coolneng/zion
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Redirect all URLs to new domain

Browse Source
This commit is contained in:
coolneng
2025-04-08 02:45:56 +02:00
parent 40838848c3
commit 848d652ac7
13 changed files with 95 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/devops.nix
View File

@@ -21,8 +21,8 @@
settings = {
server = {
DISABLE_SSH = true;
DOMAIN = "git.coolneng.duckdns.org";
ROOT_URL = "https://git.coolneng.duckdns.org";
DOMAIN = "git.psydnd.org";
ROOT_URL = "https://git.psydnd.org";
};
service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true;

4
modules/information.nix
View File

@@ -10,10 +10,6 @@
services.miniflux = {
enable = true;
adminCredentialsFile = config.age.secrets.miniflux.path;
config = {
BASE_URL = "https://rss.coolneng.duckdns.org";
DISABLE_HSTS = 1;
};
};
# Php-fpm pool for Wallabag

2
modules/monitoring.nix
View File

@@ -81,7 +81,7 @@ with pkgs;
services.grafana = {
enable = true;
settings.server = {
domain = "grafana.coolneng.duckdns.org";
domain = "grafana.psydnd.org";
http_port = 9009;
http_addr = "127.0.0.1";
};

33
modules/networking.nix
View File

@@ -37,20 +37,31 @@ in
services.inadyn = {
enable = true;
interval = "*:0/30";
settings = {
provider."duckdns" = {
hostname = "coolneng.duckdns.org";
include = config.age.secrets.inadyn-duckdns.path;
};
custom."porkbun.com" = {
ddns-server = "dynamicdns.park-your-domain.com";
ddns-path = "/update?domain=%u&password=%p&host=%h";
hostname = "psydnd.org";
include = config.age.secrets.inadyn-porkbun.path;
};
settings.provider."duckdns" = {
hostname = "coolneng.duckdns.org";
include = config.age.secrets.inadyn-duckdns.path;
};
};
# Dynamic DNS configuration for Porkbun
# NOTE Temporary workaround until Inadyn fixes the Porkbun module
services.oink = {
enable = true;
settings = {
apiKey = "PLACEHOLDER";
secretApiKey = "PLACEHOLDER";
interval = 1800;
};
domains = [
{
domain = "psydnd.org";
subdomain = "";
}
];
};
# NOTE Load credentials using environment variables
systemd.services.oink.serviceConfig.EnvironmentFile = config.age.secrets.inadyn-porkbun.path;
# Firewall configuration
networking.firewall = {
allowedTCPPorts = [

72
modules/webstack.nix
View File

@@ -34,15 +34,12 @@
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
'';
virtualHosts = {
# Old domain being redirected
"coolneng.duckdns.org" = {
useACMEHost = "coolneng.duckdns.org";
forceSSL = true;
# Redirect from legacy subdirectory URL to subdomain
locations = {
"/radicale/".return = "301 https://radicale.coolneng.duckdns.org";
"/syncthing/".return = "301 https://sync.coolneng.duckdns.org";
"/gitea/".extraConfig = "rewrite ^/gitea/(.*)$ https://git.coolneng.duckdns.org/$1 last;";
"/miniflux/".extraConfig = "rewrite ^/miniflux/(.*)$ https://rss.coolneng.duckdns.org/$1 last;";
"/".return = "301 https://psydnd.org$request_uri";
# Delegation for Matrix
"/.well-known/" = {
alias = "${../well-known}" + "/";
@@ -54,9 +51,20 @@
};
};
};
"radicale.coolneng.duckdns.org" = {
# Redirect subdomains
"~^(?<subdomain>.+)\.coolneng\.duckdns\.org$" = {
useACMEHost = "coolneng.duckdns.org";
forceSSL = true;
locations."/".return = "301 https://$subdomain.psydnd.org$request_uri";
};
# Current domain
"psydnd.org" = {
useACMEHost = "psydnd.org";
forceSSL = true;
};
"radicale.psydnd.org" = {
useACMEHost = "psydnd.org";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:5232/";
extraConfig = ''
@@ -65,30 +73,30 @@
'';
};
};
"sync.coolneng.duckdns.org" = {
useACMEHost = "coolneng.duckdns.org";
"sync.psydnd.org" = {
useACMEHost = "psydnd.org";
forceSSL = true;
locations."/".proxyPass = "http://localhost:8384/";
};
"git.coolneng.duckdns.org" = {
useACMEHost = "coolneng.duckdns.org";
"git.psydnd.org" = {
useACMEHost = "psydnd.org";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3000/";
extraConfig = ''
${config.services.nginx.commonHttpConfig}
# Disable embedding as a frame, except from the same origin
add_header Content-Security-Policy "frame-src git.coolneng.duckdns.org; frame-ancestors git.coolneng.duckdns.org";
add_header Content-Security-Policy "frame-src git.psydnd.org; frame-ancestors git.psydnd.org";
'';
};
};
"rss.coolneng.duckdns.org" = {
useACMEHost = "coolneng.duckdns.org";
"rss.psydnd.org" = {
useACMEHost = "psydnd.org";
forceSSL = true;
locations."/".proxyPass = "http://localhost:8080/";
};
"matrix.coolneng.duckdns.org" = {
useACMEHost = "coolneng.duckdns.org";
"matrix.psydnd.org" = {
useACMEHost = "psydnd.org";
forceSSL = true;
listen = [
# IPv4
@@ -116,18 +124,18 @@
];
locations."~ ^(/_matrix|/_synapse/client)".proxyPass = "http://localhost:8008";
};
"element.coolneng.duckdns.org" = {
useACMEHost = "coolneng.duckdns.org";
"element.psydnd.org" = {
useACMEHost = "psydnd.org";
forceSSL = true;
locations."/".root = pkgs.element-web.override {
conf.default_server_config = {
"m.homeserver"."base_url" = "https://matrix.coolneng.duckdns.org";
"m.homeserver"."base_url" = "https://matrix.psydnd.org";
"m.identity_server"."base_url" = "https://vector.im";
};
};
};
"wallabag.coolneng.duckdns.org" = {
useACMEHost = "coolneng.duckdns.org";
"wallabag.psydnd.org" = {
useACMEHost = "psydnd.org";
forceSSL = true;
root = "${pkgs.wallabag}/web";
locations = {
@@ -147,8 +155,8 @@
};
};
};
"books.coolneng.duckdns.org" = {
useACMEHost = "coolneng.duckdns.org";
"books.psydnd.org" = {
useACMEHost = "psydnd.org";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:9000/";
@@ -159,8 +167,8 @@
'';
};
};
"grafana.coolneng.duckdns.org" = {
useACMEHost = "coolneng.duckdns.org";
"grafana.psydnd.org" = {
useACMEHost = "psydnd.org";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:9009/";
@@ -177,10 +185,18 @@
email = "akasroua@disroot.org";
group = "nginx";
};
certs."coolneng.duckdns.org" = {
domain = "*.coolneng.duckdns.org";
dnsProvider = "duckdns";
environmentFile = config.age.secrets.acme.path;
certs = {
"coolneng.duckdns.org" = {
domain = "*.coolneng.duckdns.org";
dnsProvider = "duckdns";
environmentFile = config.age.secrets.acme-duckdns.path;
};
"psydnd.org" = {
domain = "psydnd.org";
extraDomainNames = [ "*.psydnd.org" ];
dnsProvider = "porkbun";
environmentFile = config.age.secrets.acme-porkbun.path;
};
};
};