coolneng/zion
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Redirect all URLs to new domain

Browse Source
This commit is contained in:
coolneng 2025-04-08 02:45:56 +02:00
parent 40838848c3
commit e77e3948b5
Signed by: coolneng
GPG Key ID: 9893DA236405AF57
12 changed files with 94 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
configuration.nix
View File

@ -206,11 +206,6 @@ with pkgs;
owner = "matrix-as-signal"; owner = "matrix-as-signal";
group = "matrix-as-signal"; group = "matrix-as-signal";
}; };
secrets.acme = {
file = secrets/acme.age;
owner = "acme";
group = "nginx";
};
secrets.inadyn-duckdns = { secrets.inadyn-duckdns = {
file = secrets/inadyn-duckdns.age; file = secrets/inadyn-duckdns.age;
owner = "inadyn"; owner = "inadyn";
@ -221,13 +216,23 @@ with pkgs;
owner = "inadyn"; owner = "inadyn";
group = "inadyn"; group = "inadyn";
}; };
secrets.acme-duckdns = {
file = secrets/acme-duckdns.age;
owner = "acme";
group = "nginx";
};
secrets.acme-porkbun = {
file = secrets/acme-porkbun.age;
owner = "acme";
group = "nginx";
};
identityPaths = [ "/etc/ssh/id_ed25519" ]; identityPaths = [ "/etc/ssh/id_ed25519" ];
}; };
# Auto-upgrade the system # Auto-upgrade the system
system.autoUpgrade = { system.autoUpgrade = {
enable = true; enable = true;
flake = "/root/system"; flake = "/home/coolneng/system";
flags = [ flags = [
"--update-input agenix --update-input nixpkgs" "--update-input agenix --update-input nixpkgs"
"--commit-lock-file" "--commit-lock-file"

4
modules/devops.nix
View File

@ -21,8 +21,8 @@
settings = { settings = {
server = { server = {
DISABLE_SSH = true; DISABLE_SSH = true;
DOMAIN = "git.coolneng.duckdns.org"; DOMAIN = "git.psydnd.org";
ROOT_URL = "https://git.coolneng.duckdns.org"; ROOT_URL = "https://git.psydnd.org";
}; };
service.DISABLE_REGISTRATION = true; service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true; session.COOKIE_SECURE = true;

4
modules/information.nix
View File

@ -10,10 +10,6 @@
services.miniflux = { services.miniflux = {
enable = true; enable = true;
adminCredentialsFile = config.age.secrets.miniflux.path; adminCredentialsFile = config.age.secrets.miniflux.path;
config = {
BASE_URL = "https://rss.coolneng.duckdns.org";
DISABLE_HSTS = 1;
};
}; };
# Php-fpm pool for Wallabag # Php-fpm pool for Wallabag

25
modules/networking.nix
View File

@ -37,19 +37,30 @@ in
services.inadyn = { services.inadyn = {
enable = true; enable = true;
interval = "*:0/30"; interval = "*:0/30";
settings = { settings.provider."duckdns" = {
provider."duckdns" = {
hostname = "coolneng.duckdns.org"; hostname = "coolneng.duckdns.org";
include = config.age.secrets.inadyn-duckdns.path; include = config.age.secrets.inadyn-duckdns.path;
}; };
custom."porkbun.com" = {
ddns-server = "dynamicdns.park-your-domain.com";
ddns-path = "/update?domain=%u&password=%p&host=%h";
hostname = "psydnd.org";
include = config.age.secrets.inadyn-porkbun.path;
}; };
# Dynamic DNS configuration for Porkbun
# NOTE Temporary workaround until Inadyn fixes the Porkbun module
services.oink = {
enable = true;
settings = {
apiKey = "PLACEHOLDER";
secretApiKey = "PLACEHOLDER";
interval = 1800;
}; };
domains = [
{
domain = "psydnd.org";
subdomain = "";
}
];
}; };
# NOTE Load credentials using environment variables
systemd.services.oink.serviceConfig.EnvironmentFile = config.age.secrets.inadyn-porkbun.path;
# Firewall configuration # Firewall configuration
networking.firewall = { networking.firewall = {

68
modules/webstack.nix
View File

@ -34,15 +34,12 @@
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
''; '';
virtualHosts = { virtualHosts = {
# Old domain being redirected
"coolneng.duckdns.org" = { "coolneng.duckdns.org" = {
useACMEHost = "coolneng.duckdns.org"; useACMEHost = "coolneng.duckdns.org";
forceSSL = true; forceSSL = true;
# Redirect from legacy subdirectory URL to subdomain
locations = { locations = {
"/radicale/".return = "301 https://radicale.coolneng.duckdns.org"; "/".return = "301 https://psydnd.org$request_uri";
"/syncthing/".return = "301 https://sync.coolneng.duckdns.org";
"/gitea/".extraConfig = "rewrite ^/gitea/(.*)$ https://git.coolneng.duckdns.org/$1 last;";
"/miniflux/".extraConfig = "rewrite ^/miniflux/(.*)$ https://rss.coolneng.duckdns.org/$1 last;";
# Delegation for Matrix # Delegation for Matrix
"/.well-known/" = { "/.well-known/" = {
alias = "${../well-known}" + "/"; alias = "${../well-known}" + "/";
@ -54,9 +51,20 @@
}; };
}; };
}; };
"radicale.coolneng.duckdns.org" = { # Redirect subdomains
"~^(?<subdomain>.+)\.coolneng\.duckdns\.org$" = {
useACMEHost = "coolneng.duckdns.org"; useACMEHost = "coolneng.duckdns.org";
forceSSL = true; forceSSL = true;
locations."/".return = "301 https://$subdomain.psydnd.org$request_uri";
};
# Current domain
"psydnd.org" = {
useACMEHost = "psydnd.org";
forceSSL = true;
};
"radicale.psydnd.org" = {
useACMEHost = "psydnd.org";
forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://localhost:5232/"; proxyPass = "http://localhost:5232/";
extraConfig = '' extraConfig = ''
@ -65,30 +73,30 @@
''; '';
}; };
}; };
"sync.coolneng.duckdns.org" = { "sync.psydnd.org" = {
useACMEHost = "coolneng.duckdns.org"; useACMEHost = "psydnd.org";
forceSSL = true; forceSSL = true;
locations."/".proxyPass = "http://localhost:8384/"; locations."/".proxyPass = "http://localhost:8384/";
}; };
"git.coolneng.duckdns.org" = { "git.psydnd.org" = {
useACMEHost = "coolneng.duckdns.org"; useACMEHost = "psydnd.org";
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://localhost:3000/"; proxyPass = "http://localhost:3000/";
extraConfig = '' extraConfig = ''
${config.services.nginx.commonHttpConfig} ${config.services.nginx.commonHttpConfig}
# Disable embedding as a frame, except from the same origin # Disable embedding as a frame, except from the same origin
add_header Content-Security-Policy "frame-src git.coolneng.duckdns.org; frame-ancestors git.coolneng.duckdns.org"; add_header Content-Security-Policy "frame-src git.psydnd.org; frame-ancestors git.psydnd.org";
''; '';
}; };
}; };
"rss.coolneng.duckdns.org" = { "rss.psydnd.org" = {
useACMEHost = "coolneng.duckdns.org"; useACMEHost = "psydnd.org";
forceSSL = true; forceSSL = true;
locations."/".proxyPass = "http://localhost:8080/"; locations."/".proxyPass = "http://localhost:8080/";
}; };
"matrix.coolneng.duckdns.org" = { "matrix.psydnd.org" = {
useACMEHost = "coolneng.duckdns.org"; useACMEHost = "psydnd.org";
forceSSL = true; forceSSL = true;
listen = [ listen = [
# IPv4 # IPv4
@ -116,18 +124,18 @@
]; ];
locations."~ ^(/_matrix|/_synapse/client)".proxyPass = "http://localhost:8008"; locations."~ ^(/_matrix|/_synapse/client)".proxyPass = "http://localhost:8008";
}; };
"element.coolneng.duckdns.org" = { "element.psydnd.org" = {
useACMEHost = "coolneng.duckdns.org"; useACMEHost = "psydnd.org";
forceSSL = true; forceSSL = true;
locations."/".root = pkgs.element-web.override { locations."/".root = pkgs.element-web.override {
conf.default_server_config = { conf.default_server_config = {
"m.homeserver"."base_url" = "https://matrix.coolneng.duckdns.org"; "m.homeserver"."base_url" = "https://matrix.psydnd.org";
"m.identity_server"."base_url" = "https://vector.im"; "m.identity_server"."base_url" = "https://vector.im";
}; };
}; };
}; };
"wallabag.coolneng.duckdns.org" = { "wallabag.psydnd.org" = {
useACMEHost = "coolneng.duckdns.org"; useACMEHost = "psydnd.org";
forceSSL = true; forceSSL = true;
root = "${pkgs.wallabag}/web"; root = "${pkgs.wallabag}/web";
locations = { locations = {
@ -147,8 +155,8 @@
}; };
}; };
}; };
"books.coolneng.duckdns.org" = { "books.psydnd.org" = {
useACMEHost = "coolneng.duckdns.org"; useACMEHost = "psydnd.org";
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://localhost:9000/"; proxyPass = "http://localhost:9000/";
@ -159,8 +167,8 @@
''; '';
}; };
}; };
"grafana.coolneng.duckdns.org" = { "grafana.psydnd.org" = {
useACMEHost = "coolneng.duckdns.org"; useACMEHost = "psydnd.org";
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://localhost:9009/"; proxyPass = "http://localhost:9009/";
@ -177,10 +185,18 @@
email = "akasroua@disroot.org"; email = "akasroua@disroot.org";
group = "nginx"; group = "nginx";
}; };
certs."coolneng.duckdns.org" = { certs = {
"coolneng.duckdns.org" = {
domain = "*.coolneng.duckdns.org"; domain = "*.coolneng.duckdns.org";
dnsProvider = "duckdns"; dnsProvider = "duckdns";
environmentFile = config.age.secrets.acme.path; environmentFile = config.age.secrets.acme-duckdns.path;
};
"psydnd.org" = {
domain = "psydnd.org";
extraDomainNames = [ "*.psydnd.org" ];
dnsProvider = "porkbun";
environmentFile = config.age.secrets.acme-porkbun.path;
};
}; };
}; };

BIN
secrets/acme-duckdns.age Normal file
View File

Binary file not shown.

5
secrets/acme-porkbun.age Normal file
View File

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 iUaRGg 7JImhL2Wo/eJEwUGP+NhEf36yq5gHO9q1GYhY2HaMAY
eAMhD0sqHQS+aayBpOsY8+081i72QAhJCFbBe0//uwU
--- 4K8cXsDuWZrmWNJ+rz166ej9o/gLFc7CfJuzAsG0BxA
|.þû f<><66>fã=î-ÏX$PÅ: ¦©¥ÜMB úzö÷ïÁ!7N7iže<C5BE>¹¦!—fËFÉ„v³M"4R_wï|—GÝØtl»»<bQL}‰Ú‹¶õ#^Õ©ªá¤júeòdœ®­iâ:F=ÿí÷éŠë‹[ <0A>®íÉd½Y´€“Z8]|îEÇwâ(·<> ö¸4¶Œ•æFx˜y8šI.´êKx»™øflçù1ŸUû BÁ¨×3Û€5ÿÄ~Ã

BIN
secrets/acme.age
View File

Binary file not shown.

11
secrets/inadyn-porkbun.age
View File

@ -1,6 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 iUaRGg mjl2NVhvZ+j87U5JLDcun7Lr7nUD9/Ci2mbZbcvn6hk -> ssh-ed25519 iUaRGg Fj/IEMc+EwPbxVYPdM1tUF0V1vL8F0yN7wPCTcDOoQI
xzJaZDEwcZmd/qUGMWoFsj6ylsevriwlwVi8znyRpSk ORL8EAnKTo5Fot3qRDYClGvmtPliWA49aQWBpzqLFxo
--- IoNqE7dzWBlVySCznCJDS4KEOfBPazWvdzK2GmyQyIw --- FrEg81sAO/xlmYLGMqb9aF4o61J57Cqdb6Qoh7h2Zxg
±hóâ_CA·~~ˆû¸;¶nDt]†]Òë•g…Š¨º¹<C2BA> ùɱw Ò>xKø}ÖÐ g݇(“ÜO V°hˆç]r!wx1àúÜ™j!Ž}UÛ „
ïÃÒ|4´M6Y gŒ¶ÝÆOã.ð:ó\ÚNgƒ/Ö—ÛiÀuxïm bê«Ü=6•—{äª3åÊø ¹oMG;Ël^lÞµ`ŠBˆ¸™nêðLxïÈ|æ,d·Â2çÓ9´{*|öÅL;ßÉ!ø͜ܕVkØš$:4½qèéÉGÄ ©ÙªŒi€ÝÈÅ„A¶A ÃËAÉ™½ì X¾BÇ D™¦ó«A´ÿ¶c±¿Ãî¥ âs<C3A2>äd¹]0Â[ziš0­é©ß¬"·½9À]¤Aŵåà1yîaßJÅwk³ Ò0Yîhð™6©\\W3<>:{1Ø'{ºátÛš> îWŒÆõ®ÝšE±ODÂËŒ'Œ>ÍPý]Þ?„d…ÈP…P8ê)”×å?è
ˆßg73

3
secrets/secrets.nix
View File

@ -15,7 +15,8 @@ in
"mqtt-receiver.age".publicKeys = [ zion ]; "mqtt-receiver.age".publicKeys = [ zion ];
"facebook.age".publicKeys = [ zion ]; "facebook.age".publicKeys = [ zion ];
"signal.age".publicKeys = [ zion ]; "signal.age".publicKeys = [ zion ];
"acme.age".publicKeys = [ zion ];
"inadyn-duckdns.age".publicKeys = [ zion ]; "inadyn-duckdns.age".publicKeys = [ zion ];
"inadyn-porkbun.age".publicKeys = [ zion ]; "inadyn-porkbun.age".publicKeys = [ zion ];
"acme-duckdns.age".publicKeys = [ zion ];
"acme-porkbun.age".publicKeys = [ zion ];
} }

2
well-known/matrix/client
View File

@ -1,5 +1,5 @@
{ {
"m.homeserver": { "m.homeserver": {
"base_url": "https://matrix.coolneng.duckdns.org" "base_url": "https://matrix.psydnd.org"
} }
} }

2
well-known/matrix/server
View File

@ -1 +1 @@
{ "m.server": "matrix.coolneng.duckdns.org:443" } { "m.server": "matrix.psydnd.org:443" }