# Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. { config, ... }: let localhost = "127.0.0.1"; # workstation = "192.168.1.64"; domain = "servidos.lat"; shioriPort = 4368; flamePort = 5005; secretFlamePort = 5007; # lidarrPort = 8686; qbitPort = 9091; # prowlarrPort = 9696; # radarrPort = 7878; # sonarrPort = 8989; mealiePort = 9925; ryotPort = 8765; scrobblePort = 9078; malojaPort = 42010; darkwirePort = 3001; metatubePort = 8881; # bazarrPort = config.services.bazarr.listenPort; # kavitaPort = config.services.kavita.port; vaultPort = config.services.vaultwarden.config.ROCKET_PORT; audiobookPort = config.services.audiobookshelf.port; microbinPort = config.services.microbin.settings.MICROBIN_PORT; in { services.nginx = { enable = true; clientMaxBodySize = "4096m"; # recommendedTlsSettings = true; # recommendedGzipSettings = true; # recommendedOptimisation = true; sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; virtualHosts = let base = locations: { inherit locations; forceSSL = true; enableACME = true; http2 = true; }; proxy = port: base { "/".proxyPass = "http://${localhost}:${toString port}/"; }; # proxyArr = port: # proxy port // { # extraConfig = '' # proxy_set_header Host $host; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Proto $scheme; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection $http_connection; # proxy_redirect off; # proxy_http_version 1.1; # ''; # }; in { # "movies.${domain}" = proxyArr radarrPort // { }; # "indexer.${domain}" = proxyArr prowlarrPort // { }; # "music.${domain}" = proxyArr lidarrPort // { }; # "library.${domain}" = proxy kavitaPort // { }; "start.${domain}" = proxy flamePort // { }; # "subs.${domain}" = proxy bazarrPort // { }; # "series.${domain}" = proxy sonarrPort // { }; "vault.${domain}" = proxy vaultPort // { }; "copy.${domain}" = proxy microbinPort // { }; "mealie.${domain}" = proxy mealiePort // { }; "tracker.${domain}" = proxy ryotPort // { }; "scrobble.${domain}" = proxy scrobblePort // { }; "maloja.${domain}" = proxy malojaPort // { }; "bookmarks.${domain}" = proxy shioriPort // { }; "bajameesta.${domain}" = proxy metatubePort // { }; "qampqwn4wprhqny8h8zj.${domain}" = proxy secretFlamePort // { }; "xfwmrle6h6skqujbeizw.${domain}" = proxy qbitPort // { }; "audiobooks.${domain}" = base { "/" = { proxyPass = "http://${localhost}:${toString audiobookPort}"; extraConfig = '' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_http_version 1.1; proxy_redirect http:// https://; ''; }; }; "dontcancelmeplz.${domain}" = base { "/" = { proxyPass = "http://${localhost}:${toString darkwirePort}"; proxyWebsockets = true; extraConfig = '' # Ensuring it can use websockets proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto http; proxy_redirect http:// $scheme://; # The proxy must preserve the host because gotify verifies the host with the origin # for WebSocket connections proxy_set_header Host $host; # These sets the timeout so that the websocket can stay alive proxy_connect_timeout 1m; proxy_send_timeout 1m; proxy_read_timeout 1m; ''; }; }; }; }; networking = { firewall = let open_firewall_ports = [ 80 443 ]; in { enable = true; allowedTCPPorts = open_firewall_ports; allowedUDPPorts = open_firewall_ports; }; }; }