host/Rory-nginx/services/containers/pluralcontactbotpoc/services/nginx.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100

{ config, pkgs, lib, ... }:

{
  services = {
    nginx = {
      enable = true;
      package = pkgs.nginxQuic;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
      recommendedZstdSettings = true;
      recommendedGzipSettings = true;
      recommendedBrotliSettings = true;
      recommendedOptimisation = true;
      appendConfig = ''
        worker_processes 16;
        '';
       eventsConfig = ''
        #use kqueue;
        worker_connections 512;
        '';
      appendHttpConfig = ''
        #sendfile on;
        disable_symlinks off;
      '';
      additionalModules = with pkgs.nginxModules; [
        moreheaders
      ];
      virtualHosts = {
        "pcpoc.rory.gay" = {
          locations."/" = {
            proxyPass = "http://127.0.0.1:6167"; 
            extraConfig = ''
              if ($request_method = 'OPTIONS') {
                more_set_headers 'Access-Control-Allow-Origin: *';
                more_set_headers 'Access-Control-Allow-Methods: *';
                #
                # Custom headers and headers various browsers *should* be OK with but aren't
                #
                more_set_headers 'Access-Control-Allow-Headers: *';
                #
                # Tell client that this pre-flight info is valid for 20 days
                #
                more_set_headers 'Access-Control-Max-Age: 1728000';
                more_set_headers 'Content-Type: text/plain; charset=utf-8';
                more_set_headers 'Content-Length: 0';
                return 204;
              }
            '';
          };
          locations."= /.well-known/matrix/server".extraConfig = ''
            more_set_headers 'Content-Type application/json';
            more_set_headers 'Access-Control-Allow-Origin *';
            return 200 '${builtins.toJSON {
              "m.server" = "pcpoc.rory.gay:443";
            }}';
          ''; 
          locations."= /.well-known/matrix/client".extraConfig = ''
            more_set_headers 'Content-Type application/json';
            more_set_headers 'Access-Control-Allow-Origin *';
            return 200 '${builtins.toJSON {
              "m.homeserver".base_url = "https://pcpoc.rory.gay";
            }
            }';
          ''; 
          locations."= /.well-known/matrix/support".extraConfig = ''
            more_set_headers 'Content-Type application/json';
            more_set_headers 'Access-Control-Allow-Origin *';
            return 200 '${builtins.toJSON {
              admins = [
                  {
                    matrix_id = "@emma:rory.gay";
                    role = "admin";
                  }
                  {
                    matrix_id = "@alicia:rory.gay";
                    role = "admin";
                  }
                  {
                    matrix_id = "@root:rory.gay";
                    role = "admin";
                  }
                  {
                    matrix_id = "@rory:rory.gay";
                    role = "admin";
                  }
                ];
              }
            }';
          '';
        };
      };
    };
  };
  systemd.services.nginx.serviceConfig = {
    LimitNOFILE=5000000;
  };
  security.acme.acceptTerms = true;
  security.acme.defaults.email = "root@rory.gay";

}