eve-psr-nix0/application/nginx.nix

{ config, ... }: {
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;

    virtualHosts."cache.matri.cx" = {
      enableACME = true;
      forceSSL = true;
      root = "/var/www/cache.matri.cx";
      locations."/" = {
        extraConfig = "allow 192.168.0.0\/24;\ndeny all;";
        proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
      };
    };

    virtualHosts."caitlynncox.com" = {
      enableACME = true;
      forceSSL = true;
      root = "/var/www/caitlynncox.com";
    };

    virtualHosts."dallasmed65.com" = {
      enableACME = true;
      forceSSL = true;
      root = "/var/www/dallasmed65.com";
    };

    virtualHosts."docker.matri.cx" = {
      enableACME = true;
      forceSSL = true;
      root = "/var/www/docker.matri.cx";
      locations."/" = {
        basicAuthFile = config.age.secrets.htpasswd-dock.path;
        proxyPass = "http://192.168.0.130:3001";
      };
    };

    virtualHosts."eversole.co" = {
      enableACME = true;
      forceSSL = true;
      root = "/var/www/jame.su";
      locations = {
        "/.well-known/openpgpkey/hu/".extraConfig = ''
          default_type "application/octet-stream";
          add_header Access-Control-Allow-Origin * always;
        '';
        "/ip".proxyPass = "http://192.168.0.130:5001";
        "/pw".proxyPass = "http://192.168.0.130:5002";
      };
    };

    virtualHosts."git.eversole.co" = {
      enableACME = true;
      forceSSL = true;
      root = "/var/www/git.eversole.co";
      locations = {
        "/James".extraConfig = ''
          if ($request_uri ~* "([^/]*$)" ) {
            return 301 https://$server_name/$1;
          }
        '';
        "/".proxyPass = "http://192.168.0.130:5121";
      };
    };

    # refer to /monitoring/nginx.nix
    virtualHosts."graf.eversole.co" = {
      root = "/var/www/graf.eversole.co";
    };

    virtualHosts."hydra.matri.cx" = {
      enableACME = true;
      forceSSL = true;
      root = "/var/www/hydra.matri.cx";
      locations."/" = {
        proxyPass = "http://192.168.0.130:3034";
        extraConfig = ''
          proxy_set_header X-Request-Base "https://hydra.matri.cx";
        '';
      };
    };

    virtualHosts."jame.su" = {
      enableACME = true;
      forceSSL = true;
      root = "/var/www/jame.su";
    };

    virtualHosts."matri.cx" = {
      enableACME = true;
      forceSSL = true;
      root = "/var/www/matri.cx";
    };

    virtualHosts."media.matri.cx" = {
      enableACME = true;
      forceSSL = true;
      root = "/var/www/media.matri.cx";
      locations."/".proxyPass = "http://192.168.0.130:8096";
    };

    virtualHosts."sezycei.com" = {
      enableACME = true;
      forceSSL = true;
      root = "/var/www/sezycei.com";
    };

    virtualHosts."snakebelmont.com" = {
      enableACME = true;
      forceSSL = true;
      root = "/var/www/snakebelmont.com";
    };

    virtualHosts."purr.eversole.co" = {
      enableACME = true;
      forceSSL = true;
      root = "/var/www/purr.eversole.co";
      locations."/".proxyPass = "http://192.168.0.130:5195";
    };

  };
}