nixos-config/configs/sputnik/nginx.nix

261 lines
6.3 KiB
Nix
Raw Normal View History

2019-12-20 05:54:26 +01:00
{ config, lib, pkgs, ... }: {
2019-10-24 02:20:38 +02:00
networking.firewall.allowedTCPPorts = [ 80 443 4443 ];
networking.firewall.allowedUDPPorts = [ 80 443 4443 ];
2019-10-24 02:20:38 +02:00
services.nginx = {
enable = true;
2020-03-04 07:37:03 +01:00
recommendedProxySettings = true;
2019-10-24 02:20:38 +02:00
virtualHosts = {
"git.ingolf-wagner.de" = {
listen = [
2019-12-20 05:54:26 +01:00
{
addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
2019-10-24 02:20:38 +02:00
];
2019-12-20 05:54:26 +01:00
forceSSL = true;
2019-10-24 02:20:38 +02:00
enableACME = true;
2019-12-20 05:54:26 +01:00
locations."/" = { proxyPass = "http://workhorse.private:3000"; };
2019-10-24 02:20:38 +02:00
};
"paste.ingolf-wagner.de" = {
listen = [
2019-12-20 05:54:26 +01:00
{
addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
2019-10-24 02:20:38 +02:00
];
2019-12-20 05:54:26 +01:00
forceSSL = true;
2019-10-24 02:20:38 +02:00
enableACME = true;
2019-12-20 05:54:26 +01:00
locations."/" = { proxyPass = "http://workhorse.private:8000"; };
2019-10-24 02:20:38 +02:00
};
#"landing.ingolf-wagner.de" = {
# default = true;
# listen = [
# { addr = "0.0.0.0"; port = 4443; ssl = true; }
# { addr = "0.0.0.0"; port = 80; ssl = false; }
# ];
# forceSSL = true;
# enableACME = true;
# locations."/" = {
# root = "/srv/www/ingolf-wagner.de";
# };
#};
2020-01-19 07:13:54 +01:00
"travel.ingolf-wagner.de" = {
listen = [
{
addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
];
forceSSL = true;
enableACME = true;
locations."/" = {
root = "/srv/www/travel";
extraConfig = ''
if (-d $request_filename) {
rewrite [^/]$ $scheme://$http_host$request_uri/ permanent;
}
'';
};
};
2019-10-24 02:20:38 +02:00
"tech.ingolf-wagner.de" = {
listen = [
2019-12-20 05:54:26 +01:00
{
addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
2019-10-24 02:20:38 +02:00
];
2019-12-20 05:54:26 +01:00
forceSSL = true;
2019-10-24 02:20:38 +02:00
enableACME = true;
locations."/" = {
root = "/srv/www/tech";
extraConfig = ''
if (-d $request_filename) {
rewrite [^/]$ $scheme://$http_host$request_uri/ permanent;
2019-10-24 02:20:38 +02:00
}
'';
};
};
"terranix.org" = {
listen = [
2019-12-20 05:54:26 +01:00
{
addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
2019-10-24 02:20:38 +02:00
];
2019-12-20 05:54:26 +01:00
forceSSL = true;
2019-10-24 02:20:38 +02:00
enableACME = true;
locations."/" = {
root = "/srv/www/terranix";
extraConfig = ''
if (-d $request_filename) {
rewrite [^/]$ $scheme://$http_host$request_uri/ permanent;
2019-10-24 02:20:38 +02:00
}
'';
};
};
"nextcloud.ingolf-wagner.de" = {
listen = [
{
addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
];
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://nextcloud.workhorse.private";
extraConfig = ''
sub_filter "http://nextcloud.ingolf-wagner.de" "https://nextcloud.ingolf-wagner.de";
2020-03-03 18:14:04 +01:00
sub_filter "nextcloud.workhorse.private" "nextcloud.ingolf-wagner.de";
# used for view/edit office file via Office Online Server
client_max_body_size 0;
'';
};
};
#"nextcloud.gaykraft.com" = {
# listen = [
# {
# addr = "0.0.0.0";
# port = 4443;
# ssl = true;
# }
# {
# addr = "0.0.0.0";
# port = 80;
# ssl = false;
# }
# ];
# forceSSL = true;
# enableACME = true;
# locations."/" = {
# proxyPass = "http://nextcloud.workhorse.private";
# extraConfig = ''
# sub_filter "http://nextcloud.gaykraft.com" "https://nextcloud.gaykraft.com";
# sub_filter "nextcloud.workhorse.private" "nextcloud.gaykraft.com";
# # used for view/edit office file via Office Online Server
# client_max_body_size 0;
# '';
# };
#};
2019-10-24 02:20:38 +02:00
"seafile.gaykraft.com" = {
listen = [
2019-12-20 05:54:26 +01:00
{
addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
2019-10-24 02:20:38 +02:00
];
2019-12-20 05:54:26 +01:00
forceSSL = true;
2019-10-24 02:20:38 +02:00
enableACME = true;
locations."/" = {
proxyPass = "http://workhorse.private:3030";
extraConfig = ''
sub_filter "http://seafile.gaykraft.com" "https://seafile.gaykraft.com";
# used for view/edit office file via Office Online Server
client_max_body_size 0;
'';
};
};
"gaykraft.com" = {
listen = [
2019-12-20 05:54:26 +01:00
{
addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
2019-10-24 02:20:38 +02:00
];
2019-12-20 05:54:26 +01:00
forceSSL = true;
2019-10-24 02:20:38 +02:00
enableACME = true;
2019-12-20 05:54:26 +01:00
locations."/" = { root = "/srv/www/gaykraft"; };
2019-10-24 02:20:38 +02:00
};
};
};
services.sslh = {
enable = true;
listenAddress = "0.0.0.0";
port = 443;
verbose = false;
transparent = true;
2019-12-20 05:54:26 +01:00
appendConfig = # json
''
protocols:
(
{ name: "ssh"; service: "ssh"; host: "localhost"; port: "2222"; probe: "builtin"; },
{ name: "ssl"; host: "localhost"; port: "4443"; probe: "builtin"; },
{ name: "tinc"; host: "localhost"; port: "655"; probe: "builtin"; }
);
'';
2019-10-24 02:20:38 +02:00
};
systemd.services."socat-proxy" = {
wantedBy = [ "sslh.service" "multi-user.target" ];
after = [ "sslh.service" ];
script = ''
${pkgs.socat}/bin/socat TCP-LISTEN:2222,fork TCP:workhorse.private:2222
'';
#serviceConfig.User = "sslh";
};
}