{ config, pkgs, ... }: let serveDir = config: { enableACME = if config ? ssl then config.ssl else !config.virtualisation.isVmVariant; addSSL = if config ? ssl then config.ssl else true; root = if config ? path then config.path else builtins.throw "path is required"; locations = { "/" = { index = "index.html"; }; }; }; in { services = { nginx = { enable = true; package = pkgs.nginxQuic; recommendedProxySettings = true; recommendedTlsSettings = true; recommendedZstdSettings = true; #recommendedGzipSettings = true; recommendedBrotliSettings = true; recommendedOptimisation = true; defaultMimeTypes = ../../../../packages/nginx/mime.types; appendConfig = '' worker_processes 16; ''; eventsConfig = '' #use kqueue; worker_connections 512; ''; appendHttpConfig = '' #sendfile on; disable_symlinks off; log_format combined_vhosts '$remote_addr - $remote_user [$time_local] {host="$host",server_name="$server_name",upstream=$upstream_addr,t=$request_time[u_conn=$upstream_connect_time,u_hdr=$upstream_header_time,u_resp=$upstream_response_time]} "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'; access_log /var/log/nginx/access.log combined_vhosts; ''; additionalModules = with pkgs.nginxModules; [ moreheaders ]; virtualHosts = { #"boorunav.com" = serveDir { path = "/data/nginx/html_boorunav"; }; # "catgirlsaresexy.com" = serveDir { path = "/data/nginx/html_catgirlsaresexy"; }; # "sugarcanemc.org" = serveDir { path = "/data/nginx/html_sugarcanemc"; }; # #"siliconheaven.thearcanebrony.net" = serveDir { path = "/data/nginx/html_siliconheaven"; }; #"lfs.thearcanebrony.net" = serveDir { path = "/data/nginx/html_lfs"; }; #"git.thearcanebrony.net" = serveDir { path = "/data/nginx/html_git"; }; #"files.thearcanebrony.net" = serveDir { path = "/data/nginx/html_files"; }; #"spigotav.thearcanebrony.net" = serveDir { path = "/data/nginx/html_spigotav"; }; #"terra.thearcanebrony.net" = serveDir { path = "/data/nginx/html_terrarchive"; }; #"vives.thearcanebrony.net" = serveDir { path = "/data/nginx/html_vives"; }; # # "git.rory.gay" = serveDir { path = "/data/nginx/html_git"; }; # "wad.rory.gay" = serveDir { path = "/data/nginx/html_wad"; } // { # locations."/".extraConfig = "autoindex on; try_files $uri $uri/ /index.html;"; # }; # "wad-api.rory.gay" = import ./rory.gay/wad-api.nix; # #"thearcanebrony.net" = import ./thearcanebrony.net/root.nix; # "sentry.thearcanebrony.net" = import ./thearcanebrony.net/sentry.nix; # "search.thearcanebrony.net" = import ./thearcanebrony.net/search.nix; # "rory.gay" = import ./rory.gay/root.nix { inherit config; }; # "lfs.rory.gay" = serveDir { path = "/data/nginx/html_lfs"; }; # # "awooradio.thearcanebrony.net" = import ./thearcanebrony.net/awooradio.nix; "cgit.rory.gay" = import ./rory.gay/cgit.nix { inherit config; }; # #"jitsi.rory.gay" = import ./rory.gay/jitsi.nix; # # #matrix... # "conduit.rory.gay" = import ./rory.gay/conduit.nix; "matrix.rory.gay" = import ./rory.gay/matrix.nix { inherit config; }; "libmatrix-fed-test.rory.gay" = import ./rory.gay/libmatrix-fed-test.nix { inherit config; }; "safensound.rory.gay" = import ./rory.gay/safensound.nix { inherit config; }; "demo.safensound.rory.gay" = import ./rory.gay/demo.safensound.nix { inherit config; }; "api.safensound.rory.gay" = import ./rory.gay/api.safensound.nix { inherit config; }; "stream.rory.gay" = import ./rory.gay/stream.nix { inherit config; }; # "pcpoc.rory.gay" = import ./rory.gay/pcpoc.nix; # "matrixunittests.rory.gay" = import ./rory.gay/matrixunittests.nix; # "conduit.matrixunittests.rory.gay" = import ./rory.gay/conduit.matrixunittests.nix; "mru.rory.gay" = import ./rory.gay/mru.nix { inherit config; }; "ec.rory.gay" = import ./rory.gay/ec.nix { inherit config; }; }; }; }; systemd.services.nginx.serviceConfig = { LimitNOFILE = 5000000; }; security.acme.acceptTerms = true; security.acme.defaults.email = "root@rory.gay"; networking.hosts."127.0.0.1" = builtins.attrNames config.services.nginx.virtualHosts; networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedUDPPorts = [ 443 ]; }