websites init + docu revision

2026-02-06 08:13:37 -06:00
parent 893bb199b1
commit 17cd7ba593
11 changed files with 154 additions and 156 deletions
--- a/modules/modules.nix
+++ b/modules/modules.nix
@@ -15,6 +15,7 @@ in
    ++ inputs.self.lib.autoImport ./servers filterNames
    ++ inputs.self.lib.autoImport ./services filterNames
    ++ inputs.self.lib.autoImport ./shell filterNames
+    ++ inputs.self.lib.autoImport ./websites filterNames
    ++ inputs.self.lib.autoImport ./network filterNames
    ++ [
      ./factories/mkscript.nix
--- a/modules/servers/portfolio.nix
+++ b/modules/servers/portfolio.nix
@@ -1,22 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}:
-let
-  setup = import ../factories/mkserver.nix { inherit lib config; };
-  cfg = config.my.websites.portfolio;
-in
-{
-  options.my.websites.portfolio = setup.mkOptions "portfolio" "portfolio" 0;
-  config.services.nginx.virtualHosts."danilo-reyes.com" = lib.mkIf cfg.enableProxy {
-    forceSSL = true;
-    enableACME = true;
-    http2 = true;
-    root = "/srv/www/danilo-reyes.com";
-    # index = "index.html";
-    locations."/".extraConfig = ''
-      try_files $uri $uri/ =404;
-    '';
-  };
-}
--- a/modules/websites/lidarr-mb-report.nix
+++ b/modules/websites/lidarr-mb-report.nix
@@ -0,0 +1,42 @@
+{
+  lib,
+  config,
+  ...
+}:
+let
+  cfg = config.my.websites.lidarrMbReport;
+  mbHeaders = ''
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+  '';
+in
+{
+  options.my.websites.lidarrMbReport = {
+    enableProxy = lib.mkEnableOption "lidarr mb report static site";
+  };
+  config = lib.mkIf (cfg.enableProxy && config.my.enableProxy) {
+    services.nginx.virtualHosts."mb-report.lebubu.org" = {
+      forceSSL = true;
+      enableACME = true;
+      root = "/var/www/html/lidarr-mb-gap";
+      locations = {
+        "/" = {
+          extraConfig = ''
+            try_files $uri /missing_albums.html;
+          '';
+        };
+        "~* \\.html$" = {
+          extraConfig = ''
+            add_header Content-Type "text/html; charset=utf-8";
+          '';
+        };
+        "~* \\.json$" = {
+          extraConfig = ''
+            add_header Content-Type "application/json";
+          '';
+        };
+      };
+      extraConfig = mbHeaders;
+    };
+  };
+}
--- a/modules/websites/portfolio.nix
+++ b/modules/websites/portfolio.nix
@@ -0,0 +1,93 @@
+{
+  lib,
+  config,
+  ...
+}:
+let
+  cfg = config.my.websites.portfolio;
+  issoCfg = config.my.servers.isso;
+  hugoHeaders = ''
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+  '';
+  hugoLocations = {
+    "/" = {
+      extraConfig = ''
+        try_files $uri $uri/ /index.html;
+      '';
+    };
+    "~* \\.html$" = {
+      extraConfig = ''
+        try_files $uri $uri/ /index.html;
+      '';
+    };
+    "~* \\.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|xml)$" = {
+      extraConfig = ''
+        expires 1y;
+        add_header Cache-Control "public, max-age=31536000, immutable";
+      '';
+    };
+    "~ /\\.(?!well-known).*" = {
+      extraConfig = ''
+        return 404;
+      '';
+    };
+    "= /js/script.js" = {
+      proxyPass = "https://analytics.lebubu.org";
+      extraConfig = ''
+        proxy_set_header Host analytics.lebubu.org;
+        rewrite ^ /js/script.file-downloads.hash.outbound-links.js break;
+      '';
+    };
+    "= /api/event" = {
+      proxyPass = "https://analytics.lebubu.org";
+      extraConfig = ''
+        proxy_set_header Host analytics.lebubu.org;
+      '';
+    };
+  };
+in
+{
+  options.my.websites.portfolio = {
+    enableProxy = lib.mkEnableOption "portfolio and blog static sites";
+  };
+  config = lib.mkIf (cfg.enableProxy && config.my.enableProxy) {
+    services.nginx.virtualHosts = {
+      "www.danilo-reyes.com" = {
+        forceSSL = true;
+        enableACME = true;
+        globalRedirect = "danilo-reyes.com";
+      };
+      "www.blog.danilo-reyes.com" = {
+        forceSSL = true;
+        enableACME = true;
+        globalRedirect = "blog.danilo-reyes.com";
+      };
+      "danilo-reyes.com" = {
+        forceSSL = true;
+        enableACME = true;
+        root = "/var/www/html/portfolio";
+        locations = hugoLocations;
+        extraConfig = hugoHeaders;
+      };
+      "blog.danilo-reyes.com" = {
+        forceSSL = true;
+        enableACME = true;
+        root = "/var/www/html/blog";
+        locations = hugoLocations // {
+          "^~ /isso" = {
+            proxyPass = "http://${issoCfg.ip}:${toString issoCfg.port}";
+            extraConfig = ''
+              rewrite ^/isso/?(.*)$ /$1 break;
+              proxy_set_header Host $host;
+            '';
+          };
+        };
+        extraConfig = hugoHeaders;
+      };
+    };
+  };
+}