nixos-config/nixos/machines/robi/nginx.nix

{ config, lib, pkgs, private_assets, ... }:
let
  # todo create flake for this
  errorPages = pkgs.fetchFromGitHub {
    owner = "mrvandalo";
    repo = "http-errors";
    rev = "74b8e4c1d9bbba3db6ad858b888e1867318af1f0";
    sha256 = "0czdzafx4k76q773lyf3vsjm74g1995iz542dhw15kpy5xbivsrg";
  };
  error = {
    extraConfig = ''
      error_page 400 /errors/400.html;
      error_page 401 /errors/401.html;
      error_page 402 /errors/402.html;
      error_page 403 /errors/403.html;
      error_page 404 /errors/404.html;
      error_page 405 /errors/405.html;
      error_page 406 /errors/406.html;
      error_page 500 /errors/500.html;
      error_page 501 /errors/501.html;
      error_page 502 /errors/502.html;
      error_page 503 /errors/503.html;
      error_page 504 /errors/504.html;
    '';
    locations."^~ /errors/" = {
      extraConfig = "internal;";
      root = "${errorPages}/";
    };
  };
in

{
  networking.firewall.allowedTCPPorts = [ 80 443 ];
  networking.firewall.allowedUDPPorts = [ 80 443 ];


  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    virtualHosts = {

      "ingolf-wagner.de" = {
        forceSSL = true;
        enableACME = true;
        extraConfig = error.extraConfig;
        locations = {
          "/" = {
            root = pkgs.landingpage.override {
              jsonConfig = [
                {
                  title = "Ingolf Wagner";
                  text = ''
                    I'm a freelancing mathematician, musician and programmer.

                    My PGP fingerprint is 42AC 51C9 482D 0834 CF48  8AF1 389E C2D6 4AC7 1EAC
                  '';
                }
                {
                  text = ''
                    Here are some of my projects you might enjoy:
                  '';
                  items = [
                    {
                      label = "terranix";
                      href = "https://terranix.org";
                      image = "https://raw.githubusercontent.com/terranix/terranix-artwork/main/terranix-logo.svg";
                    }
                    {
                      label = "Sononym";
                      href = "https://www.sononym.net/";
                      image = "https://www.sononym.net/press/logos/sononym-logo-symbol-black.png";
                    }
                    {
                      label = "LandingPage";
                      href = "https://github.com/mrVanDalo/landingpage";
                      image = "https://media.giphy.com/media/2vNGq1w3nsJri/giphy.gif";
                    }
                    {
                      label = "My Blog";
                      href = "https://tech.ingolf-wagner.de/";
                      image = "https://media.giphy.com/media/11I8v5lE8uq79C/giphy.gif";
                    }
                  ];
                }
              ];
              title = "Ingolf Wagner";
              max-width = "1010px";
              background-color = "#FEFAE0";
              title-color = "black";
              title-background-color = "#E9EDC9";
              text-color = "black";
              text-background-color = "#FAEDCD";
              item-color = "black";
              item-background-color = "#E9EDC9";
              image-width = "250px";
              image-height = "200px";
            };
          };
          "= /palo.pgp" = {
            root = pkgs.writeText "key" (lib.fileContents ../../assets/pgp.key);
          };
          "= /palo.gpg" = {
            root = pkgs.writeText "key" (lib.fileContents ../../assets/pgp.key);
          };
          "= /palo_rsa.pub" = {
            root = pkgs.writeText "key" (lib.fileContents ../../assets/ssh/palo_rsa.pub);
          };
        };
      };

      # "stable-diffusion.ingolf-wagner.de" = {
      #   forceSSL = true;
      #   enableACME = true;
      #   extraConfig = error.extraConfig;
      #   root = "/srv/www/stable-diffusion";
      #   locations = {
      #     "/model-v1-4.ckpt" = {
      #       basicAuthFile = "${private_assets}/stable-diffusion-htpasswd";
      #       tryFiles = "/stable-diffusion-v-1-4-original/sd-v1-4.ckpt =404";
      #     };
      #     #"/model-v1-3.ckpt" = {
      #     #  basicAuthFile = "${private_assets}/stable-diffusion-htpasswd";
      #     #  tryFiles = "stable-diffusion-v-1-3-original/sd-v1-3.ckpt";
      #     #};
      #   } // error.locations;
      # };

      "travel.ingolf-wagner.de" = {
        forceSSL = true;
        enableACME = true;
        extraConfig = error.extraConfig;
        locations = {
          "/" = {
            root = "/srv/www/travel";
            extraConfig = ''
              if (-d $request_filename) {
                rewrite [^/]$ $scheme://$http_host$request_uri/ permanent;
              }
            '';
          };
        } // error.locations;
      };
      "tech.ingolf-wagner.de" = {
        forceSSL = true;
        enableACME = true;
        extraConfig = error.extraConfig;
        locations = {
          "/" = {
            root = "/srv/www/tech";
            extraConfig = ''
              if (-d $request_filename) {
                rewrite [^/]$ $scheme://$http_host$request_uri/ permanent;
              }
            '';
          };
        } // error.locations;
      };
      "terranix.org" = {
        forceSSL = true;
        enableACME = true;
        extraConfig = error.extraConfig;
        locations = {
          "/" = {
            root = "/srv/www/terranix";
            extraConfig = ''
              if (-d $request_filename) {
                rewrite [^/]$ $scheme://$http_host$request_uri/ permanent;
              }
            '';
          };
        } // error.locations;
      };
    };
  };
}