RuJect/nixos-infra
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

initial commit
Some checks failed
Nix CI / build (push) Failing after 31s
Details

Browse source
This commit is contained in:
Rustam Efimov 2026-04-01 08:50:01 +03:00
commit 30ce0dafc2
No known key found for this signature in database
195 changed files with 8902 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

54
services/prosody/nginx.nix Normal file
View file

@ -0,0 +1,54 @@
{
config,
lib,
...
}:
let
inherit (config.machine.prosody)
enable
domain
;
localhost = "http://localhost:5280";
in
with lib; mkIf enable {
security.acme.certs."${domain}".extraDomainNames = [
"conference.${domain}"
"upload.${domain}"
];
users.groups.acme.members = [
"prosody"
];
services.nginx.virtualHosts = with lib; mkIf (domain != null) {
"${domain}".locations = {
"= /xmpp-websocket" = {
proxyPass = localhost;
proxyWebsockets = true;
};
"= /http-bind".proxyPass = localhost;
"/push".proxyPass = localhost;
"= /.well-known/host-meta".proxyPass = localhost;
"= /.well-known/host-meta.json".proxyPass = localhost;
};
"conference.${domain}" = {
http3 = true;
quic = true;
forceSSL = true;
kTLS = true;
useACMEHost = domain;
sslCertificate = "${config.security.acme.certs.${domain}.directory}/fullchain.pem";
sslCertificateKey = "${config.security.acme.certs.${domain}.directory}/key.pem";
locations."/".proxyPass = localhost;
};
"upload.${domain}" = {
http3 = true;
quic = true;
forceSSL = true;
kTLS = true;
useACMEHost = domain;
sslCertificate = "${config.security.acme.certs.${domain}.directory}/fullchain.pem";
sslCertificateKey = "${config.security.acme.certs.${domain}.directory}/key.pem";
locations."/".proxyPass = localhost;
};
};
}