{ pkgs, config, hosts, lib, ... }: let inherit (builtins) filter hasAttr attrValues concatMap; proxy = url: { enableACME = true; forceSSL = true; locations."/" = { proxyPass = url; proxyWebsockets = true; }; }; k8s_proxy = proxy "http://kubernetes.olympus:80/"; clientConfig = { "m.homeserver" = { base_url = "https://chat.meowy.tech"; server_name = "meowy.tech"; }; "m.identity_server" = { }; }; serverConfig."m.server" = "chat.meowy.tech:443"; mkWellKnown = data: '' add_header Content-Type application/json; add_header Access-Control-Allow-Origin *; return 200 '${builtins.toJSON data}'; ''; hostsWithExposes = filter (hasAttr "exposes") (attrValues hosts.${config.networking.domain}); exposes = { ip, exposes, ... }: map ({ domain, port }: { inherit ip domain port; }) (attrValues exposes); mkVhost = { ip, domain, port }: { "${domain}" = proxy "http://${ip}:${toString port}"; }; vhosts = lib.foldr (el: acc: acc // mkVhost el) { } (concatMap exposes hostsWithExposes); in { # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "21.05"; # Did you read the comment? networking.firewall.allowedTCPPorts = [ 80 443 ]; services.nginx = { enable = true; statusPage = true; recommendedProxySettings = true; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedBrotliSettings = true; clientMaxBodySize = "500m"; package = pkgs.nginxMainline; # Templated virtualHosts = vhosts // { # 0x76.dev "ha.0x76.dev" = proxy "http://home-assistant.olympus:8123/"; "git.0x76.dev" = proxy "http://gitea.olympus:3000"; "o.0x76.dev" = proxy "http://minio.olympus:9000"; "grafana.0x76.dev" = proxy "http://victoriametrics.olympus:2342"; "outline.0x76.dev" = proxy "http://outline.olympus:3000"; "ntfy.0x76.dev" = proxy "http://ntfy.olympus:80"; "ci.0x76.dev" = proxy "http://woodpecker.olympus:8000"; "dex.0x76.dev" = proxy "http://dex.olympus:5556"; "pass.0x76.dev" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://vaultwarden.olympus:8222"; proxyWebsockets = true; }; locations."/notifications/hub/negotiate" = { proxyPass = "http://vaultwarden.olympus:8222"; proxyWebsockets = true; }; locations."/notifications/hub" = { proxyPass = "http://vaultwarden.olympus:3012"; proxyWebsockets = true; }; }; # Redshifts "andreea.redshifts.xyz" = proxy "http://zmeura.olympus:8008"; # Meow "meowy.tech" = { enableACME = true; forceSSL = true; locations."/".extraConfig = '' add_header Content-Type 'text/html; charset=UTF-8'; return 200 '