{ inputs, pkgs, lib, ... }: let # striped-front = inputs.striped-front; sin-address = "192.168.1.14"; authelia-snippets = pkgs.callPackage ./lib/autheliaSnippets.nix { inherit pkgs; }; in { networking.firewall.allowedTCPPorts = [ 80 443 8448 ]; services.nginx = { enable = true; recommendedProxySettings = true; recommendedTlsSettings = true; typesHashMaxSize = 512; mapHashMaxSize = 512; virtualHosts = let mkVHost = host: port: { "${host}" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://${sin-address}:${port}"; }; }; }; mkStarr = host: port: { "${host}" = { enableACME = true; forceSSL = true; extraConfig = '' include ${authelia-snippets.authelia-location}; ''; locations."/api" = { proxyPass = "http://${sin-address}:${port}"; proxyWebsockets = true; extraConfig = '' proxy_ssl_server_name on; ''; }; locations."/" = { proxyPass = "http://${sin-address}:${port}"; proxyWebsockets = true; extraConfig = '' include ${authelia-snippets.proxy}; include ${authelia-snippets.authelia-authrequest}; proxy_ssl_server_name on; proxy_read_timeout 4800s; ''; }; }; }; withAuthelia = vhost: location: (builtins.mapAttrs ( name: value: (lib.recursiveUpdate value { extraConfig = (if value ? extraConfig then value.extraConfig else "") + '' include ${authelia-snippets.authelia-location}; ''; locations."${location}".extraConfig = ( if value.locations."${location}" ? extraConfig then value.locations."${location}".extraConfig else "" ) + '' include ${authelia-snippets.proxy}; include ${authelia-snippets.authelia-authrequest}; ''; }) ) vhost); withWebsockets = vhost: location: (builtins.mapAttrs ( name: value: (lib.recursiveUpdate value { locations."${location}".proxyWebsockets = true; }) ) vhost); in ( (withWebsockets (mkVHost "jellyfin.shobu.fr" "8096") "/") // mkStarr "radarr.shobu.fr" "7878" // mkStarr "sonarr.shobu.fr" "8989" // mkStarr "prowlarr.shobu.fr" "9696" // mkStarr "bazarr.shobu.fr" "6767" // mkStarr "lidarr.shobu.fr" "8686" // mkStarr "whisparr.shobu.fr" "6969" // mkVHost "jellyseerr.shobu.fr" "5055" // mkVHost "transmission.shobu.fr" "9091" // mkVHost "zimablade-admin.shobu.fr" "61208" // (withWebsockets (withAuthelia (mkVHost "trilium.shobu.fr" "12783") "/") "/") // { "shobu.fr" = { enableACME = true; forceSSL = true; root = "${inputs.shoblog-front.packages.x86_64-linux.default}/dist"; }; "data.shobu.fr" = { enableACME = true; forceSSL = true; root = "/mnt/shares/data"; }; "bddtrans.shobu.fr" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://${sin-address}:8001"; extraConfig = '' proxy_ssl_server_name on; ''; }; }; "bddtrans-api.shobu.fr" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://${sin-address}:8000"; proxyWebsockets = true; extraConfig = '' proxy_ssl_server_name on; ''; }; }; # "striped.shobu.fr" = { # enableACME = true; # forceSSL = true; # root = "${striped-front.packages.x86_64-linux.default}/dist"; # }; "dashboard.shobu.fr" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://${sin-address}:8082"; }; }; "git.shobu.fr" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://${sin-address}:3000"; }; }; "files.shobu.fr" = { enableACME = true; forceSSL = true; extraConfig = '' # include ${authelia-snippets.authelia-location}; # error_log /var/log/nginx/debug_files.log debug; ''; locations."/" = { proxyPass = "http://${sin-address}:8086"; extraConfig = '' # include ${authelia-snippets.proxy}; # include ${authelia-snippets.authelia-authrequest}; proxy_set_header X-Real-IP $remote_addr; client_max_body_size 100M; ''; }; }; # "matrix.shobu.fr" = { # forceSSL = true; # enableACME = true; # locations."/".extraConfig = '' # return 404; # ''; # locations."/_matrix".proxyPass = "http://${sin-address}:8008"; # locations."/_synapse/client".proxyPass = "http://${sin-address}:8008"; # locations."/.well-known/matrix/server".proxyPass = "http://${sin-address}:8008/.well-known/matrix/server"; # }; } ); }; security.acme = { acceptTerms = true; defaults.email = "shobu_serhao@proton.me"; }; }