{ config, pkgs, lib, conf, ... }: let domain = conf.network.addresses.domain.natto; in { services = { cron.enable = true; openssh = { enable = true; settings.PermitRootLogin = "yes"; ports = [ 22 22002 ]; }; nginx = { enable = true; clientMaxBodySize = "512m"; package = pkgs.nginx.override { withMail = true; }; appendHttpConfig = '' map $uri $expires { default off; ~\.(jpg|jpeg|png|gif|ico)$ 30d; } ''; virtualHosts = let genericHttpRProxy = { addr, ssl ? true, conf ? "", }: { enableACME = ssl; # addSSL = ssl; forceSSL = ssl; locations."/" = { proxyPass = toString addr; extraConfig = '' expires $expires; proxy_set_header Host $host; '' + conf; }; }; in with conf.network.addresses.wireguard.ips; { "${domain}" = { addSSL = true; enableACME = true; locations."/" = { root = "/var/lib/site"; index = "index.html"; }; serverAliases = [ "www.${domain}" ]; }; # MPD server "radio.${domain}" = genericHttpRProxy { addr = "http://${satori}:8001"; }; # Some random music server I once had /* "radio.${domain}" = { addSSL = true; enableACME = true; locations."/" = { proxyPass = "http://${satori}:7590"; extraConfig = '' expires $expires; proxy_set_header Host $host; ''; }; locations."= /".return = "301 /radio"; }; */ # Gitea /* "git.${domain}" = genericHttpRProxy { addr = "http://${marisa}:5001"; conf = "client_max_body_size 64M;"; }; */ # Personal filehost # "f.${domain}" = genericHttpRProxy { addr = "http://${marisa}:8000"; }; # Hashicorp Vault # "vault.${domain}" = genericHttpRProxy { addr = "https://${marisa}:8800"; }; # Hashicorp Consul # "consul.${domain}" = genericHttpRProxy { addr = "http://${marisa}:8500"; }; # Hashicorp Nomad /* "nomad.${domain}" = genericHttpRProxy { addr = "http://${marisa}:4646"; conf = '' proxy_buffering off; proxy_read_timeout 310s; ''; }; */ }; }; }; }