{ pkgs, config, ... }:
{
networking.firewall.allowedTCPPorts = [ 80 443 8448 ];
security.acme = {
acceptTerms = true;
defaults.email = "webmaster@morj.men";
certs."morj.men" = {
domain = "*.morj.men";
extraDomainNames = [ "morj.men" "*.test.morj.men" ];
group = config.services.nginx.group;
dnsProvider = "cloudflare";
environmentFile = "/etc/cloudflare-creds.env";
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
appendHttpConfig = ''charset UTF-8;'';
virtualHosts."false.morj.men" = {
default = true;
locations."/".extraConfig = "deny all;";
};
virtualHosts."vpn.morj.men" = {
locations."/".extraConfig = "deny all;";
};
virtualHosts."www.morj.men" = {
locations."/".extraConfig = "deny all;";
};
virtualHosts."captive.morj.men" = {
addSSL = false;
rejectSSL = true;
locations."/".return = "200 success";
extraConfig = ''
add_header Content-Type text/plain;
access_log "/var/log/nginx/access-log-$scheme-$server_name.log";
'';
};
virtualHosts."morj.men" = {
forceSSL = true;
useACMEHost = "morj.men";
locations."/" = {
root = "/srv/www/";
};
extraConfig = ''
access_log "/var/log/nginx/access-log-$scheme-$server_name.log";
'';
};
virtualHosts."blog-preview.test.morj.men" = {
forceSSL = true;
useACMEHost = "morj.men";
locations."/" = {
root = "/srv/blog-test/";
};
extraConfig = ''
access_log "/var/log/nginx/access-log-$scheme-$server_name.log";
'';
};
virtualHosts."blog.morj.men" = {
forceSSL = true;
useACMEHost = "morj.men";
locations."/" = {
root = "/srv/blog/";
};
extraConfig = ''
access_log "/var/log/nginx/access-log-$scheme-$server_name.log";
'';
};
virtualHosts."ipv6.blog.morj.men" = {
forceSSL = true;
useACMEHost = "morj.men";
locations."/" = {
root = "/srv/blog/";
};
extraConfig = ''
access_log "/var/log/nginx/access-log-$scheme-$server_name.log";
'';
};
virtualHosts."reader.morj.men" = {
forceSSL = true;
useACMEHost = "morj.men";
locations."/" = {
proxyPass = "http://127.0.0.1:8081";
};
extraConfig = ''
access_log "/var/log/nginx/access-log-$scheme-$server_name.log";
'';
};
virtualHosts."re.morj.men" = {
forceSSL = true;
useACMEHost = "morj.men";
locations."/" = {
proxyPass = "http://127.0.0.1:8040";
};
extraConfig = ''
access_log "/var/log/nginx/access-log-$scheme-$server_name.log";
'';
};
virtualHosts."git.morj.men" = {
forceSSL = true;
useACMEHost = "morj.men";
locations."/" = {
proxyPass = "http://localhost:8050";
};
extraConfig = ''
access_log "/var/log/nginx/access-log-$scheme-$server_name.log";
'';
};
virtualHosts."tv.morj.men" = {
forceSSL = true;
useACMEHost = "morj.men";
locations."/" = {
proxyPass = "http://192.168.10.25:8096";
};
extraConfig = ''
access_log "/var/log/nginx/access-log-$scheme-$server_name.log";
'';
};
virtualHosts."book.test.morj.men" = {
forceSSL = true;
useACMEHost = "morj.men";
locations."/" = {
proxyPass = "http://192.168.10.25:8080";
};
extraConfig = ''
access_log "/var/log/nginx/access-log-$scheme-$server_name.log";
'';
};
virtualHosts."radicale.morj.men" = {
forceSSL = true;
useACMEHost = "morj.men";
locations."/" = {
proxyPass = "http://localhost:5232";
extraConfig = ''
proxy_set_header X-Script-Name /;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass_header Authorization;
'';
};
extraConfig = ''
access_log "/var/log/nginx/access-log-$scheme-$server_name.log";
'';
};
virtualHosts."pokesz.morj.men" = {
forceSSL = true;
useACMEHost = "morj.men";
locations."/" = {
proxyPass = "http://localhost:9092";
proxyWebsockets = true;
extraConfig = ''
proxy_send_timeout 1d;
proxy_read_timeout 1d;
'';
};
extraConfig = ''
access_log "/var/log/nginx/access-log-$scheme-$server_name.log";
'';
};
virtualHosts."random.test.morj.men" = {
forceSSL = true;
useACMEHost = "morj.men";
locations."/" = {
proxyPass = "http://localhost:31337";
proxyWebsockets = true;
extraConfig = ''
proxy_send_timeout 1d;
proxy_read_timeout 1d;
'';
};
extraConfig = ''
access_log "/var/log/nginx/access-log-$scheme-$server_name.log";
'';
};
};
services.miniflux = {
enable = true;
adminCredentialsFile = "/etc/miniflux/environment.conf";
config = {
LISTEN_ADDR = "localhost:8081";
};
};
services.re-server = {
enable = true;
port = 8040;
user = "morj";
group = "users";
configPath = "/home/morj/.config/re.ron";
};
services.hagia = {
enable = true;
port = 8050;
baseUrl = "https://git.morj.men";
logLevel = "debug";
projectsRootPath = "/srv/hagia";
databasePath = "/etc/hagia/database.sqlite3";
};
services.radicale = {
enable = true;
settings = {
auth = {
type = "htpasswd";
htpasswd_encryption = "bcrypt";
htpasswd_filename =
let file = pkgs.writeTextFile {
name = "users.htaccess";
text = "morj:$2y$05$gnwS1tQd7DEDLHwnMbylTOoMgjqxFLqOP5UrdQ1N1j.hUsi0518tK";
};
in "${file}";
};
storage.filesystem_folder = "/var/lib/radicale/collections";
server.hosts = "localhost:5232";
};
};
services.pokesz = {
enable = true;
port = 9092;
};
}