coolneng/zion
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Redirect all URLs to new domain

Browse Source
This commit is contained in:
coolneng 2025-04-08 02:45:56 +02:00
parent 40838848c3
commit 848d652ac7
Signed by: coolneng
GPG Key ID: 9893DA236405AF57
13 changed files with 95 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
configuration.nix
View File

@ -206,11 +206,6 @@ with pkgs;
owner = "matrix-as-signal";
group = "matrix-as-signal";
};
secrets.acme = {
file = secrets/acme.age;
owner = "acme";
group = "nginx";
};
secrets.inadyn-duckdns = {
file = secrets/inadyn-duckdns.age;
owner = "inadyn";
@ -221,13 +216,23 @@ with pkgs;
owner = "inadyn";
group = "inadyn";
};
secrets.acme-duckdns = {
file = secrets/acme-duckdns.age;
owner = "acme";
group = "nginx";
};
secrets.acme-porkbun = {
file = secrets/acme-porkbun.age;
owner = "acme";
group = "nginx";
};
identityPaths = [ "/etc/ssh/id_ed25519" ];
};
# Auto-upgrade the system
system.autoUpgrade = {
enable = true;
flake = "/root/system";
flake = "/home/coolneng/system";
flags = [
"--update-input agenix --update-input nixpkgs"
"--commit-lock-file"

4
modules/devops.nix
View File

@ -21,8 +21,8 @@
settings = {
server = {
DISABLE_SSH = true;
DOMAIN = "git.coolneng.duckdns.org";
ROOT_URL = "https://git.coolneng.duckdns.org";
DOMAIN = "git.psydnd.org";
ROOT_URL = "https://git.psydnd.org";
};
service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true;

4
modules/information.nix
View File

@ -10,10 +10,6 @@
services.miniflux = {
enable = true;
adminCredentialsFile = config.age.secrets.miniflux.path;
config = {
BASE_URL = "https://rss.coolneng.duckdns.org";
DISABLE_HSTS = 1;
};
};
# Php-fpm pool for Wallabag

2
modules/monitoring.nix
View File

@ -81,7 +81,7 @@ with pkgs;
services.grafana = {
enable = true;
settings.server = {
domain = "grafana.coolneng.duckdns.org";
domain = "grafana.psydnd.org";
http_port = 9009;
http_addr = "127.0.0.1";
};

33
modules/networking.nix
View File

@ -37,20 +37,31 @@ in
services.inadyn = {
enable = true;
interval = "*:0/30";
settings = {
provider."duckdns" = {
hostname = "coolneng.duckdns.org";
include = config.age.secrets.inadyn-duckdns.path;
};
custom."porkbun.com" = {
ddns-server = "dynamicdns.park-your-domain.com";
ddns-path = "/update?domain=%u&password=%p&host=%h";
hostname = "psydnd.org";
include = config.age.secrets.inadyn-porkbun.path;
};
settings.provider."duckdns" = {
hostname = "coolneng.duckdns.org";
include = config.age.secrets.inadyn-duckdns.path;
};
};
# Dynamic DNS configuration for Porkbun
# NOTE Temporary workaround until Inadyn fixes the Porkbun module
services.oink = {
enable = true;
settings = {
apiKey = "PLACEHOLDER";
secretApiKey = "PLACEHOLDER";
interval = 1800;
};
domains = [
{
domain = "psydnd.org";
subdomain = "";
}
];
};
# NOTE Load credentials using environment variables
systemd.services.oink.serviceConfig.EnvironmentFile = config.age.secrets.inadyn-porkbun.path;
# Firewall configuration
networking.firewall = {
allowedTCPPorts = [

72
modules/webstack.nix
View File

@ -34,15 +34,12 @@
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
'';
virtualHosts = {
# Old domain being redirected
"coolneng.duckdns.org" = {
useACMEHost = "coolneng.duckdns.org";
forceSSL = true;
# Redirect from legacy subdirectory URL to subdomain
locations = {
"/radicale/".return = "301 https://radicale.coolneng.duckdns.org";
"/syncthing/".return = "301 https://sync.coolneng.duckdns.org";
"/gitea/".extraConfig = "rewrite ^/gitea/(.*)$ https://git.coolneng.duckdns.org/$1 last;";
"/miniflux/".extraConfig = "rewrite ^/miniflux/(.*)$ https://rss.coolneng.duckdns.org/$1 last;";
"/".return = "301 https://psydnd.org$request_uri";
# Delegation for Matrix
"/.well-known/" = {
alias = "${../well-known}" + "/";
@ -54,9 +51,20 @@
};
};
};
"radicale.coolneng.duckdns.org" = {
# Redirect subdomains
"~^(?<subdomain>.+)\.coolneng\.duckdns\.org$" = {
useACMEHost = "coolneng.duckdns.org";
forceSSL = true;
locations."/".return = "301 https://$subdomain.psydnd.org$request_uri";
};
# Current domain
"psydnd.org" = {
useACMEHost = "psydnd.org";
forceSSL = true;
};
"radicale.psydnd.org" = {
useACMEHost = "psydnd.org";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:5232/";
extraConfig = ''
@ -65,30 +73,30 @@
'';
};
};
"sync.coolneng.duckdns.org" = {
useACMEHost = "coolneng.duckdns.org";
"sync.psydnd.org" = {
useACMEHost = "psydnd.org";
forceSSL = true;
locations."/".proxyPass = "http://localhost:8384/";
};
"git.coolneng.duckdns.org" = {
useACMEHost = "coolneng.duckdns.org";
"git.psydnd.org" = {
useACMEHost = "psydnd.org";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3000/";
extraConfig = ''
${config.services.nginx.commonHttpConfig}
# Disable embedding as a frame, except from the same origin
add_header Content-Security-Policy "frame-src git.coolneng.duckdns.org; frame-ancestors git.coolneng.duckdns.org";
add_header Content-Security-Policy "frame-src git.psydnd.org; frame-ancestors git.psydnd.org";
'';
};
};
"rss.coolneng.duckdns.org" = {
useACMEHost = "coolneng.duckdns.org";
"rss.psydnd.org" = {
useACMEHost = "psydnd.org";
forceSSL = true;
locations."/".proxyPass = "http://localhost:8080/";
};
"matrix.coolneng.duckdns.org" = {
useACMEHost = "coolneng.duckdns.org";
"matrix.psydnd.org" = {
useACMEHost = "psydnd.org";
forceSSL = true;
listen = [
# IPv4
@ -116,18 +124,18 @@
];
locations."~ ^(/_matrix|/_synapse/client)".proxyPass = "http://localhost:8008";
};
"element.coolneng.duckdns.org" = {
useACMEHost = "coolneng.duckdns.org";
"element.psydnd.org" = {
useACMEHost = "psydnd.org";
forceSSL = true;
locations."/".root = pkgs.element-web.override {
conf.default_server_config = {
"m.homeserver"."base_url" = "https://matrix.coolneng.duckdns.org";
"m.homeserver"."base_url" = "https://matrix.psydnd.org";
"m.identity_server"."base_url" = "https://vector.im";
};
};
};
"wallabag.coolneng.duckdns.org" = {
useACMEHost = "coolneng.duckdns.org";
"wallabag.psydnd.org" = {
useACMEHost = "psydnd.org";
forceSSL = true;
root = "${pkgs.wallabag}/web";
locations = {
@ -147,8 +155,8 @@
};
};
};
"books.coolneng.duckdns.org" = {
useACMEHost = "coolneng.duckdns.org";
"books.psydnd.org" = {
useACMEHost = "psydnd.org";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:9000/";
@ -159,8 +167,8 @@
'';
};
};
"grafana.coolneng.duckdns.org" = {
useACMEHost = "coolneng.duckdns.org";
"grafana.psydnd.org" = {
useACMEHost = "psydnd.org";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:9009/";
@ -177,10 +185,18 @@
email = "akasroua@disroot.org";
group = "nginx";
};
certs."coolneng.duckdns.org" = {
domain = "*.coolneng.duckdns.org";
dnsProvider = "duckdns";
environmentFile = config.age.secrets.acme.path;
certs = {
"coolneng.duckdns.org" = {
domain = "*.coolneng.duckdns.org";
dnsProvider = "duckdns";
environmentFile = config.age.secrets.acme-duckdns.path;
};
"psydnd.org" = {
domain = "psydnd.org";
extraDomainNames = [ "*.psydnd.org" ];
dnsProvider = "porkbun";
environmentFile = config.age.secrets.acme-porkbun.path;
};
};
};

BIN
secrets/acme-duckdns.age Normal file
View File

Binary file not shown.

5
secrets/acme-porkbun.age Normal file
View File

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 iUaRGg 7JImhL2Wo/eJEwUGP+NhEf36yq5gHO9q1GYhY2HaMAY
eAMhD0sqHQS+aayBpOsY8+081i72QAhJCFbBe0//uwU
--- 4K8cXsDuWZrmWNJ+rz166ej9o/gLFc7CfJuzAsG0BxA
|.þû f<><66>fã=î-ÏX$PÅ: ¦©¥ÜMB úzö÷ïÁ!7N7iže<C5BE>¹¦!—fËFÉ„v³M"4R_wï|—GÝØtl»»<bQL}‰Ú‹¶õ#^Õ©ªá¤júeòdœ®­iâ:F=ÿí÷éŠë‹[ <0A>®íÉd½Y´€“Z8]|îEÇwâ(·<> ö¸4¶Œ•æFx˜y8šI.´êKx»™øflçù1ŸUû BÁ¨×3Û€5ÿÄ~Ã

BIN
secrets/acme.age
View File

Binary file not shown.

11
secrets/inadyn-porkbun.age
View File

@ -1,6 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 iUaRGg mjl2NVhvZ+j87U5JLDcun7Lr7nUD9/Ci2mbZbcvn6hk
xzJaZDEwcZmd/qUGMWoFsj6ylsevriwlwVi8znyRpSk
--- IoNqE7dzWBlVySCznCJDS4KEOfBPazWvdzK2GmyQyIw
±hóâ_CA·~~ˆû¸;¶nDt]†]Òë•g…Š¨º¹<C2BA>
ïÃÒ|4´M6Y gŒ¶ÝÆOã.ð:ó\ÚNgƒ/Ö—ÛiÀuxïm bê«Ü=6•—{äª3åÊø ¹oMG;Ël^lÞµ`ŠBˆ¸™nêðLxïÈ|æ,d·Â2çÓ9´{*|öÅL;ßÉ!ø͜ܕVkØš$:4½qèéÉGÄ ©ÙªŒi€ÝÈÅ„A¶A ÃËAÉ™½ì
-> ssh-ed25519 iUaRGg Fj/IEMc+EwPbxVYPdM1tUF0V1vL8F0yN7wPCTcDOoQI
ORL8EAnKTo5Fot3qRDYClGvmtPliWA49aQWBpzqLFxo
--- FrEg81sAO/xlmYLGMqb9aF4o61J57Cqdb6Qoh7h2Zxg
ùɱw Ò>xKø}ÖÐ g݇(“ÜO V°hˆç]r!wx1àúÜ™j!Ž}UÛ „
X¾BÇ D™¦ó«A´ÿ¶c±¿Ãî¥ âs<C3A2>äd¹]0Â[ziš0­é©ß¬"·½9À]¤Aŵåà1yîaßJÅwk³ Ò0Yîhð™6©\\W3<>:{1Ø'{ºátÛš> îWŒÆõ®ÝšE±ODÂËŒ'Œ>ÍPý]Þ?„d…ÈP…P8ê)”×å?è
ˆßg73

3
secrets/secrets.nix
View File

@ -15,7 +15,8 @@ in
"mqtt-receiver.age".publicKeys = [ zion ];
"facebook.age".publicKeys = [ zion ];
"signal.age".publicKeys = [ zion ];
"acme.age".publicKeys = [ zion ];
"inadyn-duckdns.age".publicKeys = [ zion ];
"inadyn-porkbun.age".publicKeys = [ zion ];
"acme-duckdns.age".publicKeys = [ zion ];
"acme-porkbun.age".publicKeys = [ zion ];
}

2
well-known/matrix/client
View File

@ -1,5 +1,5 @@
{
"m.homeserver": {
"base_url": "https://matrix.coolneng.duckdns.org"
"base_url": "https://matrix.psydnd.org"
}
}

2
well-known/matrix/server
View File

@ -1 +1 @@
{ "m.server": "matrix.coolneng.duckdns.org:443" }
{ "m.server": "matrix.psydnd.org:443" }