{ config, pkgs, ... }: let proxy = path: { http2 = true; forceSSL = true; enableACME = true; locations."/" = { proxyPass = path; proxyWebsockets = true; }; }; bigProxy = path: { http2 = true; forceSSL = true; enableACME = true; locations."/" = { proxyPass = path; proxyWebsockets = true; extraConfig = '' client_max_body_size 0; ''; }; }; k8sProxy = proxy "http://kubernetes.lxd:8080/"; in { imports = [ ../../common ../../common/lxc.nix ]; networking.hostName = "nginx"; system.stateVersion = "21.11"; networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ 80 443 ]; services.nginx = { enable = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; recommendedGzipSettings = true; package = pkgs.nginxMainline; virtualHosts."asraphiel.dev" = { forceSSL = true; http2 = true; enableACME = true; root = "/etc/main"; }; virtualHosts."git.asraphiel.dev" = proxy "http://gitea.lxd:3000/"; virtualHosts."vault.asraphiel.dev" = proxy "http://vault.lxd:8200/"; virtualHosts."s3.asraphiel.dev" = bigProxy "http://minio.lxd:9000/"; virtualHosts."shell.s3.asraphiel.dev" = proxy "http://minio.lxd:9001/"; virtualHosts."registry.asraphiel.dev" = proxy "http://registry.lxd:5000/"; virtualHosts."vaultwarden.asraphiel.dev" = proxy "http://vaultwarden.lxd:8000/"; virtualHosts."whoami.asraphiel.dev" = k8sProxy; virtualHosts."auth.asraphiel.dev" = k8sProxy; virtualHosts."drone.asraphiel.dev" = k8sProxy; virtualHosts."galerie.asraphiel.dev" = k8sProxy; virtualHosts."galerie-staging.asraphiel.dev" = k8sProxy; virtualHosts."ansichtkaarten.asraphiel.dev" = k8sProxy; virtualHosts."groenehartansichtkaarten.nl" = k8sProxy; virtualHosts."cdn.asraphiel.dev" = k8sProxy; }; security.acme.email = "acme@voidcorp.nl"; security.acme.acceptTerms = true; environment.etc."main/index.html" = { enable = true; source = ./index.html; }; }