feat: initial

2026-03-09 22:06:13 +01:00 · 2026-03-09 22:06:13 +01:00 · bba9ceff39
commit bba9ceff39
18 changed files with 750 additions and 0 deletions
--- a/services/nginx.nix
+++ b/services/nginx.nix
@ -0,0 +1,47 @@
+{ config, pkgs, lib, ... }:
+let
+  network = import ../data/network.nix;
+  rproxyServices = builtins.mapAttrs (name: service: {
+    serverName = "${name}.${network.local_domain}";
+    listen = [ {addr = "0.0.0.0"; port = 80;} ];
+    locations = {
+      "/" = {
+        proxyPass = "http://127.0.0.1:${builtins.toString service.reverse_proxy.port}/";
+        proxyWebsockets = true;
+      };
+    };
+    extraConfig = ''
+      allow ${network.network.subnet};
+      deny all;
+    '';
+  }) network.reverse_proxy;
+  serviceNamesMessage = builtins.toString (builtins.attrNames network.reverse_proxy);
+  fallback = {
+    serverName = "_";
+    listen = [ {addr = "0.0.0.0"; port = 80;} ];
+    locations."/" = {
+      return = "404";
+      extraConfig = ''
+        add_header Content-Type text/plain;
+      '';
+    };
+
+    extraConfig = ''
+      return 404 "This domain is not configured. Available services: ${serviceNamesMessage}";
+    '';
+  };
+in {
+  services.nginx = {
+    enable = true;
+
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+
+    virtualHosts = rproxyServices // {fallback = fallback;};
+  };
+
+  # TODO add 443 for https
+  networking.firewall.allowedTCPPorts = [80];
+}