nixfiles-emily/config/hosts/web-dus/configuration.nix

{ config, inputs, lib, pkgs, ... }: { 
  imports = [
    inputs.fernglas.nixosModules.default
    inputs.kyouma-www.nixosModules.default
    ../../common
    ../../profiles/headless.nix
    ../../profiles/kartoffel.nix
    ../../profiles/lxc.nix
    ../../services/nginx.nix
  ];
  networking = {
    hostName = "web-dus";
    nftables.enable = lib.mkForce false;
    firewall.allowedTCPPorts = [ 80 443 11019 ];
    firewall.allowedUDPPorts = [ 443 ];
  };
  systemd.network.networks."98-eth-default" = {
    address = [
      "2a0f:be01:0:100::1312/128" 
    ];
  };
  services.vyosBld = {
    enable = true;
    output = "/var/www/kyouma.net/vyos";
    buildFlags = {
      architecture = "amd64";
      build-by = "noc@kyouma.net";
      build-type = "release";
      version = "1.5-$(date %Y%m%d)";
    };
  };
  services.fernglas = {
    enable = true;
    settings = {
      api.bind = "[::1]:3000";
      collectors = {
        bmp_collector = {
          collector_type = "Bmp";
          bind = "[::]:11019";
          peers = {
            "45.150.123.0" = {};
          };
        };
      }; 
    };
  };
  kyouma.nginx.defaultForbidden = "kyouma.net";
  kyouma.nginx.virtualHosts = let
    kyouma-www = inputs.kyouma-www.packages.${config.nixpkgs.hostPlatform.system};
    autoIndex = ''
      autoindex on;
      autoindex_exact_size off;
      autoindex_format html;
      autoindex_localtime on;
    '';
  in {
    "miau.zip" = { root = kyouma-www.default; };
    "www.miau.zip" = { redirectTo = "miau.zip"; };
    "www.kyouma.net" = { redirectTo = "kyouma.net"; };
    "emily.cat" = { root = "/var/www/emily.cat/_site"; };
    "www.emily.cat" = { redirectTo = "kyouma.net"; };
    "www.cocaine.trade" = { redirectTo = "cocaine.trade"; };

    "cocaine.trade" = {
      root = "/var/www/basti/cocaine.trade";
      extraConfig = ''error_page 404 /404.html;'';
      locations."/" = {
        index = "index.html";
        tryFiles = "$uri $uri.html =404";
      };
      locations."= /".extraConfig = ''rewrite ^ /index.html last;'';
    };
    "files.cocaine.trade" = {
      useACMEHost = "cocaine.trade";
      root = "/var/www/basti/files.cocaine.trade";
      locations."/".extraConfig = autoIndex;
    };
    "kyouma.net" = {
      root = kyouma-www.default; 
      locations = {
        "/assets/media/".root = kyouma-www.vid;
        "/vyos/" = {
          root = config.services.vyosBld.output;
          extraConfig = autoIndex;
        };
        "/ihk/" = {
          root = "/var/www/kyouma.net/ihk";
          extraConfig = autoIndex;
        };
      };
    };
    "lg.kyouma.net" = {
      useACMEHost = "kyouma.net";
      locations."/".root = inputs.fernglas.packages.${config.nixpkgs.hostPlatform.system}.fernglas-frontend;
      locations."/api/".proxyPass = "http://${config.services.fernglas.settings.api.bind}";
    };
  };
  security.acme.certs = {
    "miau.zip" = { extraDomainNames = [ "www.miau.zip" "lg.miau.zip" ]; };
    "kyouma.net" = { extraDomainNames = [ "www.kyouma.net" "lg.kyouma.net" ]; };
    "emily.cat" = { extraDomainNames = [ "www.emily.cat" ]; };
    "cocaine.trade" = { extraDomainNames = [ "www.cocaine.trade" "files.cocaine.trade" ]; };
  };
}