chore: update configs

configs/fedi.conf

@@ -6,9 +6,9 @@ server {
 
   client_max_body_size 100M;
 
-  location / {
+    location / {
-    proxy_set_header Host $host;
+        proxy_set_header Host $host;
-    proxy_pass http://127.0.0.1:3000;
+        proxy_pass http://127.0.0.1:3000;
-    proxy_redirect off;
+        proxy_redirect off;
-  }
+    }
 }

configs/irc.conf

@@ -5,9 +5,9 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/irc.nhcarrigan.com/privkey.pem;
 
     location / {
-        proxy_set_header Host $host;
+      proxy_set_header Host $host;
-        proxy_pass http://127.0.0.1:9000;
+      proxy_pass http://127.0.0.1:9000;
-        proxy_redirect off;
+      proxy_redirect off;
     }
 }
 
@@ -21,10 +21,10 @@ server {
     index index.php;
 
     location / {
-        try_files $uri $uri/ =404;
+	try_files $uri $uri/ =404;
     }
  
-    location ~ \.php$ {
+location ~ \.php$ {
         include snippets/fastcgi-php.conf;
         fastcgi_pass unix:/run/php/php8.3-fpm.sock;
     }

configs/matrix.conf

@@ -5,6 +5,13 @@ server {
     ssl_certificate /etc/letsencrypt/live/matrix.nhcarrigan.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/matrix.nhcarrigan.com/privkey.pem;
 
+    # Root path redirect only for port 443
+    location = / {
+        if ($server_port = 443) {
+            return 301 https://chat.nhcarrigan.com;
+        }
+    }
+
     location /.well-known/matrix/server {
 	return 200 '{"m.server": "matrix.nhcarrigan.com:443"}';
 	add_header Content-Type application/json;

configs/prod.conf

@@ -1,29 +1,55 @@
 server {
   listen 443 ssl;
-  server_name irc-private.nhcarrigan.com;
+  server_name alerts.nhcarrigan.com;
-  ssl_certificate /etc/letsencrypt/live/irc-private.nhcarrigan.com/fullchain.pem;
+  ssl_certificate /etc/letsencrypt/live/alerts.nhcarrigan.com/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/irc-private.nhcarrigan.com/privkey.pem;
+  ssl_certificate_key /etc/letsencrypt/live/alerts.nhcarrigan.com/privkey.pem;
 
   location / {
     proxy_set_header Host $host;
-    proxy_pass http://127.0.0.1:9000;
+    proxy_pass http://127.0.0.1:5003;
     proxy_redirect off;
   }
 }
 
 server {
   listen 443 ssl;
-  server_name naomi.party;
+  server_name irc-private.nhcarrigan.com;
-  ssl_certificate /etc/letsencrypt/live/naomi.party/fullchain.pem;
+  ssl_certificate /etc/letsencrypt/live/irc-private.nhcarrigan.com/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/naomi.party/privkey.pem;
+  ssl_certificate_key /etc/letsencrypt/live/irc-private.nhcarrigan.com/privkey.pem;
 
-  root /home/nhcarrigan/bsky;
+    location / {
+        proxy_set_header Host $host;
+        proxy_pass http://127.0.0.1:9000;
+        proxy_redirect off;
+    }
+}
+
+server {
+  listen 443 ssl;
+  server_name assistant.nhcarrigan.com;
+  ssl_certificate /etc/letsencrypt/live/assistant.nhcarrigan.com/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/assistant.nhcarrigan.com/privkey.pem;
 
   location / {
-    index index.html;
+    proxy_set_header Host $host;
+    proxy_pass http://127.0.0.1:5002;
+    proxy_redirect off;
   }
 }
 
+server {
+    listen 443 ssl;
+    server_name naomi.party;
+    ssl_certificate /etc/letsencrypt/live/naomi.party/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/naomi.party/privkey.pem;
+
+    root /home/nhcarrigan/bsky;
+    
+    location / {
+        index index.html;
+    }
+}
+
 server {
   listen 443 ssl;
   server_name forms.nhcarrigan.com;
@@ -105,42 +131,42 @@ server {
 }
 
 server {
-  listen 443 ssl;
+   listen 443 ssl;
-  server_name security.nhcarrigan.com;
+   server_name security.nhcarrigan.com;
-  ssl_certificate /etc/letsencrypt/live/security.nhcarrigan.com/fullchain.pem;
+   ssl_certificate /etc/letsencrypt/live/security.nhcarrigan.com/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/security.nhcarrigan.com/privkey.pem;
+   ssl_certificate_key /etc/letsencrypt/live/security.nhcarrigan.com/privkey.pem;
 
-  root /home/nhcarrigan/security;
+   root /home/nhcarrigan/security;
 
-  location / {
+   location / {
-    index index.html;
+      index index.html;
-  }
+   }
 }
 
 server {
-  listen 443 ssl;
+    listen 443 ssl;
-  server_name nhcarrigan.link;
+    server_name nhcarrigan.link;
-  ssl_certificate /etc/letsencrypt/live/nhcarrigan.link/fullchain.pem;
+    ssl_certificate /etc/letsencrypt/live/nhcarrigan.link/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/nhcarrigan.link/privkey.pem;
+    ssl_certificate_key /etc/letsencrypt/live/nhcarrigan.link/privkey.pem;
 
-  root /home/nhcarrigan/link-redirector;
+    root /home/nhcarrigan/link-redirector;
 
-  location / {
+    location / {
-    index index.html;
+        index index.html;
-  }
+    }
 }
 
 server {
-  listen 443 ssl;
+    listen 443 ssl;
-  server_name games.nhcarrigan.com;
+    server_name games.nhcarrigan.com;
-  ssl_certificate /etc/letsencrypt/live/games.nhcarrigan.com/fullchain.pem;
+    ssl_certificate /etc/letsencrypt/live/games.nhcarrigan.com/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/games.nhcarrigan.com/privkey.pem;
+    ssl_certificate_key /etc/letsencrypt/live/games.nhcarrigan.com/privkey.pem;
 
-  root /home/nhcarrigan/games;
+    root /home/nhcarrigan/games;
 
-  location / {
+    location / {
-    index index.html;
+       index index.html;
-  }
+    }
 }
 
 server {

pull.sh

@@ -0,0 +1,7 @@
+servers=("prod" "irc" "fedi" "matrix" "gitea")
+
+for server in "${servers[@]}"
+do
+    echo "Pulling $server"
+    rsync --archive --verbose $server:/etc/nginx/conf.d/server.conf configs/$server.conf
+done

push.sh

@@ -1,12 +0,0 @@
-servers=("prod" "irc" "fedi" "matrix" "gitea")
-
-for server in "${servers[@]}"
-do
-    echo "Pushing $server"
-    server_ip=$(ssh -o IdentityAgent=~/.1password/agent.sock $server "hostname -I | cut -d' ' -f1")
-    echo "Server IP: $server_ip"
-    
-    rsync --archive -e "ssh -o IdentityAgent=~/.1password/agent.sock" configs/$server.conf root@$server_ip:/etc/nginx/conf.d/server.conf
-    
-    ssh -o IdentityAgent=~/.1password/agent.sock root@$server_ip "systemctl restart nginx"
-done