host/Rory-nginx/services/nginx/nginx.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107

{ config, pkgs, ... }:
let
  serveDir = config: {
    enableACME = if config ? ssl then config.ssl else true;
    addSSL = if config ? ssl then config.ssl else true;
    root = if config ? path then config.path else builtins.throw "path is required";
    locations = {
      "/" = {
        index = "index.html";
      };
    };
  };
in
{
  services = {
    nginx = {
      enable = true;
      package = pkgs.nginxQuic;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
      recommendedZstdSettings = true;
      recommendedGzipSettings = true;
      recommendedBrotliSettings = true;
      recommendedOptimisation = true;
      defaultMimeTypes = ../../../../modules/packages/nginx/mime.types;
      appendConfig = ''
        worker_processes 16;
      '';
      eventsConfig = ''
        #use kqueue;
        worker_connections 512;
      '';
      appendHttpConfig = ''
        #sendfile on;
        disable_symlinks off;
        log_format combined_vhosts '$remote_addr - $remote_user [$time_local] {host="$host",server_name="$server_name",upstream=$upstream_addr,t=$request_time[u_conn=$upstream_connect_time,u_hdr=$upstream_header_time,u_resp=$upstream_response_time]} "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
        access_log /var/log/nginx/access.log combined_vhosts;
      '';
      additionalModules = with pkgs.nginxModules; [ moreheaders ];
      virtualHosts = {
        "boorunav.com" = serveDir { path = "/data/nginx/html_boorunav"; };
        "catgirlsaresexy.com" = serveDir { path = "/data/nginx/html_catgirlsaresexy"; };
        "sugarcanemc.org" = serveDir { path = "/data/nginx/html_sugarcanemc"; };

        "siliconheaven.thearcanebrony.net" = serveDir { path = "/data/nginx/html_siliconheaven"; };
        "lfs.thearcanebrony.net" = serveDir { path = "/data/nginx/html_lfs"; };
        "git.thearcanebrony.net" = serveDir { path = "/data/nginx/html_git"; };
        "files.thearcanebrony.net" = serveDir { path = "/data/nginx/html_files"; };
        "spigotav.thearcanebrony.net" = serveDir { path = "/data/nginx/html_spigotav"; };
        "terra.thearcanebrony.net" = serveDir { path = "/data/nginx/html_terrarchive"; };
        "vives.thearcanebrony.net" = serveDir { path = "/data/nginx/html_vives"; };

        "git.rory.gay" = serveDir { path = "/data/nginx/html_git"; };
        "wad.rory.gay" = serveDir { path = "/data/nginx/html_wad"; } // { locations."/".extraConfig = "autoindex on; try_files $uri $uri/ /index.html;"; };
        "wad-api.rory.gay" = import ./rory.gay/wad-api.nix;

        "thearcanebrony.net" = import ./thearcanebrony.net/root.nix;
        "sentry.thearcanebrony.net" = import ./thearcanebrony.net/sentry.nix;
        "search.thearcanebrony.net" = import ./thearcanebrony.net/search.nix;

        "rory.gay" = import ./rory.gay/root.nix;
        "lfs.rory.gay" = serveDir { path = "/data/nginx/html_lfs"; };

        "awooradio.thearcanebrony.net" = import ./thearcanebrony.net/awooradio.nix;
        "cgit.rory.gay" = import ./rory.gay/cgit.nix;
        #"jitsi.rory.gay" = import ./rory.gay/jitsi.nix;

        #matrix...
        "conduit.rory.gay" = import ./rory.gay/conduit.nix;
        "matrix.rory.gay" = import ./rory.gay/matrix.nix;
        "pcpoc.rory.gay" = import ./rory.gay/pcpoc.nix;
        "matrixunittests.rory.gay" = import ./rory.gay/matrixunittests.nix;
        "conduit.matrixunittests.rory.gay" = import ./rory.gay/conduit.matrixunittests.nix;
        "mru.rory.gay" = import ./rory.gay/mru.nix;

        #bots...
        "0bottests.bots.rory.gay" = import ./rory.gay/bots.nix;
        "catnipbot.bots.rory.gay" = import ./rory.gay/bots.nix;
        "impulsyeeter.bots.rory.gay" = import ./rory.gay/bots.nix;
        "omnibot.bots.rory.gay" = import ./rory.gay/bots.nix;
        "yatopiawatchdog.bots.rory.gay" = import ./rory.gay/bots.nix;
        "playground.bots.rory.gay" = import ./rory.gay/bots.nix;
        "kinobot.bots.rory.gay" = import ./rory.gay/bots.nix;
        "siliconbotpublic.bots.rory.gay" = import ./rory.gay/bots.nix;
        "thearcanebot.bots.rory.gay" = import ./rory.gay/bots.nix;
        "anonbot.bots.rory.gay" = import ./rory.gay/bots.nix;
        "hericanbot.bots.rory.gay" = import ./rory.gay/bots.nix;
        "siliconbot.bots.rory.gay" = import ./rory.gay/bots.nix;
        "impulsbot.bots.rory.gay" = import ./rory.gay/bots.nix;
        "studiobot.bots.rory.gay" = import ./rory.gay/bots.nix;
        "carsnbots.bots.rory.gay" = import ./rory.gay/bots.nix;
        "binsh.bots.rory.gay" = import ./rory.gay/bots.nix;
        "fosscordbot.bots.rory.gay" = import ./rory.gay/bots.nix;
        "sugarcanebot.bots.rory.gay" = import ./rory.gay/bots.nix;
        "gradbot.bots.rory.gay" = import ./rory.gay/bots.nix;
      };
    };
  };
  systemd.services.nginx.serviceConfig = {
    LimitNOFILE = 5000000;
  };
  systemd.services.nginx.requires = [ "data.mount" ];
  security.acme.acceptTerms = true;
  security.acme.defaults.email = "root@thearcanebrony.net";

  networking.hosts."127.0.0.1" = builtins.attrNames config.services.nginx.virtualHosts;
}