reverse-proxy-briefkasten.nix

1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 
32 
33 
34 
35 
36 
37 
38 
39 
40 
41 
42 
43 
44 
45 
46 
47 
48 
49 { pkgs, lib, config, ... }:

let
  domains = [
    "flauschehorn.sexy"
    "wifionic.de"
  ];

  subdomains = [
    "dav"
    "photos"
    "briefkasten"
    "solar-system-nrw"
    "home"
    "legacy.home"
    "briefkasten.home"
    "fedi.home"
    "influx.home"
    "smart.home"
    "music.home"
    "wiki.home"
    "things.home"
    "travelynx2fedi.home"
  ];

in {

  services.nginx.clientMaxBodySize = "2g";

  dns.zones = lib.mkMerge [
    (lib.attrsets.genAttrs domains (domain: (pkgs.dns.lib.combinators.host config.networking.primaryIP4 config.networking.primaryIP4)))
    {
      "ctu.cx".subdomains = (lib.attrsets.genAttrs subdomains (domain: { CNAME  = [ "${config.networking.fqdn}." ]; }));
    }
  ];

  services.nginx.virtualHosts = (lib.attrsets.genAttrs (domains ++ (lib.lists.forEach subdomains  (x: "${x}.ctu.cx")) ++ [ "restic.briefkasten.ctu.cx" ]) (domain: {
    enableACME = true;
    forceSSL   = true;
    kTLS       = true;
    locations."/".proxyPass       = "http://172.17.0.2:80/";
    locations."/".proxyWebsockets = true;
    locations."/".extraConfig     = ''
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_set_header X-Forwarded-Proto $scheme;
    '';
  }));

}