78 lines
2.5 KiB
Nix
78 lines
2.5 KiB
Nix
{ pkgs, config, ... }:
|
|
let
|
|
containernix = import ./containers.nix;
|
|
containers = containernix.virtualisation.oci-containers.containers;
|
|
in
|
|
{
|
|
services.nginx = {
|
|
enable = true;
|
|
recommendedProxySettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedGzipSettings = true;
|
|
|
|
virtualHosts =
|
|
let
|
|
base = locations: {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
inherit locations;
|
|
};
|
|
|
|
static = { dir }: base {
|
|
"/".root = dir;
|
|
};
|
|
|
|
proxied = { target, extra ? "" }: base {
|
|
"/" = {
|
|
proxyPass = target;
|
|
extraConfig = extra;
|
|
};
|
|
};
|
|
|
|
proxiedAuth = { target, extra ? "", auth }: base {
|
|
"/" = {
|
|
proxyPass = target;
|
|
basicAuthFile = auth;
|
|
extraConfig = extra;
|
|
};
|
|
};
|
|
proxiedLAN = { target }: base {
|
|
"/" = {
|
|
proxyPass = target;
|
|
extraConfig = ''
|
|
allow 192.168.0.0/24;
|
|
deny all;
|
|
'';
|
|
};
|
|
};
|
|
in
|
|
{
|
|
"cache.matri.cx" = proxiedLAN {
|
|
target = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
|
|
};
|
|
"caitlynncox.com" = static { dir = "/var/www/caitlynncox.com"; };
|
|
"dallasmed65.com" = static { dir = "/var/www/dallasmed65.com"; };
|
|
"docker.matri.cx" = proxiedAuth {
|
|
auth = config.age.secrets.htpasswd-dock.path;
|
|
target = "http://127.0.0.1:3001";
|
|
};
|
|
"eversole.co" = static { dir = "/var/www/jame.su"; };
|
|
"git.eversole.co" = proxied { target = "http://127.0.0.1:5121"; };
|
|
"graf.eversole.co" = { root = "/var/www/graf.eversole.co"; }; # refer to /monitoring/nginx.nix
|
|
"hydra.matri.cx" = proxied {
|
|
target = "http://127.0.0.1:3034";
|
|
extra = ''
|
|
proxy_set_header X-Request-Base "https://hydra.matri.cx";
|
|
'';
|
|
};
|
|
"jame.su" = static { dir = "/var/www/jame.su"; };
|
|
"matri.cx" = static { dir = "/var/www/matri.cx"; };
|
|
"media.matri.cx" = proxied { target = "http://127.0.0.1:8096"; };
|
|
"sezycei.com" = static { dir = "/var/www/sezycei.com"; };
|
|
"snakebelmont.com" = static { dir = "/var/www/snakebelmont.com"; };
|
|
"transmission.matri.cx" = proxiedLAN { target = "http://127.0.0.1:9001"; };
|
|
"purr.eversole.co" = proxied { target = "http://127.0.0.1:5195"; };
|
|
};
|
|
};
|
|
}
|