grenade/moments
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

chore(deploy): strip infra commentary from asset/ config files

Browse Source 
These ship in a public repo; topology narration in nginx, systemd,
firewalld, and env templates is gratuitous. Keep the config terse —
directives speak for themselves.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
rob thijssen
2026-05-03 20:23:11 +03:00
parent 52b7d0be9b
commit abce3803ca
8 changed files with 1 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
asset/nginx/rob.tn.conf
View File

@@ -1,12 +1,3 @@
# /etc/nginx/conf.d/rob.tn.conf — rob.tn site config for moments.
#
# Lives on oolon (the per-site nginx ingress that terminates rob.tn 443
# traffic). Static frontend out of /var/www/moments; /api/* reverse-
# proxied across the WG mesh to the moments-api binary on nikola. The
# UI fetches /api/v1/... so the strip matches what Vite's dev proxy
# does (drop the /api prefix before sending to axum, whose routes are
# mounted at /v1/*).
upstream moments_api {
server nikola.kosherinata.internal:42424 max_fails=3 fail_timeout=30s;
keepalive 8;
@@ -19,23 +10,16 @@ server {
ssl_certificate /etc/pki/tls/misc/oolon.hanzalova.internal.pem;
ssl_certificate_key /etc/pki/tls/private/oolon.hanzalova.internal.pem;
# Public forge — visitors are not on the internal mTLS mesh, so no
# client-cert verification here. The X25519MLKEM768 default falls
# back to classical curves for clients that don't speak PQ yet.
ssl_protocols TLSv1.3;
root /var/www/moments;
index index.html;
# Static SPA: serve the file if it exists, else fall back to index.html
# so client-side routing works.
location / {
try_files $uri $uri/ /index.html;
add_header Cache-Control "no-cache" always;
}
# Asset bundles are content-hashed by Vite — safe to cache aggressively.
location ~* \.(js|css|woff2?|ttf|eot|svg|png|jpg|jpeg|gif|ico|webp|avif)$ {
expires 30d;
add_header Cache-Control "public, max-age=2592000, immutable";
@@ -43,7 +27,6 @@ server {
}
location /api/ {
# Strip /api so axum sees /v1/events, not /api/v1/events.
rewrite ^/api/(.*)$ /$1 break;
proxy_pass http://moments_api;
proxy_http_version 1.1;