move nginx exclusive virtualHosts to SP modules

2023-12-18 19:02:54 +04:00
parent d881cc8ce5
commit 365f027326
5 changed files with 119 additions and 118 deletions
--- a/webserver/nginx.nix
+++ b/webserver/nginx.nix
@@ -36,61 +36,6 @@ in
          expires 10m;
        '';
      };
-      "vpn.${domain}" = {
-        sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
-        sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
-        forceSSL = true;
-        extraConfig = ''
-          add_header Strict-Transport-Security $hsts_header;
-          #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
-          add_header 'Referrer-Policy' 'origin-when-cross-origin';
-          add_header X-Frame-Options DENY;
-          add_header X-Content-Type-Options nosniff;
-          add_header X-XSS-Protection "1; mode=block";
-          proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
-          expires 10m;
-        '';
-      };
-      "git.${domain}" = {
-        sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
-        sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
-        forceSSL = true;
-        extraConfig = ''
-          add_header Strict-Transport-Security $hsts_header;
-          #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
-          add_header 'Referrer-Policy' 'origin-when-cross-origin';
-          add_header X-Frame-Options DENY;
-          add_header X-Content-Type-Options nosniff;
-          add_header X-XSS-Protection "1; mode=block";
-          proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
-          expires 10m;
-        '';
-        locations = {
-          "/" = {
-            proxyPass = "http://127.0.0.1:3000";
-          };
-        };
-      };
-      "password.${domain}" = {
-        sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
-        sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
-        forceSSL = true;
-        extraConfig = ''
-          add_header Strict-Transport-Security $hsts_header;
-          #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
-          add_header 'Referrer-Policy' 'origin-when-cross-origin';
-          add_header X-Frame-Options DENY;
-          add_header X-Content-Type-Options nosniff;
-          add_header X-XSS-Protection "1; mode=block";
-          proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
-          expires 10m;
-        '';
-        locations = {
-          "/" = {
-            proxyPass = "http://127.0.0.1:8222";
-          };
-        };
-      };
      "api.${domain}" = {
        sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
        sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
@@ -133,13 +78,6 @@ in
          };
        };
      };
-      "meet.${domain}" = {
-        sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
-        sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
-        forceSSL = true;
-        useACMEHost = domain;
-        enableACME = false;
-      };
    };
  };
 }