From b5037784795b88b0796c32591cd14d3f2ccb1443 Mon Sep 17 00:00:00 2001
From: Dmitry Voronin <hi@voronind.com>
Date: Sat, 12 Oct 2024 23:37:46 +0300
Subject: [PATCH] Proxy : Move resume from root to subdomain.

---
 container/Proxy.nix             | 27 ---------------------------
 container/proxy/host/Git.nix    |  5 -----
 container/proxy/host/Resume.nix | 24 ++++++++++++++++++++++++
 3 files changed, 24 insertions(+), 32 deletions(-)
 create mode 100644 container/proxy/host/Resume.nix

diff --git a/container/Proxy.nix b/container/Proxy.nix
index 8ceaae9..5814cee 100644
--- a/container/Proxy.nix
+++ b/container/Proxy.nix
@@ -77,37 +77,10 @@ in
             eventsConfig = ''
               worker_connections 4096;
             '';
-            # TODO: Fix 80 redirect and 403 default.
             appendHttpConfig = ''
               proxy_max_temp_file_size 0;
               proxy_buffering off;
 
-              server {
-                server_name default_server;
-                listen 80;
-
-                location / {
-                  return 301 https://$host$request_uri;
-                }
-              }
-
-              map $http_accept_language $resume {
-                default https://git.${config.container.domain}/voronind/resume/releases/download/latest/VoronindEn.pdf;
-                ~ru     https://git.${config.container.domain}/voronind/resume/releases/download/latest/VoronindRu.pdf;
-              }
-
-              server {
-                server_name ${config.container.domain};
-                listen 443 ssl;
-
-                ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
-                ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
-                include /etc/letsencrypt/conf/options-ssl-nginx.conf;
-                ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
-
-                return 301 $resume;
-              }
-
               server {
                 listen 443 ssl default_server;
                 server_name _;
diff --git a/container/proxy/host/Git.nix b/container/proxy/host/Git.nix
index a754936..e562c3a 100644
--- a/container/proxy/host/Git.nix
+++ b/container/proxy/host/Git.nix
@@ -18,11 +18,6 @@ in
       }
 
       location / {
-        # allow ${config.container.localAccess};
-        # allow ${config.container.module.status.address};
-        # allow ${config.container.module.vpn.address};
-        # allow ${config.container.module.frkn.address};
-        # deny all;
         proxy_pass http://''$${name}$request_uri;
       }
 
diff --git a/container/proxy/host/Resume.nix b/container/proxy/host/Resume.nix
new file mode 100644
index 0000000..b6035c9
--- /dev/null
+++ b/container/proxy/host/Resume.nix
@@ -0,0 +1,24 @@
+{ container, config, ... }:
+let
+  domain = "resume.${config.container.domain}";
+  name = "resume";
+in
+{
+  ${domain} = container.mkServer {
+    extraConfig = ''
+      server_name ${domain};
+      listen 443 ssl;
+
+      ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem;
+      ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem;
+      include /etc/letsencrypt/conf/options-ssl-nginx.conf;
+      ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
+
+      if ($http_accept_language ~ ru) {
+        return 301 https://${config.container.module.git.domain}/voronind/resume/releases/download/latest/VoronindRu.pdf;
+      }
+
+      return 301 https://${config.container.module.git.domain}/voronind/resume/releases/download/latest/VoronindEn.pdf;
+    '';
+  };
+}