X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Fimmae%2Fproduction.nix;h=046246d584ee9f7a544367059a16763b5096a809;hb=a295d69fcfabe64bd17ae05f1948505531ea99a2;hp=3b2301a8fd452c93cd89e08d99e84fe1686ab386;hpb=0012da0ff3d45df9f68412b90be4f7c24d46a777;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/websites/immae/production.nix b/modules/private/websites/immae/production.nix
index 3b2301a..046246d 100644
--- a/modules/private/websites/immae/production.nix
+++ b/modules/private/websites/immae/production.nix
@@ -1,24 +1,40 @@
-{ lib, pkgs, config, myconfig,  ... }:
+{ lib, pkgs, config,  ... }:
 let
   cfg = config.myServices.websites.immae.production;
   varDir = "/var/lib/buildbot/outputs/immaeEu";
   coursDir = "/var/lib/buildbot/outputs/cours";
   rechercheDir = "/var/lib/buildbot/outputs/recherche";
-  env = myconfig.env.websites.immae;
+  recettesDir = "/var/lib/buildbot/outputs/recettes";
+  historyDir = pkgs.callPackage ./history {};
+  env = config.myEnv.websites.immae;
 in {
   options.myServices.websites.immae.production.enable = lib.mkEnableOption "enable Immae's website";
 
   config = lib.mkIf cfg.enable {
     services.webstats.sites = [ { name = "www.immae.eu"; } ];
 
-    services.websites.env.production.vhostConfs.immae = {
-      certName    = "eldiron";
-      addToCerts  = true;
-      hosts       = [ "www.immae.eu" ];
-      root        = varDir;
-      extraConfig = [
+    services.websites.env.production.vhostConfs.immae_production = {
+      certName     = "immae";
+      addToCerts   = true;
+      certMainHost = "www.immae.eu";
+      hosts        = [ "www.immae.eu" "immae.eu" ];
+      root         = varDir;
+      extraConfig  = [
         ''
         Use Stats www.immae.eu
+        Header always set Strict-Transport-Security "max-age=31536000"
+
+        <LocationMatch /.well-known/(webfinger|host-meta)>
+          Header always set Referrer-Policy "strict-origin-when-cross-origin"
+          RequestHeader set X-Forwarded-Proto "https"
+
+          RewriteRule ^(.*)$ https://mastodon.immae.eu%{REQUEST_URI} [QSA,L]
+        </LocationMatch>
+
+        RewriteEngine On
+        RewriteCond "%{REQUEST_URI}" "!^/.well-known/(webfinger|host-meta)"
+        RewriteCond "%{HTTP_HOST}" "!^www\.immae\.eu$" [NC]
+        RewriteRule ^(.+)$ https://www.immae.eu$1 [R=302,L]
 
         <Directory ${varDir}>
           DirectoryIndex index.htm index.html
@@ -42,12 +58,37 @@ in {
           AllowOverride All
           Require all granted
         </Directory>
+
+        Alias /recettes ${recettesDir}
+        <Directory ${recettesDir}>
+          DirectoryIndex index.htm index.html
+          Options Indexes FollowSymLinks MultiViews Includes
+          AllowOverride All
+          Require all granted
+        </Directory>
+
+        Alias /history ${historyDir}
+        <Directory ${historyDir}>
+          DirectoryIndex index.html
+          AllowOverride None
+          Require all granted
+        </Directory>
         ''
       ];
     };
 
-    services.websites.env.production.vhostConfs.bouya = {
-      certName    = "eldiron";
+    services.websites.env.production.vhostConfs.immae_fr = {
+      certName    = "immae";
+      addToCerts  = true;
+      hosts       = [ "www.immae.fr" "immae.fr" ];
+      root        = null;
+      extraConfig = [ ''
+        RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://www.immae.eu/chapeaux/
+        '' ];
+    };
+
+    services.websites.env.production.vhostConfs.immae_bouya = {
+      certName    = "immae";
       addToCerts  = true;
       hosts       = [ "bouya.org" "www.bouya.org" ];
       root        = null;