petersweb-infra/nixos/nginx.nix

296 lines
8 KiB
Nix
Raw Normal View History

2024-11-15 22:00:01 -09:00
{
lib,
pkgs,
config,
...
}: {
services.nginx = {
enable = true;
2026-02-16 11:29:18 -09:00
virtualHosts = let
pdxDestinyRoot = pkgs.runCommand "pdxdestiny-web" {} ''
mkdir -p $out
cp ${./pdxdestiny/index.html} $out/index.html
2026-02-16 11:41:59 -09:00
cp ${pkgs.copyPathToStore ./pdxdestiny/gold.jpg} $out/gold.jpg
2026-02-16 11:29:18 -09:00
'';
withWww = domain: config: {
"${domain}" = config;
"www.${domain}" = {
enableACME = true;
addSSL = config.addSSL or true;
forceSSL = config.forceSSL or false;
locations."/" = {
extraConfig = ''
return 301 https://${domain}$request_uri;
'';
};
};
};
2026-02-16 11:29:18 -09:00
in
{
2024-11-15 22:00:01 -09:00
"_default" = {
listen = [
{ addr = "0.0.0.0"; port = 80; }
{ addr = "[::]"; port = 80; }
];
serverName = "_";
extraConfig = ''
deny all;
return 444;
'';
};
2026-02-16 11:31:26 -09:00
2026-02-16 11:29:18 -09:00
2026-05-23 20:12:53 -08:00
2025-01-03 23:19:53 -09:00
"blog.quineglobal.com" = {
2025-01-04 01:15:18 -09:00
enableACME = false;
2024-11-15 22:00:01 -09:00
forceSSL = false;
2025-01-04 01:15:18 -09:00
addSSL = false;
2024-11-15 22:00:01 -09:00
locations."/" = {
2025-01-04 01:12:38 -09:00
proxyPass = "http://127.0.0.1:3010/"; # pass through to docker container
2024-11-15 22:00:01 -09:00
};
};
2026-05-25 23:13:54 -08:00
"hyper.quineglobal.com" = {
2026-05-25 23:19:34 -08:00
enableACME = true;
2026-05-25 23:13:54 -08:00
forceSSL = false;
2026-05-25 23:19:34 -08:00
addSSL = true;
2026-05-25 23:13:54 -08:00
locations."/" = {
proxyPass = "http://127.0.0.1:3013/";
};
};
"riverside.coldairnetworks.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3011/";
};
};
2025-08-18 21:37:34 -08:00
"quineglobal.com" = {
enableACME = false;
forceSSL = false;
addSSL = false;
locations."/" = {
extraConfig = ''
index index.html index.htm;
root /etc/pullomatic/com_quineglobal;
'';
};
};
2024-12-22 02:44:15 -09:00
"webdav.philippeterson.com" = {
serverName = "webdav.philippeterson.com";
enableACME = true;
onlySSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8082/"; # pass through to webdav
2024-12-22 02:53:48 -09:00
extraConfig = ''
2024-12-22 02:56:25 -09:00
# Pass required headers for WebDAV
2024-12-22 02:53:48 -09:00
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
2024-12-22 02:56:25 -09:00
# Pass Authorization header if required
2024-12-22 02:53:48 -09:00
proxy_set_header Authorization $http_authorization;
2024-12-22 02:56:25 -09:00
# Set timeouts for large file uploads or long WebDAV operations
2024-12-22 02:53:48 -09:00
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
2024-12-22 02:56:25 -09:00
# Increase client body size for large uploads
2024-12-22 02:53:48 -09:00
client_max_body_size 100M;
2024-12-22 02:56:25 -09:00
# Optional: Disable caching for WebDAV operations
2024-12-22 02:53:48 -09:00
proxy_buffering off;
proxy_cache off;
'';
2024-12-22 02:44:15 -09:00
};
};
2026-06-05 21:58:17 -08:00
"paperless.philippeterson.com" = {
useACMEHost = "paperless.philippeterson.com";
onlySSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8000/";
extraConfig = ''
client_max_body_size 100M;
'';
};
};
2026-06-04 18:37:11 -08:00
"pluto.philippeterson.com" = {
useACMEHost = "pluto.philippeterson.com";
onlySSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:1234/";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_read_timeout 86400;
'';
};
};
"vnc.quinefoundation.com" = {
enableACME = true;
forceSSL = true;
basicAuthFile = config.age.secrets.vnc-htpasswd.path;
locations."/" = {
proxyPass = "http://127.0.0.1:6080/";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_read_timeout 86400;
'';
};
};
2024-12-20 02:59:51 -09:00
"forge.quinefoundation.com-https" = {
2024-12-20 03:00:31 -09:00
serverName = "forge.quinefoundation.com";
2024-12-20 02:33:19 -09:00
enableACME = true;
2024-12-20 03:04:17 -09:00
onlySSL = true;
2024-12-20 02:57:17 -09:00
2026-05-14 13:34:10 -08:00
extraConfig = ''
client_max_body_size 0;
'';
2024-12-20 02:33:19 -09:00
locations."/" = {
proxyPass = "http://127.0.0.1:3000/"; # pass through to Forgejo
2024-12-20 02:41:54 -09:00
};
2024-12-20 02:33:19 -09:00
};
2024-12-20 03:13:37 -09:00
2024-12-20 03:07:18 -09:00
"forge.quinefoundation.com-http" = {
serverName = "forge.quinefoundation.com";
listen = [
{ addr = "0.0.0.0"; port = 80; }
{ addr = "[::]"; port = 80; }
];
locations."/" = {
2024-12-20 03:13:37 -09:00
# TODO: forgejo does not support HTTP+HTTPS. But it would be nice if it did.
#proxyPass = "https://forge.quinefoundation.com/"; # pass through to HTTPS
# Instead, temporarily redirect to HTTPS
extraConfig = ''
return 302 https://$host$request_uri;
'';
2024-12-20 03:07:18 -09:00
};
};
} // (withWww "pdxdestiny.com" {
enableACME = true;
forceSSL = false;
addSSL = true;
root = pdxDestinyRoot;
}) // (withWww "philippeterson.com" {
enableACME = true;
forceSSL = false;
addSSL = true;
root = "/etc/pullomatic/com_philippeterson";
locations."~ /.git(/.*)$ " = {
extraConfig = ''
deny all;
return 404;
'';
};
locations."/games/atcsim" = {
extraConfig = ''
return 301 /games/atcsim/;
'';
};
locations."~ ^/games/atcsim(/[^/\\s]*)*$" = {
extraConfig = ''
index index.html index.htm;
rewrite ^/games/atcsim/?$ "/index.html" break;
rewrite ^/games/atcsim(?<query>(/[^/\\s]*)*)$ "$query" break;
root /etc/pullomatic/atcsim;
'';
};
locations."/portfolio" = {
extraConfig = ''
return 301 /portfolio/;
'';
};
locations."~ ^/portfolio/" = {
extraConfig = ''
index index.html index.htm;
rewrite ^/portfolio/?$ "/index.html" break;
rewrite ^/portfolio(?<query>(/[^/\\s]*)*)$ "$query" break;
root /etc/pullomatic/my-portfolio;
'';
};
locations."~ ^/echo(?<query>((/[^/\\s]*)*))$" = {
extraConfig = ''
add_header Content-Type text/plain;
return 200 "$query";
'';
};
locations."/" = {
extraConfig = ''
try_files $uri $uri.php $uri/ =404;
index index.php index.html index.htm;
rewrite ^/contact$ /contact.php last;
rewrite ^/resume$ /resume.php last;
'';
};
locations."~ \.php$" = {
extraConfig = ''
include ${pkgs.nginx}/conf/fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.main.socket};
'';
};
}) // (withWww "coldairnetworks.com" {
enableACME = true;
forceSSL = false;
addSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3012/";
};
});
2024-11-15 22:00:01 -09:00
# Optionally configure additional options
recommendedGzipSettings = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
services.phpfpm.pools = {
main = {
phpEnv."PATH" = lib.makeBinPath [pkgs.php];
user = "nginx";
group = "nginx";
settings = {
# listen = /run/phpfpm.sock
# "listen.mode = 0660
"listen.owner" = "nginx";
"listen.group" = "nginx";
"pm" = "dynamic";
"pm.max_children" = 75;
"pm.start_servers" = 10;
"pm.min_spare_servers" = 5;
"pm.max_spare_servers" = 20;
"pm.max_requests" = 500;
"php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true;
"catch_workers_output" = true;
};
};
};
}