From 600cc2b8e37aaffd6822b92dc8cbf3dc275b6e02 Mon Sep 17 00:00:00 2001 From: Naomi Carrigan Date: Tue, 28 Jan 2025 17:52:58 -0800 Subject: [PATCH] feat: backup configs --- README.md | 18 +- configs/fedi.conf | 14 ++ configs/gitea.conf | 14 ++ configs/irc.conf | 35 +++ configs/matrix.conf | 46 ++++ configs/prod.conf | 586 ++++++++++++++++++++++++++++++++++++++++++++ push.sh | 12 + 7 files changed, 711 insertions(+), 14 deletions(-) create mode 100644 configs/fedi.conf create mode 100644 configs/gitea.conf create mode 100644 configs/irc.conf create mode 100644 configs/matrix.conf create mode 100644 configs/prod.conf create mode 100755 push.sh diff --git a/README.md b/README.md index 47a840e..a4f0fe1 100644 --- a/README.md +++ b/README.md @@ -1,20 +1,10 @@ -# New Repository Template +# Nginx Configs -This template contains all of our basic files for a new GitHub repository. There is also a handy workflow that will create an issue on a new repository made from this template, with a checklist for the steps we usually take in setting up a new repository. - -If you're starting a Node.JS project with TypeScript, we have a [specific template](https://github.com/naomi-lgbt/nodejs-typescript-template) for that purpose. - -## Readme - -Delete all of the above text (including this line), and uncomment the below text to use our standard readme template. - - +We may be contacted through our [Chat Server](http://chat.nhcarrigan.com) or via email at `contact@nhcarrigan.com`. diff --git a/configs/fedi.conf b/configs/fedi.conf new file mode 100644 index 0000000..c1afedc --- /dev/null +++ b/configs/fedi.conf @@ -0,0 +1,14 @@ +server { + listen 443 ssl; + server_name fedi.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/fedi.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/fedi.nhcarrigan.com/privkey.pem; + + client_max_body_size 100M; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:3000; + proxy_redirect off; + } +} diff --git a/configs/gitea.conf b/configs/gitea.conf new file mode 100644 index 0000000..e9409c6 --- /dev/null +++ b/configs/gitea.conf @@ -0,0 +1,14 @@ +server { + listen 443 ssl; + server_name git.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/git.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/git.nhcarrigan.com/privkey.pem; + + client_max_body_size 100M; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:3000; + proxy_redirect off; + } +} diff --git a/configs/irc.conf b/configs/irc.conf new file mode 100644 index 0000000..2c6f454 --- /dev/null +++ b/configs/irc.conf @@ -0,0 +1,35 @@ +server { + listen 443 ssl; + server_name irc.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/irc.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/irc.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:9000; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name irc-admin.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/irc-admin.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/irc-admin.nhcarrigan.com/privkey.pem; + + root /home/naomi/unrealircd-webpanel; + index index.php; + + location / { + try_files $uri $uri/ =404; + } + + location ~ \.php$ { + include snippets/fastcgi-php.conf; + fastcgi_pass unix:/run/php/php8.3-fpm.sock; + } + + location ~ /\.ht { + deny all; + } +} diff --git a/configs/matrix.conf b/configs/matrix.conf new file mode 100644 index 0000000..b4a16f8 --- /dev/null +++ b/configs/matrix.conf @@ -0,0 +1,46 @@ +server { + listen 443 ssl; + listen 8448 ssl default_server; + server_name matrix.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/matrix.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/matrix.nhcarrigan.com/privkey.pem; + + location /.well-known/matrix/server { + return 200 '{"m.server": "matrix.nhcarrigan.com:443"}'; + add_header Content-Type application/json; + } + + location /.well-known/matrix/client { + return 200 '{"m.homeserver": {"base_url": "https://matrix.nhcarrigan.com"}}'; + add_header Content-Type application/json; + add_header "Access-Control-Allow-Origin" *; + add_header "Access-Control-Allow-Methods" "GET"; + } + + location ~ ^(/_synapse/admin) { + proxy_pass http://localhost:8008; + add_header Access-Control-Allow-Origin "https://matrix-admin.nhcarrigan.com" always; + proxy_hide_header Access-Control-Allow-Origin; + } + + location ~ ^(/_matrix|/_synapse/client) { + proxy_set_header Host $host:$server_port; + proxy_pass http://127.0.0.1:8008; + proxy_redirect off; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $remote_addr; + } +} + +server { + listen 443 ssl; + server_name matrix-admin.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/matrix-admin.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/matrix-admin.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://localhost:5173; + proxy_redirect off; + } +} diff --git a/configs/prod.conf b/configs/prod.conf new file mode 100644 index 0000000..576b4e4 --- /dev/null +++ b/configs/prod.conf @@ -0,0 +1,586 @@ +server { + listen 443 ssl; + server_name irc-private.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/irc-private.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/irc-private.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:9000; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name naomi.party; + ssl_certificate /etc/letsencrypt/live/naomi.party/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/naomi.party/privkey.pem; + + root /home/nhcarrigan/bsky; + + location / { + index index.html; + } +} + +server { + listen 443 ssl; + server_name forms.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/forms.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/forms.nhcarrigan.com/privkey.pem; + + root /home/nhcarrigan/forms; + + location / { + index index.html; + } + + location /appeal { + try_files /appeal.html =404; + } + + location /contact { + try_files /contact.html =404; + } + + location /commission { + try_files /commission.html =404; + } + + location /staff { + try_files /staff.html =404; + } + + location /events { + try_files /events.html =404; + } + + location /session { + try_files /session.html =404; + } + + location /mentorship { + try_files /mentorship.html =404; + } +} + +server { + listen 443 ssl; + server_name moderation.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/moderation.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/moderation.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:12443; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name announcements.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/announcements.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/announcements.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:3002; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name blog.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/blog.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/blog.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:3003; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name security.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/security.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/security.nhcarrigan.com/privkey.pem; + + root /home/nhcarrigan/security; + + location / { + index index.html; + } +} + +server { + listen 443 ssl; + server_name nhcarrigan.link; + ssl_certificate /etc/letsencrypt/live/nhcarrigan.link/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/nhcarrigan.link/privkey.pem; + + root /home/nhcarrigan/link-redirector; + + location / { + index index.html; + } +} + +server { + listen 443 ssl; + server_name games.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/games.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/games.nhcarrigan.com/privkey.pem; + + root /home/nhcarrigan/games; + + location / { + index index.html; + } +} + +server { + listen 443 ssl; + server_name hooks.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/hooks.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/hooks.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass https://127.0.0.1:9443; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name afp.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/afp.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/afp.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass https://127.0.0.1:10443; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name naomi.lgbt; + ssl_certificate /etc/letsencrypt/live/naomi.lgbt/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/naomi.lgbt/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:3000; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name www.naomi.lgbt; + ssl_certificate /etc/letsencrypt/live/www.naomi.lgbt/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.naomi.lgbt/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:3000; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name starfazers.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/starfazers.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/starfazers.nhcarrigan.com/privkey.pem; + + root /home/nhcarrigan/starfazers; + + location / { + index index.html; + } +} + +server { + listen 443 ssl; + server_name denna.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/denna.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/denna.nhcarrigan.com/privkey.pem; + + root /home/nhcarrigan/denna/dist/dennagrey; + + location / { + index index.html; + } +} + +server { + listen 443 ssl; + server_name nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:3000; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name www.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/www.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:3000; + proxy_redirect off; + } +} + +server { + listen 443 ssl; + server_name kaitlyn.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/kaitlyn.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/kaitlyn.nhcarrigan.com/privkey.pem; + + root /home/nhcarrigan/kaitlyn/dist/kaitlyn-nichols; + + location / { + index index.html; + } + +} + +server { + listen 443 ssl; + server_name docs.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/docs.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/docs.nhcarrigan.com/privkey.pem; + + root /home/nhcarrigan/docs/dist; + + location / { + index index.html; + } +} + +server { + listen 443 ssl; + server_name notes.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/notes.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/notes.nhcarrigan.com/privkey.pem; + + root /home/nhcarrigan/notes/dist; + + location / { + index index.html; + } +} + +server { + listen 443 ssl; + server_name fcc.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/fcc.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/fcc.nhcarrigan.com/privkey.pem; + + root /home/nhcarrigan/status/fcc/dist; + + location / { + index index.html; + } +} + +server { + listen 443 ssl; + server_name deepgram.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/deepgram.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/deepgram.nhcarrigan.com/privkey.pem; + + root /home/nhcarrigan/status/deepgram/dist; + + location / { + index index.html; + } +} + +server { + listen 443 ssl; + server_name uptime.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/uptime.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/uptime.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:3001; + } +} + +server { + listen 443 ssl; + server_name incidents.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/incidents.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/incidents.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:3001; + } +} + +server { + listen 443 ssl; + server_name beccalia.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/beccalia.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/beccalia.nhcarrigan.com/privkey.pem; + + root /home/nhcarrigan/games/beccalia; + + location / { + index index.html; + } + + location /origins { + index index.html; + } + + location /prologue { + index index.html; + } +} + +server { + listen 443 ssl; + server_name goblin.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/goblin.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/goblin.nhcarrigan.com/privkey.pem; + + root /home/nhcarrigan/games/goblin; + + location / { + index index.html; + } +} + +server { + listen 443 ssl; + server_name loan.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/loan.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/loan.nhcarrigan.com/privkey.pem; + + root /home/nhcarrigan/games/loan; + + location / { + index index.html; + } +} + +server { + listen 443 ssl; + server_name linkdetector.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/linkdetector.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/linkdetector.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:2443; + } +} + +server { + listen 443 ssl; + server_name oogie.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/oogie.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/oogie.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass https://127.0.0.1:3443; + } +} + +server { + listen 443 ssl; + server_name ruubot.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/ruubot.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ruubot.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass https://127.0.0.1:4443; + } +} + +server { + listen 443 ssl; + server_name tasks.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/tasks.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/tasks.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:5443; + } +} + +server { + listen 443 ssl; + server_name trans.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/trans.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/trans.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://0.0.0.0:5000; + } +} + +server { + listen 443 ssl; + server_name trans-bot.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/trans.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/trans.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:5001; + } +} + +server { + listen 443 ssl; + server_name trans-slack.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/trans-slack.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/trans-slack.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:5002; + } +} + +server { + listen 443 ssl; + server_name naomiai.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/naomiai.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/naomiai.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:6443; + } +} + +server { + listen 443 ssl; + server_name analytics.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/analytics.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/analytics.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://127.0.0.1:11080; + } + + location = /live/websocket { + proxy_pass http://127.0.0.1:11080; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + } +} + +server { + listen 443 ssl; + server_name bridge.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/bridge.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/bridge.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:7443; + } +} + +server { + listen 443 ssl; + server_name alt.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/alt.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/alt.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:8443; + } +} + +server { + listen 443 ssl; + server_name anon.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/anon.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/anon.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:11443; + } +} + +server { + listen 443 ssl; + server_name eval.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/eval.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/eval.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:12443; + } +} + +server { + listen 443 ssl; + server_name lib.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/lib.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/lib.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:13443; + } +} + +server { + listen 443 ssl; + server_name tickets.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/tickets.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/tickets.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:14443; + } +} + +server { + listen 443 ssl; + server_name merlin.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/merlin.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/merlin.nhcarrigan.com/privkey.pem; + + root /home/nhcarrigan/merlin; + + location / { + index index.html; + } +} diff --git a/push.sh b/push.sh new file mode 100755 index 0000000..2d6bb7e --- /dev/null +++ b/push.sh @@ -0,0 +1,12 @@ +servers=("prod" "irc" "fedi" "matrix" "gitea") + +for server in "${servers[@]}" +do + echo "Pushing $server" + server_ip=$(ssh -o IdentityAgent=~/.1password/agent.sock $server "hostname -I | cut -d' ' -f1") + echo "Server IP: $server_ip" + + rsync --archive -e "ssh -o IdentityAgent=~/.1password/agent.sock" configs/$server.conf root@$server_ip:/etc/nginx/conf.d/server.conf + + ssh -o IdentityAgent=~/.1password/agent.sock root@$server_ip "systemctl restart nginx" +done