From 27d347d3c8e0def69770c5a4518ac2d185a53d6e Mon Sep 17 00:00:00 2001 From: TheGeneralist <180094941+thegeneralist01@users.noreply.github.com> Date: Tue, 6 Jan 2026 09:39:53 +0100 Subject: [PATCH] central: add personal website --- .../archive/archivebox.nix | 16 +-- hosts/thegeneralist-central/cert.pem.age | Bin 478 -> 478 bytes .../credentials_personal.age | 5 + hosts/thegeneralist-central/site.nix | 100 +++++++++++++----- secrets.nix | 1 + 5 files changed, 85 insertions(+), 37 deletions(-) create mode 100644 hosts/thegeneralist-central/credentials_personal.age diff --git a/hosts/thegeneralist-central/archive/archivebox.nix b/hosts/thegeneralist-central/archive/archivebox.nix index 85859ff..bd5edb1 100644 --- a/hosts/thegeneralist-central/archive/archivebox.nix +++ b/hosts/thegeneralist-central/archive/archivebox.nix @@ -20,14 +20,14 @@ }; }; - pywb = { - image = "docker.io/webrecorder/pywb"; - ports = [ "127.0.0.1:8001:8001" ]; - volumes = [ - "/mnt/usb/services/browsertrix/webrecorder/:/" - "/mnt/usb/services/browsertrix/webrecorder/webarchive:/webarchive" - ]; - }; + # pywb = { + # image = "docker.io/webrecorder/pywb"; + # ports = [ "127.0.0.1:8001:8001" ]; + # volumes = [ + # "/mnt/usb/services/browsertrix/webrecorder/:/" + # "/mnt/usb/services/browsertrix/webrecorder/webarchive:/webarchive" + # ]; + # }; }; environment.systemPackages = [ pkgs.docker ]; diff --git a/hosts/thegeneralist-central/cert.pem.age b/hosts/thegeneralist-central/cert.pem.age index ee2225e0bc97246249526894f35afd6fba5e0aa2..29686e868a672a1e79a0d99c32340a2fbd6f0340 100644 GIT binary patch delta 444 zcmcb|e2;m8PJKjZr9q@~ctL1sW`3r*uc2ptR7ycWim7(EzNMj$VY!)!wo|!Nfpmbte2v*yaVJ0Bi5 zxU*XF+r5}a3et@&S9GKg^s4XIoKm5#(0HIu<$(R)vu`(eUo!kTbJyfmuNx}<^!a58 zH}6T#jcaVpI4m-0#ZBwj-miVU!V@n{PyBQA`_ebZB(Dl~7u`DPd4K-9-g8_`OZ^WX zoGp9&Ffb9u)XHT>AX=2Yi@LzgbZ>dV}>uP&X z-XBp5xkZ^j@+_NDeqyG0-@^ZIeG-oDYE_Zi#87H%lKI2^)}80!mmj^|wO(GPD>pOn zb5P`~yyaQ4QmU02izg<`sXqDo2?v)%)ZHaAz7L&4pGZJ8 z*{X!IG%wz^e+Td0IrVNEJ7wlC?9tJjtvcE9p7Qwux0yjrJjYjrlpO9&@jY}J02Fe? AI{*Lx delta 444 zcmcb|e2;m8PQ6ihdRA_lcaB?DNw#lLsiR?mhhL(*OTN2zXnvKGQ&wbtac)|$pO1yB zBUeh2TX~UBa(Z}ZVug3MM}T{=yPLUxqJKn^aYdSGUa@nEdq!S%Qg&59D3`9Tu0o}A zws~-JK}n>ap;2j>VWM+kWno%jkVjcXjzwUmW1?G7M16{}ce+(E~n1b z{on3>`}?v*Fa8NNJ$h84`gv{X!|&f$@+_Nf_&B{+A@thPDxbz{^^rA~=kH7WShO=g zMsVeedZ%IwhwN8%jzw)D`HTO3SFK{3cVN@>%H|cXYn1-aY?n-MmOhwOzJ1r%t`#3m zH`=x5{N8gY^~El?`Z<+zfc4%-(i zN|%1@ICOEP!aq@s69?i7Z?^a3zn7cw#kRBm_xt`r ssh-ed25519 pp9qdQ Dd/XjOu+4aSiGxiCRcFOD+Hv25SqRqoqb0fk+tHSfSo +wihtf9gMmLhRfr8Lx5NISOn9Y96Au1DWg6xMLx3XAtA +--- HS8dzuvW6BKH9tASzN6Mc90lU3i13aidVzJYcpTTfrU +¶‚k$ú-¹r×jm×›ÛÕÈèÕóR'§íœˆ8ý_¶ÿÑû?/ã9z"q^¯2>)•ÍyCÍ*ÅN¡V…äeìä¥îhiùÌ<L¬ùûûùÈF|1–%ÄœÚ:ÀOGÀ„[ëß×OX “¦†³FÌ4—Ãa›Hõléô63jB}6É b”ºÍkÛPT“ÎmÛ¼ù[Y|Ä™ØÍ7fwǽœ™Ÿ¿T¼ê÷*½‘yz¬Ãøx½ƒŠT?þÝYÞÄe_È% \ No newline at end of file diff --git a/hosts/thegeneralist-central/site.nix b/hosts/thegeneralist-central/site.nix index 2f2690b..b16bd1a 100644 --- a/hosts/thegeneralist-central/site.nix +++ b/hosts/thegeneralist-central/site.nix @@ -1,31 +1,38 @@ -{ config, pkgs, ... }: let +{ config, pkgs, ... }: +let domain = "thegeneralist01.com"; + family_domain = builtins.getEnv "FAMILY_DOMAIN"; ssl = { - quic = true; + quic = true; useACMEHost = domain; }; -in { - imports = [ ./acme ./dns.nix ./jellyfin ]; +in +{ + imports = [ + ./acme + ./dns.nix + ./jellyfin + ]; # Nginx services.nginx = { - enable = true; - package = pkgs.nginxQuic; - enableQuicBPF = true; + enable = true; + package = pkgs.nginxQuic; + enableQuicBPF = true; - experimentalZstdSettings = true; - recommendedUwsgiSettings = true; - recommendedTlsSettings = true; - recommendedProxySettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedBrotliSettings = true; + experimentalZstdSettings = true; + recommendedUwsgiSettings = true; + recommendedTlsSettings = true; + recommendedProxySettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedBrotliSettings = true; - statusPage = true; - validateConfigFile = true; + statusPage = true; + validateConfigFile = true; - virtualHosts."${domain}" = ssl // { + virtualHosts."${domain}" = ssl // { root = "/var/www/${domain}"; locations."/".tryFiles = "$uri $uri.html $uri/ $uri/index.html =404"; @@ -43,13 +50,35 @@ in { ''; }; - virtualHosts."www.${domain}" = ssl // { + virtualHosts."www.${domain}" = ssl // { locations."/".return = "306 https://${domain}$request_uri"; }; - virtualHosts._ = ssl // { - locations."/".return = "307 https://${domain}/404"; + virtualHosts."${family_domain}" = { + root = "/var/www/${family_domain}"; + locations."/".tryFiles = "$uri $uri.html $uri/ $uri/index.html =404"; + + extraConfig = '' + if ($http_x_forwarded_proto = "http") { + return 301 https://${family_domain}$request_uri; + } + + location ~* \.(html|css|js|jpg|jpeg|png|gif|svg|ico|woff2?)$ { + expires 1d; + add_header Cache-Control "public"; + } + + error_page 404 /404.html; + ''; }; + + virtualHosts."www.${family_domain}" = { + locations."/".return = "306 https://${family_domain}$request_uri"; + }; + + # virtualHosts._ = ssl // { + # locations."/".return = "307 https://${domain}/404"; + # }; }; # Cloudflare @@ -57,21 +86,34 @@ in { age.secrets.cftcert.file = ./cert.pem.age; age.secrets.cftcredentials.file = ./credentials.age; + age.secrets.cftcredentials_personal.file = ./credentials_personal.age; services.cloudflared = { enable = true; certificateFile = config.age.secrets.cftcert.path; - tunnels."site" = { - ingress = { - "thegeneralist01.com" = "http://localhost:80"; - "www.thegeneralist01.com" = "http://localhost:80"; - "cache.thegeneralist01.com" = "http://localhost:80"; - }; - default = "http_status:404"; + tunnels = { + "site" = { + ingress = { + "thegeneralist01.com" = "http://localhost:80"; + "www.thegeneralist01.com" = "http://localhost:80"; + "cache.thegeneralist01.com" = "http://localhost:80"; + }; + default = "http_status:404"; - credentialsFile = config.age.secrets.cftcredentials.path; - certificateFile = config.age.secrets.cftcert.path; + credentialsFile = config.age.secrets.cftcredentials.path; + certificateFile = config.age.secrets.cftcert.path; + }; + "personal" = { + ingress = { + "${family_domain}" = "http://localhost:80"; + "www.${family_domain}" = "http://localhost:80"; + }; + default = "http_status:404"; + + credentialsFile = config.age.secrets.cftcredentials_personal.path; + certificateFile = config.age.secrets.cftcert.path; + }; }; }; } diff --git a/secrets.nix b/secrets.nix index ad9a0d8..8ea2f3f 100644 --- a/secrets.nix +++ b/secrets.nix @@ -7,6 +7,7 @@ in { "hosts/thegeneralist-central/acme/acmeEnvironment.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/cert.pem.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/credentials.age".publicKeys = [ thegeneralist ]; + "hosts/thegeneralist-central/credentials_personal.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/cache/key.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/password.age".publicKeys = [ thegeneralist ];