119 lines
3.3 KiB
Nix
119 lines
3.3 KiB
Nix
{
|
|
inputs,
|
|
constants,
|
|
lib,
|
|
...
|
|
}:
|
|
|
|
let
|
|
ssl = true;
|
|
|
|
inherit (lib.utils) mkVirtualHost;
|
|
in
|
|
{
|
|
imports = [
|
|
inputs.synix.nixosModules.nginx
|
|
];
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
forceSSL = ssl;
|
|
|
|
commonHttpConfig = ''
|
|
map $http_upgrade $connection_upgrade {
|
|
default upgrade;
|
|
"" 'close';
|
|
}
|
|
access_log syslog:server=unix:/dev/log;
|
|
'';
|
|
|
|
virtualHosts."_" = {
|
|
forceSSL = false;
|
|
locations."/.well-known/acme-challenge/" = {
|
|
root = "/var/lib/acme/acme-challenge";
|
|
};
|
|
};
|
|
virtualHosts."${constants.services.docs.fqdn}" = mkVirtualHost {
|
|
inherit ssl;
|
|
address = constants.hosts.rx4.ip;
|
|
port = 80;
|
|
};
|
|
virtualHosts."${constants.services.forgejo.fqdn}" = mkVirtualHost {
|
|
inherit ssl;
|
|
address = constants.hosts.rx4.ip;
|
|
port = constants.services.forgejo.port;
|
|
};
|
|
virtualHosts."${constants.services.jirafeau.fqdn}" = {
|
|
enableACME = ssl;
|
|
forceSSL = ssl;
|
|
locations."/" = {
|
|
proxyPass = "http://${constants.hosts.rx4.ip}";
|
|
};
|
|
};
|
|
virtualHosts."${constants.services.miniflux.fqdn}" = mkVirtualHost {
|
|
inherit ssl;
|
|
address = constants.hosts.rx4.ip;
|
|
port = constants.services.miniflux.port;
|
|
};
|
|
virtualHosts."${constants.services.netdata.fqdn}" = {
|
|
useACMEHost = "sid-internal";
|
|
forceSSL = ssl;
|
|
locations."/" = {
|
|
# proxyPass = "http://${constants.hosts.sid.ip}:${toString constants.services.netdata.port}";
|
|
proxyPass = "http://127.0.0.1:${toString constants.services.netdata.port}";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
virtualHosts."${constants.services.open-webui-oci.fqdn}" = mkVirtualHost {
|
|
inherit ssl;
|
|
address = constants.hosts.rx4.ip;
|
|
port = constants.services.open-webui-oci.port;
|
|
extraConfig = ''
|
|
proxy_read_timeout 3600s;
|
|
proxy_send_timeout 3600s;
|
|
proxy_connect_timeout 600s;
|
|
access_log /var/log/nginx/open-webui-access.log;
|
|
error_log /var/log/nginx/open-webui-error.log debug;
|
|
'';
|
|
};
|
|
virtualHosts."${constants.services.rss-bridge.fqdn}" = {
|
|
enableACME = ssl;
|
|
forceSSL = ssl;
|
|
locations."/" = {
|
|
proxyPass = "http://${constants.hosts.rx4.ip}";
|
|
};
|
|
};
|
|
virtualHosts."${constants.services.rsshub-oci.fqdn}" = mkVirtualHost {
|
|
inherit ssl;
|
|
address = constants.hosts.rx4.ip;
|
|
port = constants.services.rsshub-oci.port;
|
|
};
|
|
virtualHosts."${constants.services.vaultwarden.fqdn}" = {
|
|
useACMEHost = "sid-internal";
|
|
forceSSL = ssl;
|
|
locations = {
|
|
"/" = {
|
|
proxyPass = "http://${constants.hosts.rx4.ip}:${toString constants.services.vaultwarden.port}";
|
|
};
|
|
};
|
|
};
|
|
virtualHosts."${constants.services.webdav.fqdn}" = {
|
|
useACMEHost = "sid-internal";
|
|
forceSSL = ssl;
|
|
locations."/" = {
|
|
proxyPass = "http://${constants.hosts.rx4.ip}:${toString constants.services.webdav.port}";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
# FIXME
|
|
# virtualHosts."print.sid.ovh" = {
|
|
# enableACME = true;
|
|
# forceSSL = true;
|
|
# locations."/" = {
|
|
# proxyPass = "http://100.64.0.5:631";
|
|
# proxyWebsockets = true;
|
|
# };
|
|
# };
|
|
};
|
|
}
|