From c12fdc15dec8cce3433f93ccf9cb3454ea4ea7a0 Mon Sep 17 00:00:00 2001
From: coolneng <akasroua@gmail.com>
Date: Wed, 3 Feb 2021 03:56:59 +0100
Subject: [PATCH] Refactor nginx configuration

---
 modules/webstack.nix | 38 ++++++++++++++------------------------
 1 file changed, 14 insertions(+), 24 deletions(-)

diff --git a/modules/webstack.nix b/modules/webstack.nix
index 45f95ce..d094959 100644
--- a/modules/webstack.nix
+++ b/modules/webstack.nix
@@ -23,9 +23,6 @@
       }
       add_header Strict-Transport-Security $hsts_header;
 
-      # Enable CSP for your services.
-      #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
-
       # Minimize information leaked to other domains
       add_header 'Referrer-Policy' 'origin-when-cross-origin';
 
@@ -46,18 +43,13 @@
       "coolneng.duckdns.org" = {
         enableACME = true;
         forceSSL = true;
-        locations."/radicale/" = {
-          return = "301 https://radicale.coolneng.duckdns.org";
-        };
-        locations."/syncthing/" = {
-          return = "301 https://sync.coolneng.duckdns.org";
-        };
-        locations."/gitea/" = {
-          extraConfig =
+        # Redirect from legacy subdirectory URL to subdomain
+        locations = {
+          "/radicale/".return = "301 https://radicale.coolneng.duckdns.org";
+          "/syncthing/".return = "301 https://sync.coolneng.duckdns.org";
+          "/gitea/".extraConfig =
             "rewrite ^/gitea/(.*)$ https://git.coolneng.duckdns.org/$1 last;";
-        };
-        locations."/miniflux/" = {
-          extraConfig =
+          "/miniflux/".extraConfig =
             "rewrite ^/miniflux/(.*)$ https://rss.coolneng.duckdns.org/$1 last;";
         };
       };
@@ -75,17 +67,17 @@
       "sync.coolneng.duckdns.org" = {
         enableACME = true;
         forceSSL = true;
-        locations."/" = { proxyPass = "http://localhost:8384/"; };
+        locations."/".proxyPass = "http://localhost:8384/";
       };
       "git.coolneng.duckdns.org" = {
         enableACME = true;
         forceSSL = true;
-        locations."/" = { proxyPass = "http://localhost:3000/"; };
+        locations."/".proxyPass = "http://localhost:3000/";
       };
       "rss.coolneng.duckdns.org" = {
         enableACME = true;
         forceSSL = true;
-        locations."/" = { proxyPass = "http://localhost:8080/"; };
+        locations."/".proxyPass = "http://localhost:8080/";
       };
       "matrix.coolneng.duckdns.org" = {
         enableACME = true;
@@ -107,13 +99,11 @@
       "element.coolneng.duckdns.org" = {
         enableACME = true;
         forceSSL = true;
-        locations."/" = {
-          root = pkgs.element-web.override {
-            conf = {
-              default_server_config."m.homeserver" = {
-                "base_url" = "https://matrix.coolneng.duckdns.org";
-                "server_name" = "coolneng.duckdns.org";
-              };
+        locations."/".root = pkgs.element-web.override {
+          conf = {
+            default_server_config."m.homeserver" = {
+              "base_url" = "https://matrix.coolneng.duckdns.org";
+              "server_name" = "coolneng.duckdns.org";
             };
           };
         };