{ config, lib, pkgs, ... }: { imports = [ ./orbekk-pkgs.nix ]; networking.firewall.allowedTCPPorts = [ 80 443 ]; services.nginx = { enable = true; recommendedProxySettings = true; appendHttpConfig = '' # This is a workaround to deal with closed connections on # large downloads. proxy_buffering off; ''; virtualHosts = let template = { enableACME = true; forceSSL = true; }; in { "orbekk.no" = template // { root = "/storage/srv/orbekk.com"; }; "orbekk.com" = template // { root = "/storage/srv/orbekk.com"; }; "shape.orbekk.com" = template // { root = "/storage/srv/orbekk.com"; }; "kj.orbekk.com" = template // { root = "${pkgs.www-orbekk}"; locations."/" = { extraConfig = '' try_files $uri @storage; ''; }; locations."@storage" = { root = "/storage/srv/kj.orbekk.com"; extraConfig = '' autoindex on; ''; }; locations."/stats" = { alias = "/var/lib/stats/out/"; extraConfig = " autoindex on;"; }; locations."/systemd" = { proxyPass = "http://10.0.20.15:11105/"; }; locations."/hledger" = { extraConfig = ''return 302 /hledger/;''; }; # locations."/hledger/" = { # proxyPass = "http://localhost:5000/"; # extraConfig = '' # auth_basic "hledger"; # auth_basic_user_file /opt/site/hledger-htpasswd; # ''; # }; locations."/_matrix" = { proxyPass = "http://10.0.20.15:11102"; }; }; "git.orbekk.com" = template // { locations."/".proxyPass = "http://10.0.20.15:11103"; }; "hydra.orbekk.com" = template // { locations."/" = { proxyPass = "http://10.0.20.15:11101"; }; }; "kufieta.net" = template // { locations."/".proxyPass = "http://10.0.20.13"; }; }; }; }