host/Spacebar-nginx/configuration.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

{ config, pkgs, lib, secrets, spacebarchat-server-dev-nix, ... }:

{
  imports =
    [
      ../../modules/base.nix
      (import ./containers/spacebar-server-dev-nix/import.nix { inherit config lib pkgs secrets; spacebar-server = spacebarchat-server-dev-nix; })
    ];

  networking = {
    hostName = "Spacebar-nginx";
    interfaces.ens18.ipv4.addresses = [ { 
      address = "192.168.1.2";
      prefixLength = 24;
    } ];
    interfaces.ens19.ipv4.addresses = [ {
      address = "10.10.11.2";
      prefixLength = 16;
    } ];
  };

  services = {
    nginx = {
      enable = true;
      package = pkgs.nginxMainline;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
      clientMaxBodySize = "50m";
      appendConfig = ''
        worker_processes 16;
        '';
      eventsConfig = ''
        #use kqueue;
        worker_connections 512;
        '';
      virtualHosts = {
        # legacy
        "matrix.thearcanebrony.net" = import ./nginx-hosts/thearcanebrony.net/matrix.nix;
        "matrix.fosscord.com" = import ./nginx-hosts/fosscord.com/matrix.nix;

        # production
        "mail.spacebar.chat" = import ./nginx-hosts/spacebar.chat/mail.nix;
        "grafana.spacebar.chat" = import ./nginx-hosts/spacebar.chat/grafana.nix;
        "old.server.spacebar.chat" = import ./nginx-hosts/spacebar.chat/server/old/root.nix;
        "api.old.server.spacebar.chat" = import ./nginx-hosts/spacebar.chat/server/old/api.nix;
        "cdn.old.server.spacebar.chat" = import ./nginx-hosts/spacebar.chat/server/old/cdn.nix;
        "gateway.old.server.spacebar.chat" = import ./nginx-hosts/spacebar.chat/server/old/gateway.nix;

        # local only
        "secrets.internal.spacebar.chat" = import ./nginx-hosts/spacebar.chat/internal/secrets.nix { inherit lib config; };
      };
    };
  };

  systemd.services.nginx.serviceConfig = {
    LimitNOFILE=5000000;
  };

  systemd.services.nginx.requires = [ "data.mount" ];
  security.acme.acceptTerms = true;
  security.acme.defaults.email = "chris@spacebar.chat";
  # security.acme.server = "https://acme-staging-v02.api.letsencrypt.org/directory";

  system.stateVersion = "22.11"; # DO NOT EDIT!
}