{ pkgs, ... }: { services.nginx = { enable = true; streamConfig = '' map $ssl_preread_server_name $address { anisync.grzb.de 127.0.0.1:8443; birdsite.nekover.se 127.0.0.1:8443; element.nekover.se 127.0.0.1:8443; gameserver.grzb.de 127.0.0.1:8443; git.grzb.de 127.0.0.1:8443; hydra.nekover.se hydra.vs.grzb.de:8443; matrix.nekover.se 127.0.0.1:8443; mewtube.nekover.se 127.0.0.1:8443; nekover.se 127.0.0.1:8443; nextcloud.grzb.de 127.0.0.1:8443; nix-cache.nekover.se hydra.vs.grzb.de:8443; social.nekover.se 127.0.0.1:8443; } server { listen 0.0.0.0:443; listen [::]:443; proxy_pass $address; ssl_preread on; proxy_protocol on; } ''; virtualHosts = { "nekover.se" = { forceSSL = true; enableACME = true; listen = [ { addr = "0.0.0.0"; port = 80; } { addr = "127.0.0.1"; port = 8443; ssl = true; proxyProtocol = true; } ]; locations."/.well-known/matrix/server" = { return = "200 '{\"m.server\": \"matrix.nekover.se:443\"}'"; extraConfig = '' add_header Content-Type application/json; ''; }; locations."/.well-known/matrix/client" = { return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.nekover.se\"}, \"m.identity_server\": {\"base_url\": \"https://vector.im\"}}'"; extraConfig = '' default_type application/json; add_header Access-Control-Allow-Origin *; ''; }; }; "anisync.grzb.de" = { forceSSL = true; enableACME = true; listen = [ { addr = "0.0.0.0"; port = 80; } { addr = "127.0.0.1"; port = 8443; ssl = true; proxyProtocol = true; } ]; locations."/" = { proxyPass = "http://anisync.vs.grzb.de:8080"; proxyWebsockets = true; }; extraConfig = '' add_header X-Content-Type-Options nosniff; ''; }; "birdsite.nekover.se" = { forceSSL = true; enableACME = true; listen = [ { addr = "0.0.0.0"; port = 80; } { addr = "127.0.0.1"; port = 8443; ssl = true; proxyProtocol = true; } ]; locations."/" = { proxyPass = "http://nitter.vs.grzb.de:8080"; proxyWebsockets = true; }; locations."/robots.txt" = { return = "200 \"User-agent: *\\nDisallow: /\\n\""; }; }; "element.nekover.se" = { forceSSL = true; enableACME = true; listen = [ { addr = "0.0.0.0"; port = 80; } { addr = "127.0.0.1"; port = 8443; ssl = true; proxyProtocol = true; } ]; locations."/" = { proxyPass = "http://element.vs.grzb.de"; recommendedProxySettings = false; extraConfig = '' proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; ''; }; extraConfig = '' add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header Content-Security-Policy "frame-ancestors 'none'"; ''; }; "gameserver.grzb.de" = { forceSSL = true; enableACME = true; listen = [ { addr = "0.0.0.0"; port = 80; } { addr = "127.0.0.1"; port = 8443; ssl = true; proxyProtocol = true; } ]; locations."/" = { proxyPass = "http://pterodactyl.vs.grzb.de"; extraConfig = '' proxy_redirect off; proxy_buffering off; proxy_request_buffering off; ''; }; extraConfig = '' client_max_body_size 1024m; add_header X-Content-Type-Options nosniff; ''; }; "git.grzb.de" = { forceSSL = true; enableACME = true; listen = [ { addr = "0.0.0.0"; port = 80; } { addr = "127.0.0.1"; port = 8443; ssl = true; proxyProtocol = true; } ]; locations."/" = { proxyPass = "http://gitlab.vs.grzb.de:80"; extraConfig = '' gzip off; proxy_read_timeout 300; proxy_connect_timeout 300; proxy_redirect off; ''; }; extraConfig = '' client_max_body_size 1024m; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; ''; }; "matrix.nekover.se" = { forceSSL = true; enableACME = true; listen = [ { addr = "0.0.0.0"; port = 8448; ssl = true; } { addr = "[::]"; port = 8448; ssl = true; } { addr = "127.0.0.1"; port = 8443; ssl = true; proxyProtocol = true; } ]; locations."~ ^(/_matrix|/_synapse/client)" = { proxyPass = "http://matrix.vs.grzb.de:8008"; extraConfig = '' # Nginx by default only allows file uploads up to 1M in size # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml client_max_body_size 500M; ''; }; }; "mewtube.nekover.se" = { forceSSL = true; enableACME = true; listen = [ { addr = "0.0.0.0"; port = 80; } { addr = "127.0.0.1"; port = 8443; ssl = true; proxyProtocol = true; } ]; locations."/" = { proxyPass = "http://cloudtube.vs.grzb.de:10412"; }; }; "nextcloud.grzb.de" = { forceSSL = true; enableACME = true; listen = [ { addr = "0.0.0.0"; port = 80; }{ addr = "127.0.0.1"; port = 8443; ssl = true; proxyProtocol = true; }]; locations."/" = { proxyPass = "http://nextcloud.vs.grzb.de:80"; }; locations."= /.well-known/carddav" = { return = "301 $scheme://$host/remote.php/dav"; }; locations."= /.well-known/caldav" = { return = "301 $scheme://$host/remote.php/dav"; extraConfig = '' proxy_read_timeout 3600; proxy_request_buffering off; ''; }; extraConfig = '' client_max_body_size 4096m; ''; }; "social.nekover.se" = { forceSSL = true; enableACME = true; listen = [ { addr = "0.0.0.0"; port = 80; } { addr = "127.0.0.1"; port = 8443; ssl = true; proxyProtocol = true; } ]; locations."/" = { proxyPass = "http://mastodon.vs.grzb.de:80"; proxyWebsockets = true; }; extraConfig = '' client_max_body_size 80m; ''; }; }; }; }