From 44215ecfc92054f69f230348071b01639eb050b8 Mon Sep 17 00:00:00 2001 From: fi Date: Sun, 5 Apr 2026 23:59:35 +0200 Subject: [PATCH] Remove obsolete configuration --- config/hosts/navidrome/configuration.nix | 33 ------------------- config/hosts/navidrome/default.nix | 7 ---- config/hosts/navidrome/navidrome.nix | 9 ----- config/hosts/navidrome/nginx.nix | 24 -------------- config/hosts/navidrome/secrets.nix | 13 -------- config/hosts/netbox/configuration.nix | 17 ---------- config/hosts/netbox/default.nix | 8 ----- config/hosts/netbox/netbox.nix | 8 ----- config/hosts/netbox/nginx.nix | 29 ---------------- config/hosts/netbox/secrets.nix | 11 ------- config/hosts/nitter/configuration.nix | 17 ---------- config/hosts/nitter/default.nix | 8 ----- config/hosts/nitter/nginx.nix | 23 ------------- config/hosts/nitter/nitter.nix | 21 ------------ config/hosts/paperless/configuration.nix | 17 ---------- config/hosts/paperless/default.nix | 9 ----- .../paperless/hardware-configuration.nix | 30 ----------------- config/hosts/paperless/nginx.nix | 31 ----------------- config/hosts/paperless/paperless.nix | 8 ----- config/hosts/paperless/secrets.nix | 21 ------------ config/hosts/web-public-1/configuration.nix | 17 ---------- config/hosts/web-public-1/default.nix | 7 ---- config/hosts/web-public-1/nginx.nix | 10 ------ .../virtualHosts/acme-challenge.nix | 18 ---------- .../web-public-1/virtualHosts/default.nix | 16 --------- config/hosts/web-public-2/nginx.nix | 4 --- .../virtualHosts/anisync.grzb.de.nix | 23 ------------- .../web-public-2/virtualHosts/default.nix | 4 --- .../virtualHosts/gameserver.grzb.de.nix | 28 ---------------- .../web-public-2/virtualHosts/git.grzb.de.nix | 30 ----------------- .../virtualHosts/mewtube.nekover.se.nix | 20 ----------- 31 files changed, 521 deletions(-) delete mode 100644 config/hosts/navidrome/configuration.nix delete mode 100644 config/hosts/navidrome/default.nix delete mode 100644 config/hosts/navidrome/navidrome.nix delete mode 100644 config/hosts/navidrome/nginx.nix delete mode 100644 config/hosts/navidrome/secrets.nix delete mode 100644 config/hosts/netbox/configuration.nix delete mode 100644 config/hosts/netbox/default.nix delete mode 100644 config/hosts/netbox/netbox.nix delete mode 100644 config/hosts/netbox/nginx.nix delete mode 100644 config/hosts/netbox/secrets.nix delete mode 100644 config/hosts/nitter/configuration.nix delete mode 100644 config/hosts/nitter/default.nix delete mode 100644 config/hosts/nitter/nginx.nix delete mode 100644 config/hosts/nitter/nitter.nix delete mode 100644 config/hosts/paperless/configuration.nix delete mode 100644 config/hosts/paperless/default.nix delete mode 100644 config/hosts/paperless/hardware-configuration.nix delete mode 100644 config/hosts/paperless/nginx.nix delete mode 100644 config/hosts/paperless/paperless.nix delete mode 100644 config/hosts/paperless/secrets.nix delete mode 100644 config/hosts/web-public-1/configuration.nix delete mode 100644 config/hosts/web-public-1/default.nix delete mode 100644 config/hosts/web-public-1/nginx.nix delete mode 100644 config/hosts/web-public-1/virtualHosts/acme-challenge.nix delete mode 100644 config/hosts/web-public-1/virtualHosts/default.nix delete mode 100644 config/hosts/web-public-2/virtualHosts/anisync.grzb.de.nix delete mode 100644 config/hosts/web-public-2/virtualHosts/gameserver.grzb.de.nix delete mode 100644 config/hosts/web-public-2/virtualHosts/git.grzb.de.nix delete mode 100644 config/hosts/web-public-2/virtualHosts/mewtube.nekover.se.nix diff --git a/config/hosts/navidrome/configuration.nix b/config/hosts/navidrome/configuration.nix deleted file mode 100644 index 581a631..0000000 --- a/config/hosts/navidrome/configuration.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ ... }: -{ - boot.loader.grub = { - enable = true; - device = "/dev/vda"; - }; - - networking = { - hostName = "navidrome"; - firewall = { - enable = true; - allowedTCPPorts = [ 80 443 ]; - }; - }; - - fileSystems = { - "/mnt/music" = { - device = "//10.202.40.5/music-ro"; - fsType = "cifs"; - options = [ - "username=navidrome" - "credentials=/secrets/navidrome-samba-credentials.secret" - "iocharset=utf8" - "vers=3.1.1" - "uid=navidrome" - "gid=navidrome" - "_netdev" - ]; - }; - }; - - system.stateVersion = "23.05"; -} diff --git a/config/hosts/navidrome/default.nix b/config/hosts/navidrome/default.nix deleted file mode 100644 index 00d4a90..0000000 --- a/config/hosts/navidrome/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: { - imports = [ - ./configuration.nix - ./navidrome.nix - ./nginx.nix - ]; -} diff --git a/config/hosts/navidrome/navidrome.nix b/config/hosts/navidrome/navidrome.nix deleted file mode 100644 index 74e3a1d..0000000 --- a/config/hosts/navidrome/navidrome.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: { - services.navidrome = { - enable = true; - settings = { - Address = "unix:/run/navidrome/navidrome.socket"; - MusicFolder = "/mnt/music"; - }; - }; -} diff --git a/config/hosts/navidrome/nginx.nix b/config/hosts/navidrome/nginx.nix deleted file mode 100644 index eef60dd..0000000 --- a/config/hosts/navidrome/nginx.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ ... }: { - services.nginx = { - enable = true; - user = "navidrome"; - virtualHosts."navidrome.grzb.de" = { - forceSSL = true; - enableACME = true; - listen = [ - { - addr = "0.0.0.0"; - port = 80; - } - { - addr = "0.0.0.0"; - port = 443; - ssl = true; - } - ]; - locations."/" = { - proxyPass = "http://unix:/run/navidrome/navidrome.socket"; - }; - }; - }; -} diff --git a/config/hosts/navidrome/secrets.nix b/config/hosts/navidrome/secrets.nix deleted file mode 100644 index a11e957..0000000 --- a/config/hosts/navidrome/secrets.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ keyCommandEnv, ... }: -{ - deployment.keys = { - "navidrome-samba-credentials.secret" = { - keyCommand = keyCommandEnv ++ [ "pass" "navidrome/samba-credentials" ]; - destDir = "/secrets"; - user = "root"; - group = "root"; - permissions = "0640"; - uploadAt = "pre-activation"; - }; - }; -} diff --git a/config/hosts/netbox/configuration.nix b/config/hosts/netbox/configuration.nix deleted file mode 100644 index 5bf8422..0000000 --- a/config/hosts/netbox/configuration.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ ... }: -{ - boot.loader.grub = { - enable = true; - device = "/dev/vda"; - }; - - networking = { - hostName = "netbox"; - firewall = { - enable = true; - allowedTCPPorts = [ 80 443 ]; - }; - }; - - system.stateVersion = "23.05"; -} diff --git a/config/hosts/netbox/default.nix b/config/hosts/netbox/default.nix deleted file mode 100644 index 5dd147b..0000000 --- a/config/hosts/netbox/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: -{ - imports = [ - ./configuration.nix - ./netbox.nix - ./nginx.nix - ]; -} diff --git a/config/hosts/netbox/netbox.nix b/config/hosts/netbox/netbox.nix deleted file mode 100644 index b9ba2ad..0000000 --- a/config/hosts/netbox/netbox.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: -{ - services.netbox = { - enable = true; - package = pkgs.netbox; - secretKeyFile = "/secrets/netbox-secret-key.secret"; - }; -} diff --git a/config/hosts/netbox/nginx.nix b/config/hosts/netbox/nginx.nix deleted file mode 100644 index a2d1782..0000000 --- a/config/hosts/netbox/nginx.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, ... }: -{ - services.nginx = { - enable = true; - clientMaxBodySize = "25m"; - user = "netbox"; - virtualHosts."netbox.grzb.de" = { - forceSSL = true; - enableACME = true; - listen = [ - { - addr = "0.0.0.0"; - port = 80; - } - { - addr = "0.0.0.0"; - port = 443; - ssl = true; - } - ]; - locations."/static/" = { - alias = "${config.services.netbox.dataDir}/static/"; - }; - locations."/" = { - proxyPass = "http://${config.services.netbox.listenAddress}:${builtins.toString config.services.netbox.port}"; - }; - }; - }; -} diff --git a/config/hosts/netbox/secrets.nix b/config/hosts/netbox/secrets.nix deleted file mode 100644 index 216aca4..0000000 --- a/config/hosts/netbox/secrets.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ keyCommandEnv, ... }: -{ - deployment.keys."netbox-secret-key.secret" = { - keyCommand = keyCommandEnv ++ [ "pass" "netbox/secret-key" ]; - destDir = "/secrets"; - user = "netbox"; - group = "netbox"; - permissions = "0640"; - uploadAt = "pre-activation"; - }; -} diff --git a/config/hosts/nitter/configuration.nix b/config/hosts/nitter/configuration.nix deleted file mode 100644 index bc54db7..0000000 --- a/config/hosts/nitter/configuration.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ ... }: -{ - boot.loader.grub = { - enable = true; - device = "/dev/vda"; - }; - - networking = { - hostName = "nitter"; - firewall = { - enable = true; - allowedTCPPorts = [ 8443 ]; - }; - }; - - system.stateVersion = "23.05"; -} diff --git a/config/hosts/nitter/default.nix b/config/hosts/nitter/default.nix deleted file mode 100644 index 6aae884..0000000 --- a/config/hosts/nitter/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: -{ - imports = [ - ./configuration.nix - ./nginx.nix - ./nitter.nix - ]; -} diff --git a/config/hosts/nitter/nginx.nix b/config/hosts/nitter/nginx.nix deleted file mode 100644 index 862405c..0000000 --- a/config/hosts/nitter/nginx.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, ... }: -{ - services.nginx = { - enable = true; - virtualHosts."birdsite.nekover.se" = { - forceSSL = true; - enableACME = true; - locations."/robots.txt" = { - return = "200 \"User-agent: *\\nDisallow: /\\n\""; - }; - locations."/" = { - proxyPass = "http://${config.services.nitter.server.address}:${builtins.toString config.services.nitter.server.port}"; - proxyWebsockets = true; - }; - extraConfig = '' - listen 0.0.0.0:8443 http2 ssl proxy_protocol; - - set_real_ip_from 10.202.41.100; - real_ip_header proxy_protocol; - ''; - }; - }; -} diff --git a/config/hosts/nitter/nitter.nix b/config/hosts/nitter/nitter.nix deleted file mode 100644 index 94165c4..0000000 --- a/config/hosts/nitter/nitter.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ ... }: -{ - services.nitter = { - enable = true; - - server = { - title = "Birdsite"; - https = true; - address = "127.0.0.1"; - port = 8080; - hostname = "birdsite.nekover.se"; - }; - - preferences = { - theme = "Mastodon"; - replaceTwitter = "birdsite.nekover.se"; - infiniteScroll = true; - hlsPlayback = true; - }; - }; -} diff --git a/config/hosts/paperless/configuration.nix b/config/hosts/paperless/configuration.nix deleted file mode 100644 index 494f08c..0000000 --- a/config/hosts/paperless/configuration.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ ... }: -{ - boot.loader.grub = { - enable = true; - device = "/dev/vda"; - }; - - networking = { - hostName = "paperless"; - firewall = { - enable = true; - allowedTCPPorts = [ 80 443 ]; - }; - }; - - system.stateVersion = "23.05"; -} diff --git a/config/hosts/paperless/default.nix b/config/hosts/paperless/default.nix deleted file mode 100644 index e6ebeed..0000000 --- a/config/hosts/paperless/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: -{ - imports = [ - ./configuration.nix - ./hardware-configuration.nix - ./nginx.nix - ./paperless.nix - ]; -} diff --git a/config/hosts/paperless/hardware-configuration.nix b/config/hosts/paperless/hardware-configuration.nix deleted file mode 100644 index 17b9b66..0000000 --- a/config/hosts/paperless/hardware-configuration.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ ... }: -{ - fileSystems = { - "/mnt/data" = { - device = "/dev/disk/by-label/data"; - fsType = "ext4"; - autoFormat = true; - autoResize = true; - }; - "/mnt/paperless-consume" = { - device = "//10.201.40.10/paperless-consume"; - fsType = "cifs"; - options = [ - "username=paperless" - "credentials=/secrets/paperless-samba-credentials.secret" - "iocharset=utf8" - "vers=3.1.1" - "uid=paperless" - "gid=paperless" - "_netdev" - ]; - }; - "/var/lib/paperless" = { - depends = [ "/mnt/data" ]; - device = "/mnt/data/paperless"; - fsType = "none"; - options = [ "bind" ]; - }; - }; -} diff --git a/config/hosts/paperless/nginx.nix b/config/hosts/paperless/nginx.nix deleted file mode 100644 index e4a2131..0000000 --- a/config/hosts/paperless/nginx.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, ... }: -{ - services.nginx = { - enable = true; - virtualHosts."paperless.grzb.de" = { - forceSSL = true; - enableACME = true; - listen = [ - { - addr = "0.0.0.0"; - port = 80; - } - { - addr = "0.0.0.0"; - port = 443; - ssl = true; - } - ]; - locations."/" = { - proxyPass = "http://${config.services.paperless.address}:${builtins.toString config.services.paperless.port}"; - proxyWebsockets = true; - extraConfig = '' - add_header Referrer-Policy "strict-origin-when-cross-origin"; - ''; - }; - extraConfig = '' - client_max_body_size 100M; - ''; - }; - }; -} diff --git a/config/hosts/paperless/paperless.nix b/config/hosts/paperless/paperless.nix deleted file mode 100644 index 1def83d..0000000 --- a/config/hosts/paperless/paperless.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: -{ - services.paperless = { - enable = true; - consumptionDir = "/mnt/paperless-consume"; - passwordFile = "/secrets/paperless-admin-password.secret"; - }; -} diff --git a/config/hosts/paperless/secrets.nix b/config/hosts/paperless/secrets.nix deleted file mode 100644 index 6726881..0000000 --- a/config/hosts/paperless/secrets.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ keyCommandEnv, ... }: -{ - deployment.keys = { - "paperless-admin-password.secret" = { - keyCommand = keyCommandEnv ++ [ "pass" "paperless/admin-password" ]; - destDir = "/secrets"; - user = "paperless"; - group = "paperless"; - permissions = "0640"; - uploadAt = "pre-activation"; - }; - "paperless-samba-credentials.secret" = { - keyCommand = keyCommandEnv ++ [ "pass" "paperless/samba-credentials" ]; - destDir = "/secrets"; - user = "root"; - group = "root"; - permissions = "0640"; - uploadAt = "pre-activation"; - }; - }; -} diff --git a/config/hosts/web-public-1/configuration.nix b/config/hosts/web-public-1/configuration.nix deleted file mode 100644 index 7f3b8fa..0000000 --- a/config/hosts/web-public-1/configuration.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ ... }: -{ - boot.loader.grub = { - enable = true; - device = "/dev/vda"; - }; - - networking = { - hostName = "web-public-1"; - firewall = { - enable = true; - allowedTCPPorts = [ 80 443 ]; - }; - }; - - system.stateVersion = "23.05"; -} diff --git a/config/hosts/web-public-1/default.nix b/config/hosts/web-public-1/default.nix deleted file mode 100644 index 3db73ca..0000000 --- a/config/hosts/web-public-1/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: -{ - imports = [ - ./configuration.nix - ./nginx.nix - ]; -} diff --git a/config/hosts/web-public-1/nginx.nix b/config/hosts/web-public-1/nginx.nix deleted file mode 100644 index 0453a73..0000000 --- a/config/hosts/web-public-1/nginx.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ ... }: -{ - imports = [ - ./virtualHosts - ]; - - services.nginx = { - enable = true; - }; -} diff --git a/config/hosts/web-public-1/virtualHosts/acme-challenge.nix b/config/hosts/web-public-1/virtualHosts/acme-challenge.nix deleted file mode 100644 index c9b7e61..0000000 --- a/config/hosts/web-public-1/virtualHosts/acme-challenge.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ ... }: -let - acmeDomainMap = { - "paperless.grzb.de" = "paperless.wg.grzb.de"; - "navidrome.grzb.de" = "navidrome.wg.grzb.de"; - }; -in -{ - services.nginx.virtualHosts = (builtins.mapAttrs (domain: target: { - listen = [{ - addr = "0.0.0.0"; - port = 80; - }]; - locations."^~ /.well-known/acme-challenge/" = { - proxyPass = "http://${target}:80"; - }; - }) acmeDomainMap); -} diff --git a/config/hosts/web-public-1/virtualHosts/default.nix b/config/hosts/web-public-1/virtualHosts/default.nix deleted file mode 100644 index e191a9c..0000000 --- a/config/hosts/web-public-1/virtualHosts/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ ... }: -{ - imports = [ - ./acme-challenge.nix - ]; - - services.nginx.virtualHosts."_" = { - listen = [{ - addr = "0.0.0.0"; - port = 80; - }]; - locations."/" = { - return = "301 https://$host$request_uri"; - }; - }; -} diff --git a/config/hosts/web-public-2/nginx.nix b/config/hosts/web-public-2/nginx.nix index 45e48f8..1e51d61 100644 --- a/config/hosts/web-public-2/nginx.nix +++ b/config/hosts/web-public-2/nginx.nix @@ -16,20 +16,16 @@ stream { map $ssl_preread_server_name $address { - anisync.grzb.de 127.0.0.1:8443; cloud.nekover.se 10.202.41.122:8443; element.nekover.se 127.0.0.1:8443; element-admin.nekover.se 127.0.0.1:8443; fi.nekover.se 10.202.41.125:8443; - gameserver.grzb.de 127.0.0.1:8443; - git.grzb.de 127.0.0.1:8443; git.nekover.se 10.202.41.106:8443; hydra.nekover.se 10.202.41.121:8443; id.nekover.se 10.202.41.124:8443; mas.nekover.se 10.202.41.112:8443; matrix.nekover.se 10.202.41.112:8443; matrix-rtc.nekover.se 10.202.41.112:8443; - mewtube.nekover.se 127.0.0.1:8443; nekover.se 127.0.0.1:8443; mesh.nekover.se 10.202.41.126:8443; nix-cache.nekover.se 10.202.41.121:8443; diff --git a/config/hosts/web-public-2/virtualHosts/anisync.grzb.de.nix b/config/hosts/web-public-2/virtualHosts/anisync.grzb.de.nix deleted file mode 100644 index 9a3950a..0000000 --- a/config/hosts/web-public-2/virtualHosts/anisync.grzb.de.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ ... }: -{ - services.nginx.virtualHosts."anisync.grzb.de" = { - forceSSL = true; - enableACME = true; - listen = [{ - addr = "localhost"; - port = 8443; - ssl = true; - extraParameters = ["proxy_protocol"]; - }]; - locations."/" = { - proxyPass = "http://anisync.vs.grzb.de:8080"; - proxyWebsockets = true; - }; - extraConfig = '' - add_header X-Content-Type-Options nosniff; - - set_real_ip_from 127.0.0.1; - real_ip_header proxy_protocol; - ''; - }; -} diff --git a/config/hosts/web-public-2/virtualHosts/default.nix b/config/hosts/web-public-2/virtualHosts/default.nix index 445a087..fc2b409 100644 --- a/config/hosts/web-public-2/virtualHosts/default.nix +++ b/config/hosts/web-public-2/virtualHosts/default.nix @@ -2,12 +2,8 @@ { imports = [ ./acme-challenge.nix - ./anisync.grzb.de.nix ./element.nekover.se.nix ./element-admin.nekover.se.nix - ./gameserver.grzb.de.nix - ./git.grzb.de.nix - ./mewtube.nekover.se.nix ./nekover.se.nix ]; diff --git a/config/hosts/web-public-2/virtualHosts/gameserver.grzb.de.nix b/config/hosts/web-public-2/virtualHosts/gameserver.grzb.de.nix deleted file mode 100644 index c746f3d..0000000 --- a/config/hosts/web-public-2/virtualHosts/gameserver.grzb.de.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ ... }: -{ - services.nginx.virtualHosts."gameserver.grzb.de" = { - forceSSL = true; - enableACME = true; - listen = [{ - addr = "localhost"; - port = 8443; - ssl = true; - extraParameters = ["proxy_protocol"]; - }]; - locations."/" = { - proxyPass = "http://pterodactyl.vs.grzb.de"; - extraConfig = '' - proxy_redirect off; - proxy_buffering off; - proxy_request_buffering off; - ''; - }; - extraConfig = '' - client_max_body_size 1024m; - add_header X-Content-Type-Options nosniff; - - set_real_ip_from 127.0.0.1; - real_ip_header proxy_protocol; - ''; - }; -} diff --git a/config/hosts/web-public-2/virtualHosts/git.grzb.de.nix b/config/hosts/web-public-2/virtualHosts/git.grzb.de.nix deleted file mode 100644 index ac9eefb..0000000 --- a/config/hosts/web-public-2/virtualHosts/git.grzb.de.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ ... }: -{ - services.nginx.virtualHosts."git.grzb.de" = { - forceSSL = true; - enableACME = true; - listen = [{ - addr = "localhost"; - port = 8443; - ssl = true; - extraParameters = ["proxy_protocol"]; - }]; - locations."/" = { - proxyPass = "http://gitlab.vs.grzb.de:80"; - extraConfig = '' - gzip off; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_redirect off; - ''; - }; - extraConfig = '' - client_max_body_size 1024m; - add_header X-Frame-Options DENY; - add_header X-Content-Type-Options nosniff; - - set_real_ip_from 127.0.0.1; - real_ip_header proxy_protocol; - ''; - }; -} diff --git a/config/hosts/web-public-2/virtualHosts/mewtube.nekover.se.nix b/config/hosts/web-public-2/virtualHosts/mewtube.nekover.se.nix deleted file mode 100644 index 1ab842a..0000000 --- a/config/hosts/web-public-2/virtualHosts/mewtube.nekover.se.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ ... }: -{ - services.nginx.virtualHosts."mewtube.nekover.se" = { - forceSSL = true; - enableACME = true; - listen = [{ - addr = "localhost"; - port = 8443; - ssl = true; - extraParameters = ["proxy_protocol"]; - }]; - locations."/" = { - proxyPass = "http://cloudtube.vs.grzb.de:10412"; - }; - extraConfig = '' - set_real_ip_from 127.0.0.1; - real_ip_header proxy_protocol; - ''; - }; -}