eve-psr-nix0/nix/application/nginx.nix

{ config, lib, pkgs,... }: {
  services.nginx = {
    enable = true;

    recommendedProxySettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;

    virtualHosts =
      let
        base = locations: {
          enableACME = true;
          forceSSL = true;
          inherit locations;
        };

        static = { dir }: base {
          "/".root = dir;
        };

        proxied = { target, extra ? "" }: base {
          "/" = {
            proxyPass = target;
            extraConfig = extra;
          };
        };

        proxiedAuth = { target, extra ? "", auth }: base {
          "/" = {
            proxyPass = target;
            basicAuthFile = auth;
            extraConfig = extra;
          };
        };

        proxiedLAN = { target }: base {
          "/" = {
            proxyPass = target;
            extraConfig = ''
              allow 192.168.0.0/24;
              deny all;
            '';
          };
        };
      in
      {
        "atuin.matri.cx" = proxied { target = "http://127.0.0.1:8888"; };
        "brohan.lol" = static { dir = "/var/www/brohan.lol"; };
        "cache.matri.cx" = proxiedLAN {
          target = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
        };
        "caitlynncox.com" = static { dir = "/var/www/caitlynncox.com"; };
        "dallasmed65.com" = static { dir = "/var/www/dallasmed65.com"; };
        "docker.matri.cx" = proxiedAuth {
          auth = config.age.secrets.htpasswd-dock.path;
          target = "http://127.0.0.1:3001";
          extra = ''
            client_max_body_size 0;
          '';
        };
        "eversole.co" = proxied { target = "http://127.0.0.1:5196"; };
        "flux.matri.cx" = proxied { target = "http://127.0.0.1:26343"; };
        "git.eversole.co" = {
          enableACME = true;
          forceSSL = true;
          locations."/" = { root = "/var/www/git.eversole.co"; tryFiles = "$uri $uri/ @git"; };
          locations."@git" = { proxyPass = "http://127.0.0.1:23232"; priority = 600; };
        };
        "graf.matri.cx" = { root = "/var/www/graf.matri.cx"; }; # refer to /monitoring/nginx.nix
        "hydra.matri.cx" = proxied {
          target = "http://127.0.0.1:3034";
          extra = ''
            proxy_set_header X-Request-Base "https://hydra.matri.cx";
          '';
        };
        "jame.su" = static { dir = "/var/www/jame.su"; };
        "matri.cx" = static { dir = "/var/www/matri.cx"; };
        "media.matri.cx" = proxied { target = "http://127.0.0.1:8096"; };
        "pw.eversole.co" = proxied { target = "http://127.0.0.1:40080"; };
        "sezycei.com" = static { dir = "/var/www/sezycei.com"; };
        "snakebelmont.com" = static { dir = "/var/www/snakebelmont.com"; };
        "transmission.matri.cx" = proxiedLAN { target = "http://127.0.0.1:9091"; };
        "purr.eversole.co" = proxied { target = "http://127.0.0.1:5195"; };
      };
  };
}
git changes for soft-serve 2024-02-08 13:05:20 -06:00			`{ config, lib, pkgs,... }: {`
Add Grafana & Loki & Promtail monitoring stack 2023-06-26 20:05:48 -05:00			`services.nginx = {`
			`enable = true;`
Remove the Transmission env file content from the nix store 2023-06-27 20:36:48 -05:00
Add Grafana & Loki & Promtail monitoring stack 2023-06-26 20:05:48 -05:00			`recommendedProxySettings = true;`
			`recommendedOptimisation = true;`
			`recommendedGzipSettings = true;`

Refactor nginx.nix using generative functions; Remove bind container service; Enable CoreDNS; Open 53UDP on system firewall; rename service files; containers listen on localhost only; added SDA-EXT data volume 2023-06-27 19:41:33 -05:00			`virtualHosts =`
			`let`
			`base = locations: {`
			`enableACME = true;`
			`forceSSL = true;`
			`inherit locations;`
			`};`
Add Grafana & Loki & Promtail monitoring stack 2023-06-26 20:05:48 -05:00
Refactor nginx.nix using generative functions; Remove bind container service; Enable CoreDNS; Open 53UDP on system firewall; rename service files; containers listen on localhost only; added SDA-EXT data volume 2023-06-27 19:41:33 -05:00			`static = { dir }: base {`
			`"/".root = dir;`
			`};`
Add Grafana & Loki & Promtail monitoring stack 2023-06-26 20:05:48 -05:00
Refactor nginx.nix using generative functions; Remove bind container service; Enable CoreDNS; Open 53UDP on system firewall; rename service files; containers listen on localhost only; added SDA-EXT data volume 2023-06-27 19:41:33 -05:00			`proxied = { target, extra ? "" }: base {`
			`"/" = {`
			`proxyPass = target;`
			`extraConfig = extra;`
			`};`
			`};`
Add Grafana & Loki & Promtail monitoring stack 2023-06-26 20:05:48 -05:00
Refactor nginx.nix using generative functions; Remove bind container service; Enable CoreDNS; Open 53UDP on system firewall; rename service files; containers listen on localhost only; added SDA-EXT data volume 2023-06-27 19:41:33 -05:00			`proxiedAuth = { target, extra ? "", auth }: base {`
			`"/" = {`
			`proxyPass = target;`
			`basicAuthFile = auth;`
			`extraConfig = extra;`
			`};`
			`};`
Remove the Transmission env file content from the nix store 2023-06-27 20:36:48 -05:00
Refactor nginx.nix using generative functions; Remove bind container service; Enable CoreDNS; Open 53UDP on system firewall; rename service files; containers listen on localhost only; added SDA-EXT data volume 2023-06-27 19:41:33 -05:00			`proxiedLAN = { target }: base {`
			`"/" = {`
			`proxyPass = target;`
			`extraConfig = ''`
			`allow 192.168.0.0/24;`
			`deny all;`
			`'';`
			`};`
			`};`
			`in`
			`{`
Set up Atuin server and client 2024-01-10 12:28:37 -06:00			`"atuin.matri.cx" = proxied { target = "http://127.0.0.1:8888"; };`
Nix flake update; Add brohan.lol meme domain; update Jellyfin container 2024-05-31 14:13:13 -05:00			`"brohan.lol" = static { dir = "/var/www/brohan.lol"; };`
Refactor nginx.nix using generative functions; Remove bind container service; Enable CoreDNS; Open 53UDP on system firewall; rename service files; containers listen on localhost only; added SDA-EXT data volume 2023-06-27 19:41:33 -05:00			`"cache.matri.cx" = proxiedLAN {`
			`target = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";`
			`};`
			`"caitlynncox.com" = static { dir = "/var/www/caitlynncox.com"; };`
			`"dallasmed65.com" = static { dir = "/var/www/dallasmed65.com"; };`
			`"docker.matri.cx" = proxiedAuth {`
			`auth = config.age.secrets.htpasswd-dock.path;`
			`target = "http://127.0.0.1:3001";`
Update Purr config; Add Miniflux service 2024-02-24 12:01:51 -06:00			`extra = ''`
			`client_max_body_size 0;`
			`'';`
Refactor nginx.nix using generative functions; Remove bind container service; Enable CoreDNS; Open 53UDP on system firewall; rename service files; containers listen on localhost only; added SDA-EXT data volume 2023-06-27 19:41:33 -05:00			`};`
Add sampu service 2024-02-24 12:09:42 -06:00			`"eversole.co" = proxied { target = "http://127.0.0.1:5196"; };`
Wired.com is absolute garbage 2024-02-28 14:48:57 -06:00			`"flux.matri.cx" = proxied { target = "http://127.0.0.1:26343"; };`
git changes for soft-serve 2024-02-08 13:05:20 -06:00			`"git.eversole.co" = {`
			`enableACME = true;`
			`forceSSL = true;`
			`locations."/" = { root = "/var/www/git.eversole.co"; tryFiles = "$uri $uri/ @git"; };`
			`locations."@git" = { proxyPass = "http://127.0.0.1:23232"; priority = 600; };`
			`};`
Remove the Transmission env file content from the nix store 2023-06-27 20:36:48 -05:00			`"graf.matri.cx" = { root = "/var/www/graf.matri.cx"; }; # refer to /monitoring/nginx.nix`
Refactor nginx.nix using generative functions; Remove bind container service; Enable CoreDNS; Open 53UDP on system firewall; rename service files; containers listen on localhost only; added SDA-EXT data volume 2023-06-27 19:41:33 -05:00			`"hydra.matri.cx" = proxied {`
			`target = "http://127.0.0.1:3034";`
			`extra = ''`
			`proxy_set_header X-Request-Base "https://hydra.matri.cx";`
			`'';`
			`};`
			`"jame.su" = static { dir = "/var/www/jame.su"; };`
			`"matri.cx" = static { dir = "/var/www/matri.cx"; };`
			`"media.matri.cx" = proxied { target = "http://127.0.0.1:8096"; };`
Add VaultWarden; update Transmission; reorder allowedTCPPorts 2024-08-07 10:02:50 -05:00			`"pw.eversole.co" = proxied { target = "http://127.0.0.1:40080"; };`
Refactor nginx.nix using generative functions; Remove bind container service; Enable CoreDNS; Open 53UDP on system firewall; rename service files; containers listen on localhost only; added SDA-EXT data volume 2023-06-27 19:41:33 -05:00			`"sezycei.com" = static { dir = "/var/www/sezycei.com"; };`
			`"snakebelmont.com" = static { dir = "/var/www/snakebelmont.com"; };`
Remove the Transmission env file content from the nix store 2023-06-27 20:36:48 -05:00			`"transmission.matri.cx" = proxiedLAN { target = "http://127.0.0.1:9091"; };`
Refactor nginx.nix using generative functions; Remove bind container service; Enable CoreDNS; Open 53UDP on system firewall; rename service files; containers listen on localhost only; added SDA-EXT data volume 2023-06-27 19:41:33 -05:00			`"purr.eversole.co" = proxied { target = "http://127.0.0.1:5195"; };`
Add Grafana & Loki & Promtail monitoring stack 2023-06-26 20:05:48 -05:00			`};`
			`};`
			`}`