nicks-nix-config/hosts/Alaska/modules/nginx.nix

{ config, lib, pkgs, ... }:

{
  security.acme = {
    acceptTerms = true;
    defaults.email = "nicholasyoungsumner@gmail.com";
  };

  services.nginx = {
    enable = true;
    commonHttpConfig = ''
      real_ip_header CF-Connecting-IP;
      add_header 'Referrer-Policy' 'origin-when-cross-origin';
      add_header X-Frame-Options DENY;
      add_header X-Content-Type-Options nosniff;
    '';

    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;

    virtualHosts = {

      "default" = {
        default = true;
        serverName = null;
        # https://stackoverflow.com/a/42802777
        locations."/".return = "444";
      };

      "jellyfin.nickiel.net" = {
          forceSSL = true;
          enableACME = true;
          locations."/" = {
            proxyPass = "http://127.0.0.1:8096/";
            proxyWebsockets = true;
            #extraConfig = "proxy_pass_header Authorization";
          };
      };

      "iot.nickiel.net" = {
        locations = {
          "/" = {
            root = "/Aurora/StaticSites/iot";
          };
          "/groovy_green_machine" = {
            proxyPass = "http://10.0.184/";
            extraConfig = ''
              rewrite ^/groovy_green_machine(/.*)$ $1 break;
            '';
          };
        };
      };

      "files.nickiel.net" = {
          forceSSL = true;
          enableACME = true;
          locations."/".extraConfig = ''
            allow 100.64.0.0/24;
            deny all;
          '';
      };

      "git.nickiel.net" = {
          forceSSL = true;
          enableACME = true;
          locations."/".proxyPass = "http://127.0.0.1:3001";
      };

      "staticpages.nickiel.net" = {
        forceSSL = true;
        enableACME = true;
        root = "/Aurora/StaticSites/static_pages/public";
      };

    };
  };
}
Working nextcloud container setup 2023-04-05 21:10:58 -07:00			`{ config, lib, pkgs, ... }:`

			`{`
moved services out of container 2023-04-10 20:23:37 -07:00			`security.acme = {`
			`acceptTerms = true;`
			`defaults.email = "nicholasyoungsumner@gmail.com";`
			`};`

Working nextcloud container setup 2023-04-05 21:10:58 -07:00			`services.nginx = {`
Got acme certs working, but broken port forward 2023-04-07 16:50:38 -07:00			`enable = true;`
only jellyfin enabled 2023-04-10 19:33:56 -07:00			`commonHttpConfig = ''`
			`real_ip_header CF-Connecting-IP;`
			`add_header 'Referrer-Policy' 'origin-when-cross-origin';`
			`add_header X-Frame-Options DENY;`
			`add_header X-Content-Type-Options nosniff;`
			`'';`

Working nextcloud container setup 2023-04-05 21:10:58 -07:00			`recommendedGzipSettings = true;`
			`recommendedOptimisation = true;`
			`recommendedProxySettings = true;`
			`recommendedTlsSettings = true;`

Got acme certs working, but broken port forward 2023-04-07 16:50:38 -07:00			`virtualHosts = {`

added headscale/tailscale config 2023-08-05 09:56:57 -07:00			`"default" = {`
			`default = true;`
			`serverName = null;`
			`# https://stackoverflow.com/a/42802777`
			`locations."/".return = "444";`
			`};`

only jellyfin enabled 2023-04-10 19:33:56 -07:00			`"jellyfin.nickiel.net" = {`
			`forceSSL = true;`
moved services out of container 2023-04-10 20:23:37 -07:00			`enableACME = true;`
only jellyfin enabled 2023-04-10 19:33:56 -07:00			`locations."/" = {`
			`proxyPass = "http://127.0.0.1:8096/";`
			`proxyWebsockets = true;`
			`#extraConfig = "proxy_pass_header Authorization";`
Got acme certs working, but broken port forward 2023-04-07 16:50:38 -07:00			`};`
only jellyfin enabled 2023-04-10 19:33:56 -07:00			`};`

added proxy for iot devices 2023-11-21 17:38:07 -08:00			`"iot.nickiel.net" = {`
added homepage 2023-11-21 18:04:09 -08:00			`locations = {`
			`"/" = {`
fixed mispell 2023-11-21 18:07:50 -08:00			`root = "/Aurora/StaticSites/iot";`
added homepage 2023-11-21 18:04:09 -08:00			`};`
added prefix removal 2024-02-03 18:30:36 -08:00			`"/groovy_green_machine" = {`
			`proxyPass = "http://10.0.184/";`
			`extraConfig = ''`
			`rewrite ^/groovy_green_machine(/.*)$ $1 break;`
			`'';`
added homepage 2023-11-21 18:04:09 -08:00			`};`
added proxy for iot devices 2023-11-21 17:38:07 -08:00			`};`
			`};`

moved services out of container 2023-04-10 20:23:37 -07:00			`"files.nickiel.net" = {`
			`forceSSL = true;`
			`enableACME = true;`
added tailscale only nginx rule for nextcloud 2024-07-11 18:59:09 -07:00			`locations."/".extraConfig = ''`
			`allow 100.64.0.0/24;`
			`deny all;`
			`'';`
moved services out of container 2023-04-10 20:23:37 -07:00			`};`
Added forgejo git server 2023-05-06 10:12:27 -07:00
			`"git.nickiel.net" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations."/".proxyPass = "http://127.0.0.1:3001";`
			`};`
enabled local-network administration 2023-05-06 10:28:31 -07:00
Added static pages site 2023-10-27 11:31:21 -07:00			`"staticpages.nickiel.net" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`root = "/Aurora/StaticSites/static_pages/public";`
			`};`

Working nextcloud container setup 2023-04-05 21:10:58 -07:00			`};`
			`};`
			`}`