jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
NixOS/hosts/miniserver/nginx.nix

128 lines
4.5 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, ... }:
let
localhost = "127.0.0.1";
# workstation = "192.168.1.64";
domain = "servidos.lat";
shioriPort = 4368;
flamePort = 5005;
secretFlamePort = 5007;
# lidarrPort = 8686;
qbitPort = 9091;
# prowlarrPort = 9696;
# radarrPort = 7878;
# sonarrPort = 8989;
mealiePort = 9925;
ryotPort = 8765;
scrobblePort = 9078;
malojaPort = 42010;
darkwirePort = 3001;
metatubePort = 8881;
# bazarrPort = config.services.bazarr.listenPort;
# kavitaPort = config.services.kavita.port;
vaultPort = config.services.vaultwarden.config.ROCKET_PORT;
audiobookPort = config.services.audiobookshelf.port;
in {
services.nginx = {
enable = true;
clientMaxBodySize = "4096m";
# recommendedTlsSettings = true;
# recommendedGzipSettings = true;
# recommendedOptimisation = true;
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
virtualHosts = let
base = locations: {
inherit locations;
forceSSL = true;
enableACME = true;
http2 = true;
};
proxy = port:
base { "/".proxyPass = "http://${localhost}:${toString port}/"; };
# proxyArr = port:
# proxy port // {
# extraConfig = ''
# proxy_set_header Host $host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Host $host;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection $http_connection;
# proxy_redirect off;
# proxy_http_version 1.1;
# '';
# };
in {
# "movies.${domain}" = proxyArr radarrPort // { };
# "indexer.${domain}" = proxyArr prowlarrPort // { };
# "music.${domain}" = proxyArr lidarrPort // { };
# "library.${domain}" = proxy kavitaPort // { };
"start.${domain}" = proxy flamePort // { };
# "subs.${domain}" = proxy bazarrPort // { };
# "series.${domain}" = proxy sonarrPort // { };
"vault.${domain}" = proxy vaultPort // { };
"mealie.${domain}" = proxy mealiePort // { };
"tracker.${domain}" = proxy ryotPort // { };
"scrobble.${domain}" = proxy scrobblePort // { };
"maloja.${domain}" = proxy malojaPort // { };
"bookmarks.${domain}" = proxy shioriPort // { };
"bajameesta.${domain}" = proxy metatubePort // { };
"qampqwn4wprhqny8h8zj.${domain}" = proxy secretFlamePort // { };
"xfwmrle6h6skqujbeizw.${domain}" = proxy qbitPort // { };
"audiobooks.${domain}" = base {
"/" = {
proxyPass = "http://${localhost}:${toString audiobookPort}";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_redirect http:// https://;
'';
};
};
"dontcancelmeplz.${domain}" = base {
"/" = {
proxyPass = "http://${localhost}:${toString darkwirePort}";
proxyWebsockets = true;
extraConfig = ''
# Ensuring it can use websockets
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_redirect http:// $scheme://;
# The proxy must preserve the host because gotify verifies the host with the origin
# for WebSocket connections
proxy_set_header Host $host;
# These sets the timeout so that the websocket can stay alive
proxy_connect_timeout 1m;
proxy_send_timeout 1m;
proxy_read_timeout 1m;
'';
};
};
};
};
networking = {
firewall = let open_firewall_ports = [ 80 443 ];
in {
enable = true;
allowedTCPPorts = open_firewall_ports;
allowedUDPPorts = open_firewall_ports;
};
};
}
Reference in New Issue View Git Blame Copy Permalink