nixfiles/config/hosts/crime/nginx.nix

123 lines
3.3 KiB
Nix
Raw Normal View History

2024-01-17 19:34:13 +01:00
{ config, pkgs, lib, ... }:
2024-01-17 15:49:17 +01:00
let
2024-01-17 19:34:13 +01:00
landingPage = pkgs.writeTextFile {
name = "index.html";
text = ''
<!DOCTYPE html>
<html>
<head>
<title>crime.kyouma.net</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to crime.kyouma.net!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>Sonarr
<a href="https://crime.kyouma.net/sonarr">crime.kyouma.net/sonarr</a><br/>
Radarr
<a href="https://crime.kyouma.net/radarr">crime.kyouma.net/radarr</a><br/>
Prowlarr
<a href="https://crime.kyouma.net/prowlarr">crime.kyouma.net/prowlarr</a></p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
'';
destination = "/index.html";
};
2024-01-17 15:49:17 +01:00
extraConfig = ''
add_header Strict-Transport-Security $hsts_header;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
2024-01-17 19:34:13 +01:00
add_header X-Frame-Options "SAMEORIGIN" always;
2024-01-17 15:49:17 +01:00
add_header Referrer-Policy "same-origin" always;
'';
proxyConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
'';
jellyAddr = "[::1]";
jellyWeb = {
2024-01-17 19:34:13 +01:00
forceSSL = true;
2024-01-17 15:49:17 +01:00
http3 = true;
quic = true;
inherit extraConfig;
locations = {
"= /".return = "302 https://$host/web/";
"/" = {
proxyPass = "http://${jellyAddr}:8096";
extraConfig = ''
${proxyConfig}
proxy_buffering on;
'';
};
"= /web/" = {
2024-01-17 19:34:13 +01:00
proxyPass = "http://${jellyAddr}:8096/web/index.html";
2024-01-17 15:49:17 +01:00
extraConfig = proxyConfig;
};
"/socket" = {
2024-01-17 19:34:13 +01:00
proxyPass = "http://${jellyAddr}:8096";
2024-01-17 15:49:17 +01:00
proxyWebsockets = true;
extraConfig = proxyConfig;
};
};
};
in {
services.nginx = {
virtualHosts = {
"fentanyl.trade" = jellyWeb // {
enableACME = true;
};
"frotti.ng" = jellyWeb // {
useACMEHost = "fentanyl.trade";
};
};
createHost = {
"watch.kyouma.net" = { redirectTo = "fentanyl.trade"; };
"redirect" = {
default = true;
reuseport = true;
useACMEHost = "fentanyl.trade";
extraConfig = ''
return 403;
'';
};
2024-01-17 19:34:13 +01:00
"crime.kyouma.net" = {
listenAddresses = [ "[2a0f:be01:0:100::1338]" ];
locations = {
"/".root = landingPage;
"/sonarr/" = {
proxyPass = "http://127.0.0.1:8989";
recommendedProxySettings = true;
};
"/radarr/" = {
proxyPass = "http://127.0.0.1:7878";
recommendedProxySettings = true;
};
"/prowlarr/" = {
proxyPass = "http://127.0.0.1:9696";
recommendedProxySettings = true;
};
};
};
2024-01-17 15:49:17 +01:00
};
};
security.acme.certs = {
"fentanyl.trade" = { extraDomainNames = [ "frotti.ng" "watch.kyouma.net" ]; };
2024-01-17 19:34:13 +01:00
"crime.kyouma.net" = {};
2024-01-17 15:49:17 +01:00
};
}