roll back the roll back

2024-10-31 22:27:19 +00:00 · 2022-02-15 14:09:45 +02:00 · 2022-02-15 14:09:45 +02:00 · d8b27cb4eb
parent df5aba5fa5
commit d8b27cb4eb
4 changed files with 9 additions and 46 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -35,8 +35,8 @@ in
  networking = {
    hostName = config.services.userdata.hostname;
    firewall = {
-      allowedTCPPorts = lib.mkForce [ 22 25 80 143 443 465 587 993 8443 ];
-      allowedUDPPorts = lib.mkForce [ 8443 ];
+      allowedTCPPorts = lib.mkForce [ 22 25 80 143 443 465 587 993 4443 8443 ];
+      allowedUDPPorts = lib.mkForce [ 8443 10000 ];
    };
    nameservers = [ "1.1.1.1" "1.0.0.1" ];
  };
--- a/letsencrypt/acme.nix
+++ b/letsencrypt/acme.nix
@ -17,6 +17,12 @@ in
        dnsProvider = "cloudflare";
        credentialsFile = "/var/lib/cloudflare/Credentials.ini";
      };
+      "meet.${cfg.domain}" = {
+        domain = "meet.${cfg.domain}";
+        group = "acmerecievers";
+        dnsProvider = "cloudflare";
+        credentialsFile = "/var/lib/cloudflare/Credentials.ini";
+      };
    };
  };
 }
--- a/videomeet/jitsi.nix
+++ b/videomeet/jitsi.nix
@ -6,7 +6,7 @@ in
  services.jitsi-meet = {
    enable = config.services.userdata.jitsi.enable;
    hostName = "meet.${domain}";
-    nginx.enable = false;
+    nginx.enable = true;
    interfaceConfig = {
      SHOW_JITSI_WATERMARK = false;
      SHOW_WATERMARK_FOR_GUESTS = false;
--- a/webserver/nginx.nix
+++ b/webserver/nginx.nix
@ -89,49 +89,6 @@ in
          };
        };
      };
-      "meet.${domain}" = {
-        forceSSL = true;
-        sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
-        sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
-        root = pkgs.jitsi-meet;
-        extraConfig = ''
-          ssi on;
-          add_header Strict-Transport-Security $hsts_header;
-          #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
-          add_header 'Referrer-Policy' 'origin-when-cross-origin';
-          add_header X-Frame-Options DENY;
-          add_header X-Content-Type-Options nosniff;
-          add_header X-XSS-Protection "1; mode=block";
-          proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
-          expires 10m;
-        '';
-        locations = {
-          "@root_path" = {
-            extraConfig = ''
-              rewrite ^/(.*)$ / break;
-            '';
-          };
-          "~ ^/([^/\\?&:'\"]+)$" = {
-            tryFiles = "$uri @root_path";
-          };
-          "=/http-bind" = {
-            proxyPass = "http://localhost:5280/http-bind";
-            extraConfig = ''
-              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-              proxy_set_header Host $host;
-            '';
-          };
-          "=/external_api.js" = {
-            alias = "${pkgs.jitsi-meet}/libs/external_api.min.js";
-          };
-          "=/config.js" = {
-            alias = "${pkgs.jitsi-meet}/config.js";
-          };
-          "=/interface_config.js" = {
-            alias = "${pkgs.jitsi-meet}/interface_config.js";
-          };
-        };
-      };
      "password.${domain}" = {
        sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
        sslCertificateKey = "/var/lib/acme/${domain}/key.pem";