From fb39334bcdac65a1ff1d95e7e4db2e28eabcc2d6 Mon Sep 17 00:00:00 2001
From: polwex <polwex@sortug.com>
Date: Sun, 26 Jan 2025 04:59:01 +0700
Subject: m

---
 hosts/cloud/sortug/configuration.nix |  2 ++
 hosts/cloud/sortug/nginx.nix         | 47 +++++++++++++++++++++++++++++-------
 hosts/cloud/span/mail.nix            | 34 ++++++++++++++------------
 3 files changed, 59 insertions(+), 24 deletions(-)

(limited to 'hosts/cloud')

diff --git a/hosts/cloud/sortug/configuration.nix b/hosts/cloud/sortug/configuration.nix
index 308f010..ee15cd5 100644
--- a/hosts/cloud/sortug/configuration.nix
+++ b/hosts/cloud/sortug/configuration.nix
@@ -1,6 +1,7 @@
 {
   modulesPath,
   lib,
+  pkgs,
   ...
 }: {
   imports =
@@ -24,6 +25,7 @@
     loader.grub.enable = true;
     # loader.grub.device = "/dev/sda";
   };
+  environment.systemPackages = [pkgs.devenv];
 
   services.do-agent.enable = true;
   networking = {
diff --git a/hosts/cloud/sortug/nginx.nix b/hosts/cloud/sortug/nginx.nix
index b075c22..78e93b8 100644
--- a/hosts/cloud/sortug/nginx.nix
+++ b/hosts/cloud/sortug/nginx.nix
@@ -26,19 +26,30 @@
     virtualHosts."ai.sortug.com" = {
       enableACME = true;
       forceSSL = true;
-      locations."/" = {
+      locations."/stt" = {
         proxyPass = "http://127.0.0.1:8000";
-        proxyWebsockets = true; # needed if you need to use WebSocket
+        extraConfig = ''
+          proxy_connect_timeout 300s;
+          proxy_send_timeout 300s;
+          proxy_read_timeout 300s;
+          send_timeout 300s;
+        '';
       };
-    };
-    virtualHosts."kino.sortug.com" = {
-      enableACME = true;
-      forceSSL = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:8095";
-        proxyWebsockets = true; # needed if you need to use WebSocket
+      locations."/tts" = {
+        proxyPass = "http://127.0.0.1:8001";
+      };
+      locations."/embed" = {
+        proxyPass = "http://127.0.0.1:8002";
       };
     };
+    # virtualHosts."kino.sortug.com" = {
+    #   enableACME = true;
+    #   forceSSL = true;
+    #   locations."/" = {
+    #     proxyPass = "http://127.0.0.1:8095";
+    #     proxyWebsockets = true; # needed if you need to use WebSocket
+    #   };
+    # };
     virtualHosts."u.sortug.com" = {
       enableACME = true;
       forceSSL = true;
@@ -65,6 +76,24 @@
         proxy_cache off;
       '';
     };
+    virtualHosts."line.sortug.com" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8924";
+        # proxyWebsockets = true; # needed if you need to use WebSocket
+        extraConfig = ''
+          proxy_set_header Host $host;
+          proxy_set_header Forwarded $proxy_add_x_forwarded_for;
+        '';
+      };
+      extraConfig = ''
+        proxy_http_version 1.1;
+        chunked_transfer_encoding off;
+        proxy_buffering off;
+        proxy_cache off;
+      '';
+    };
     virtualHosts."ntfy.sortug.com" = {
       enableACME = true;
       forceSSL = true;
diff --git a/hosts/cloud/span/mail.nix b/hosts/cloud/span/mail.nix
index d020fec..9cc44a7 100644
--- a/hosts/cloud/span/mail.nix
+++ b/hosts/cloud/span/mail.nix
@@ -1,4 +1,8 @@
-{ config, pkgs, ... }: {
+{
+  config,
+  pkgs,
+  ...
+}: {
   imports = [
     (builtins.fetchTarball {
       url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-23.11/nixos-mailserver-nixos-23.11.tar.gz";
@@ -9,11 +13,11 @@
     })
   ];
 
-  services.dovecot2.sieve.extensions = [ "fileinto" ];
+  services.dovecot2.sieve.extensions = ["fileinto"];
   mailserver = {
     enable = true;
     fqdn = "mail.spandrell.ch";
-    domains = [ "spandrell.ch" ];
+    domains = ["spandrell.ch"];
 
     # A list of all login accounts. To create the password hashes, use
     # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
@@ -28,7 +32,7 @@
         hashedPasswordFile = "/home/span/mail.key";
       };
       "lol@spandrell.ch" = {
-        hashedPasswordFile = "/home/span/mail.key";
+        hashedPasswordFile = "/home/span/mail2.key";
       };
       "sub@spandrell.ch" = {
         hashedPasswordFile = "/home/span/mail.key";
@@ -51,17 +55,17 @@
   security.acme.acceptTerms = true;
   security.acme.defaults.email = "security@spandrell.ch";
   services.roundcube = {
-     enable = true;
-     # this is the url of the vhost, not necessarily the same as the fqdn of
-     # the mailserver
-     hostName = "mail.spandrell.ch";
-     extraConfig = ''
-       # starttls needed for authentication, so the fqdn required to match
-       # the certificate
-       $config['smtp_server'] = "tls://${config.mailserver.fqdn}";
-       $config['smtp_user'] = "%u";
-       $config['smtp_pass'] = "%p";
-     '';
+    enable = true;
+    # this is the url of the vhost, not necessarily the same as the fqdn of
+    # the mailserver
+    hostName = "mail.spandrell.ch";
+    extraConfig = ''
+      # starttls needed for authentication, so the fqdn required to match
+      # the certificate
+      $config['smtp_server'] = "tls://${config.mailserver.fqdn}";
+      $config['smtp_user'] = "%u";
+      $config['smtp_pass'] = "%p";
+    '';
   };
   services.nginx.enable = true;
 }
-- 
cgit v1.2.3