapse/client" = mkMatrixLoc; "/_synapse/client" = mkMatrixLoc;
};
} }
else { else {
forceSSL = true;
enableACME = true;
root = "/var/www/tapenet.org";
locations = {
"/.well-known/matrix/client".extraConfig = "/.well-known/matrix/client".extraConfig =
mkMatrixWellKnown matrixClientConfig; mkMatrixWellKnown matrixClientConfig;
"/.well-known/matrix/server".extraConfig = "/.well-known/matrix/server".extraConfig =
@ -790,7 +792,7 @@ in
"/_matrix" = mkMatrixLoc; "/_matrix" = mkMatrixLoc;
"/_synapse/client" = mkMatrixLoc; "/_synapse/client" = mkMatrixLoc;
}; });
}; };
}; };
}; };