From 78c0210284a7ec18748e38cc51c5a5ed1e938570 Mon Sep 17 00:00:00 2001
From: Naomi Carrigan <commits@nhcarrigan.com>
Date: Thu, 13 Feb 2025 17:50:10 -0800
Subject: [PATCH] chore: update configs

---
 configs/fedi.conf   | 10 ++---
 configs/irc.conf    | 12 +++---
 configs/matrix.conf |  7 ++++
 configs/prod.conf   | 94 +++++++++++++++++++++++++++++----------------
 pull.sh             |  7 ++++
 push.sh             | 12 ------
 6 files changed, 85 insertions(+), 57 deletions(-)
 create mode 100755 pull.sh
 delete mode 100755 push.sh

diff --git a/configs/fedi.conf b/configs/fedi.conf
index c1afedc..bf9acdb 100644
--- a/configs/fedi.conf
+++ b/configs/fedi.conf
@@ -6,9 +6,9 @@ server {
 
   client_max_body_size 100M;
 
-  location / {
-    proxy_set_header Host $host;
-    proxy_pass http://127.0.0.1:3000;
-    proxy_redirect off;
-  }
+    location / {
+        proxy_set_header Host $host;
+        proxy_pass http://127.0.0.1:3000;
+        proxy_redirect off;
+    }
 }
diff --git a/configs/irc.conf b/configs/irc.conf
index 2c6f454..0bd11f8 100644
--- a/configs/irc.conf
+++ b/configs/irc.conf
@@ -5,9 +5,9 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/irc.nhcarrigan.com/privkey.pem;
 
     location / {
-        proxy_set_header Host $host;
-        proxy_pass http://127.0.0.1:9000;
-        proxy_redirect off;
+      proxy_set_header Host $host;
+      proxy_pass http://127.0.0.1:9000;
+      proxy_redirect off;
     }
 }
 
@@ -21,10 +21,10 @@ server {
     index index.php;
 
     location / {
-        try_files $uri $uri/ =404;
+	try_files $uri $uri/ =404;
     }
-
-    location ~ \.php$ {
+ 
+location ~ \.php$ {
         include snippets/fastcgi-php.conf;
         fastcgi_pass unix:/run/php/php8.3-fpm.sock;
     }
diff --git a/configs/matrix.conf b/configs/matrix.conf
index b4a16f8..7ec8718 100644
--- a/configs/matrix.conf
+++ b/configs/matrix.conf
@@ -5,6 +5,13 @@ server {
     ssl_certificate /etc/letsencrypt/live/matrix.nhcarrigan.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/matrix.nhcarrigan.com/privkey.pem;
 
+    # Root path redirect only for port 443
+    location = / {
+        if ($server_port = 443) {
+            return 301 https://chat.nhcarrigan.com;
+        }
+    }
+
     location /.well-known/matrix/server {
 	return 200 '{"m.server": "matrix.nhcarrigan.com:443"}';
 	add_header Content-Type application/json;
diff --git a/configs/prod.conf b/configs/prod.conf
index 576b4e4..ac934d7 100644
--- a/configs/prod.conf
+++ b/configs/prod.conf
@@ -1,29 +1,55 @@
 server {
   listen 443 ssl;
-  server_name irc-private.nhcarrigan.com;
-  ssl_certificate /etc/letsencrypt/live/irc-private.nhcarrigan.com/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/irc-private.nhcarrigan.com/privkey.pem;
+  server_name alerts.nhcarrigan.com;
+  ssl_certificate /etc/letsencrypt/live/alerts.nhcarrigan.com/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/alerts.nhcarrigan.com/privkey.pem;
 
   location / {
     proxy_set_header Host $host;
-    proxy_pass http://127.0.0.1:9000;
+    proxy_pass http://127.0.0.1:5003;
     proxy_redirect off;
   }
 }
 
 server {
   listen 443 ssl;
-  server_name naomi.party;
-  ssl_certificate /etc/letsencrypt/live/naomi.party/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/naomi.party/privkey.pem;
+  server_name irc-private.nhcarrigan.com;
+  ssl_certificate /etc/letsencrypt/live/irc-private.nhcarrigan.com/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/irc-private.nhcarrigan.com/privkey.pem;
 
-  root /home/nhcarrigan/bsky;
+    location / {
+        proxy_set_header Host $host;
+        proxy_pass http://127.0.0.1:9000;
+        proxy_redirect off;
+    }
+}
+
+server {
+  listen 443 ssl;
+  server_name assistant.nhcarrigan.com;
+  ssl_certificate /etc/letsencrypt/live/assistant.nhcarrigan.com/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/assistant.nhcarrigan.com/privkey.pem;
 
   location / {
-    index index.html;
+    proxy_set_header Host $host;
+    proxy_pass http://127.0.0.1:5002;
+    proxy_redirect off;
   }
 }
 
+server {
+    listen 443 ssl;
+    server_name naomi.party;
+    ssl_certificate /etc/letsencrypt/live/naomi.party/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/naomi.party/privkey.pem;
+
+    root /home/nhcarrigan/bsky;
+    
+    location / {
+        index index.html;
+    }
+}
+
 server {
   listen 443 ssl;
   server_name forms.nhcarrigan.com;
@@ -105,42 +131,42 @@ server {
 }
 
 server {
-  listen 443 ssl;
-  server_name security.nhcarrigan.com;
-  ssl_certificate /etc/letsencrypt/live/security.nhcarrigan.com/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/security.nhcarrigan.com/privkey.pem;
+   listen 443 ssl;
+   server_name security.nhcarrigan.com;
+   ssl_certificate /etc/letsencrypt/live/security.nhcarrigan.com/fullchain.pem;
+   ssl_certificate_key /etc/letsencrypt/live/security.nhcarrigan.com/privkey.pem;
 
-  root /home/nhcarrigan/security;
+   root /home/nhcarrigan/security;
 
-  location / {
-    index index.html;
-  }
+   location / {
+      index index.html;
+   }
 }
 
 server {
-  listen 443 ssl;
-  server_name nhcarrigan.link;
-  ssl_certificate /etc/letsencrypt/live/nhcarrigan.link/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/nhcarrigan.link/privkey.pem;
+    listen 443 ssl;
+    server_name nhcarrigan.link;
+    ssl_certificate /etc/letsencrypt/live/nhcarrigan.link/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/nhcarrigan.link/privkey.pem;
 
-  root /home/nhcarrigan/link-redirector;
+    root /home/nhcarrigan/link-redirector;
 
-  location / {
-    index index.html;
-  }
+    location / {
+        index index.html;
+    }
 }
 
 server {
-  listen 443 ssl;
-  server_name games.nhcarrigan.com;
-  ssl_certificate /etc/letsencrypt/live/games.nhcarrigan.com/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/games.nhcarrigan.com/privkey.pem;
+    listen 443 ssl;
+    server_name games.nhcarrigan.com;
+    ssl_certificate /etc/letsencrypt/live/games.nhcarrigan.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/games.nhcarrigan.com/privkey.pem;
 
-  root /home/nhcarrigan/games;
+    root /home/nhcarrigan/games;
 
-  location / {
-    index index.html;
-  }
+    location / {
+       index index.html;
+    }
 }
 
 server {
@@ -187,7 +213,7 @@ server {
   server_name www.naomi.lgbt;
   ssl_certificate /etc/letsencrypt/live/www.naomi.lgbt/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/www.naomi.lgbt/privkey.pem;
-
+  
   location / {
     proxy_set_header Host $host;
     proxy_pass http://127.0.0.1:3000;
diff --git a/pull.sh b/pull.sh
new file mode 100755
index 0000000..68f3d1b
--- /dev/null
+++ b/pull.sh
@@ -0,0 +1,7 @@
+servers=("prod" "irc" "fedi" "matrix" "gitea")
+
+for server in "${servers[@]}"
+do
+    echo "Pulling $server"
+    rsync --archive --verbose $server:/etc/nginx/conf.d/server.conf configs/$server.conf
+done
diff --git a/push.sh b/push.sh
deleted file mode 100755
index 2d6bb7e..0000000
--- a/push.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-servers=("prod" "irc" "fedi" "matrix" "gitea")
-
-for server in "${servers[@]}"
-do
-    echo "Pushing $server"
-    server_ip=$(ssh -o IdentityAgent=~/.1password/agent.sock $server "hostname -I | cut -d' ' -f1")
-    echo "Server IP: $server_ip"
-    
-    rsync --archive -e "ssh -o IdentityAgent=~/.1password/agent.sock" configs/$server.conf root@$server_ip:/etc/nginx/conf.d/server.conf
-    
-    ssh -o IdentityAgent=~/.1password/agent.sock root@$server_ip "systemctl restart nginx"
-done