nix-conf/systems/hetzner/nginx.nix

{
  config,
  pkgs,
  self,
  lib,
  ...
}:

{
  services.nginx = {
    enable = true;
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;
    recommendedProxySettings = true;
    virtualHosts = {
      "missing.ninja" = {
        serverAliases = [
          "joens.zone"
          "joens.website"
          "joens.site"
          "joens.online"
          "joens.link"
          "joens.international"
          "joens.family"
          "joens.digital"
          "joens.blog"
          "net0loggy.net"
          #"clan-war.net"
          "net0loggy.de"
          "dtg-c.de"
        ];
        enableACME = true;
        forceSSL = true;
      };
      "webmail.missing.ninja" = {
        serverAliases = [ "joens.email" ];
      };
      "pad.missing.ninja" = {
        forceSSL = true;
        enableACME = true;
        locations."/".proxyPass = "http://localhost:3333";
        locations."/socket.io/" = {
          proxyPass = "http://localhost:3333";
          proxyWebsockets = true;
          extraConfig = "proxy_ssl_server_name on;";
        };
      };
      "test.missing.ninja" = {
        forceSSL = true;
        enableACME = true;
      };
      "search.missing.ninja" = {
        forceSSL = true;
        enableACME = true;
        locations."/".proxyPass = "http://localhost:8080";
      };
      "cache.missing.ninja" = {
        forceSSL = true;
        enableACME = true;
        locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
      };
      "nix.missing.ninja" = {
        forceSSL = true;
        enableACME = true;
        locations."/".root = self.inputs.nuschtos.packages.${pkgs.stdenv.system}.mkMultiSearch {
          scopes = [
            {
              modules = [ self.inputs.disko.nixosModules.default ];
              name = "Disko";
              specialArgs.modulesPath = pkgs.path + "/nixos/modules";
              urlPrefix = "https://github.com/nix-community/disko/blob/master/";
            }
            {
              modules = lib.attrValues self.inputs.nixos-hardware.nixosModules;
              name = "NixOS Hardware";
              specialArgs = {
                modulesPath = pkgs.path + "/nixos/modules";
                inherit pkgs;
              };
              urlPrefix = "https://github.com/NixOS/nixos-hardware/blob/master/";
            }
            {
              modules = [
                self.inputs.snm.nixosModules.default
                {
                  mailserver = {
                    fqdn = "mx.example.com";
                    domains = [ "example.com" ];
                    dmarcReporting = {
                      organizationName = "Example Corp";
                      domain = "example.com";
                    };
                  };
                }
              ];
              name = "Simple NixOS Mailserver";
              urlPrefix = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/blob/master/";
            }
            {
              optionsJSON = (import "${self.inputs.nixpkgs}/nixos/release.nix" { }).options + /share/doc/nixos/options.json;
              name = "NixOS";
              urlPrefix = "https://github.com/NixOS/nixpkgs/tree/master/";
            }
            {
              optionsJSON = self.inputs.home-manager.packages.${pkgs.stdenv.system}.docs-html.passthru.home-manager-options.nixos + /share/doc/nixos/options.json;
              name = "Home Manager NixOS";
              urlPrefix = "https://github.com/nix-community/home-manager/tree/master/";
            }
            {
              optionsJSON = self.inputs.home-manager.packages.${pkgs.stdenv.system}.docs-json + /share/doc/home-manager/options.json;
              optionsPrefix = "home-manager.users.<name>";
              name = "Home Manager";
              urlPrefix = "https://github.com/nix-community/home-manager/tree/master/";
            }
            {
              optionsJSON = self.inputs.nixvim.packages.${pkgs.stdenv.system}.options-json + /share/doc/nixos/options.json;
              optionsPrefix = "programs.nixvim";
              name = "NixVim";
              urlPrefix = "https://github.com/nix-community/nixvim/tree/main/";
            }
          ];
        };
      };
      "hetzner" = {
        forceSSL = false;
        enableACME = false;
        locations = {
          "/" = {
            proxyPass = "http://127.0.0.1:1242";
            proxyWebsockets = true;
            extraConfig = ''
              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header X-Forwarded-Host $host:$server_port;
              proxy_set_header X-Forwarded-Proto $scheme;
              proxy_set_header X-Forwarded-Server $host;
              proxy_set_header Connection "Upgrade";
              proxy_set_header Upgrade $http_upgrade;
            '';
          };
          "/Api/NLog" = {
            proxyPass = "http://127.0.0.1:1242";
            extraConfig = ''
              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header X-Forwarded-Host $host:$server_port;
              proxy_set_header X-Forwarded-Proto $scheme;
              proxy_set_header X-Forwarded-Server $host;
            '';
          };
        };
      };
    };
  };

  services.hedgedoc = {
    enable = true;
    settings = {
      db = {
        dialect = "sqlite";
        torage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
      };
      domain = "pad.missing.ninja";
      port = 3333;
      useSSL = false;
      protocolUseSSL = true;
    };
  };

  services.nix-serve = {
    enable = true;
    secretKeyFile = "/var/cache-priv-key.pem";
  };

  services.wordpress.webserver = "nginx";
  services.phpfpm.phpOptions = ''
    post_max_size = "64M"
    upload_max_filesize = "64M"
    max_execution_time = 300
    max_input_time = 300
  '';

  services.searx = {
    enable = true;
    runInUwsgi = false;
    settings = {
      server.secret_key = "NotASecret";
    };
    uwsgiConfig = {
      socket = "/run/searx/searx.sock";
      chmod-socket = "660";
    };
  };
}
run nix fmt 2024-07-10 23:02:54 +02:00			`{`
			`config,`
			`pkgs,`
			`self,`
missed lib 2024-10-28 22:39:13 +01:00			`lib,`
run nix fmt 2024-07-10 23:02:54 +02:00			`...`
			`}:`
enable doc server 2024-05-01 19:33:12 +02:00
			`{`
			`services.nginx = {`
			`enable = true;`
			`recommendedTlsSettings = true;`
			`recommendedOptimisation = true;`
			`recommendedGzipSettings = true;`
			`recommendedProxySettings = true;`
			`virtualHosts = {`
			`"missing.ninja" = {`
run nix fmt 2024-07-10 23:02:54 +02:00			`serverAliases = [`
			`"joens.zone"`
			`"joens.website"`
			`"joens.site"`
			`"joens.online"`
			`"joens.link"`
			`"joens.international"`
			`"joens.family"`
			`"joens.digital"`
			`"joens.blog"`
			`"net0loggy.net"`
remove domains not handle by this server 2024-10-09 10:42:27 +02:00			`#"clan-war.net"`
run nix fmt 2024-07-10 23:02:54 +02:00			`"net0loggy.de"`
			`"dtg-c.de"`
			`];`
enable doc server 2024-05-01 19:33:12 +02:00			`enableACME = true;`
			`forceSSL = true;`
			`};`
			`"webmail.missing.ninja" = {`
			`serverAliases = [ "joens.email" ];`
			`};`
			`"pad.missing.ninja" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations."/".proxyPass = "http://localhost:3333";`
			`locations."/socket.io/" = {`
			`proxyPass = "http://localhost:3333";`
			`proxyWebsockets = true;`
run nix fmt 2024-07-10 23:02:54 +02:00			`extraConfig = "proxy_ssl_server_name on;";`
enable doc server 2024-05-01 19:33:12 +02:00			`};`
			`};`
maybe 2024-05-05 10:00:13 +02:00			`"test.missing.ninja" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`};`
add searx server 2024-07-16 20:53:45 +02:00			`"search.missing.ninja" = {`
			`forceSSL = true;`
			`enableACME = true;`
eweefe 2024-07-16 21:34:23 +02:00			`locations."/".proxyPass = "http://localhost:8080";`
add searx server 2024-07-16 20:53:45 +02:00			`};`
add nginx proxy 2024-10-09 10:23:09 +02:00			`"cache.missing.ninja" = {`
cache ssl 2024-10-09 10:36:43 +02:00			`forceSSL = true;`
			`enableACME = true;`
add nginx proxy 2024-10-09 10:23:09 +02:00			`locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";`
			`};`
nuschtos search 2024-10-28 22:33:43 +01:00			`"nix.missing.ninja" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations."/".root = self.inputs.nuschtos.packages.${pkgs.stdenv.system}.mkMultiSearch {`
			`scopes = [`
			`{`
			`modules = [ self.inputs.disko.nixosModules.default ];`
add home to search 2024-10-29 18:18:44 +01:00			`name = "Disko";`
nuschtos search 2024-10-28 22:33:43 +01:00			`specialArgs.modulesPath = pkgs.path + "/nixos/modules";`
			`urlPrefix = "https://github.com/nix-community/disko/blob/master/";`
			`}`
			`{`
			`modules = lib.attrValues self.inputs.nixos-hardware.nixosModules;`
add home to search 2024-10-29 18:18:44 +01:00			`name = "NixOS Hardware";`
nuschtos search 2024-10-28 22:33:43 +01:00			`specialArgs = {`
			`modulesPath = pkgs.path + "/nixos/modules";`
			`inherit pkgs;`
			`};`
			`urlPrefix = "https://github.com/NixOS/nixos-hardware/blob/master/";`
			`}`
			`{`
			`modules = [`
			`self.inputs.snm.nixosModules.default`
			`{`
			`mailserver = {`
			`fqdn = "mx.example.com";`
			`domains = [ "example.com" ];`
			`dmarcReporting = {`
			`organizationName = "Example Corp";`
			`domain = "example.com";`
			`};`
			`};`
			`}`
			`];`
add home to search 2024-10-29 18:18:44 +01:00			`name = "Simple NixOS Mailserver";`
nuschtos search 2024-10-28 22:33:43 +01:00			`urlPrefix = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/blob/master/";`
			`}`
			`{`
wrong input 2024-10-28 22:43:02 +01:00			`optionsJSON = (import "${self.inputs.nixpkgs}/nixos/release.nix" { }).options + /share/doc/nixos/options.json;`
nuschtos search 2024-10-28 22:33:43 +01:00			`name = "NixOS";`
			`urlPrefix = "https://github.com/NixOS/nixpkgs/tree/master/";`
			`}`
add home to search 2024-10-29 18:18:44 +01:00			`{`
fix up 2024-10-29 18:21:11 +01:00			`optionsJSON = self.inputs.home-manager.packages.${pkgs.stdenv.system}.docs-html.passthru.home-manager-options.nixos + /share/doc/nixos/options.json;`
add home to search 2024-10-29 18:18:44 +01:00			`name = "Home Manager NixOS";`
			`urlPrefix = "https://github.com/nix-community/home-manager/tree/master/";`
			`}`
			`{`
fix up 2024-10-29 18:21:11 +01:00			`optionsJSON = self.inputs.home-manager.packages.${pkgs.stdenv.system}.docs-json + /share/doc/home-manager/options.json;`
add home to search 2024-10-29 18:18:44 +01:00			`optionsPrefix = "home-manager.users.<name>";`
			`name = "Home Manager";`
			`urlPrefix = "https://github.com/nix-community/home-manager/tree/master/";`
			`}`
			`{`
fix up 2024-10-29 18:21:11 +01:00			`optionsJSON = self.inputs.nixvim.packages.${pkgs.stdenv.system}.options-json + /share/doc/nixos/options.json;`
add home to search 2024-10-29 18:18:44 +01:00			`optionsPrefix = "programs.nixvim";`
			`name = "NixVim";`
			`urlPrefix = "https://github.com/nix-community/nixvim/tree/main/";`
			`}`
nuschtos search 2024-10-28 22:33:43 +01:00			`];`
			`};`
			`};`
add asf 2024-10-14 19:36:42 +02:00			`"hetzner" = {`
			`forceSSL = false;`
			`enableACME = false;`
update asf server config 2024-10-14 19:59:28 +02:00			`locations = {`
			`"/" = {`
			`proxyPass = "http://127.0.0.1:1242";`
			`proxyWebsockets = true;`
			`extraConfig = ''`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Host $host:$server_port;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_set_header X-Forwarded-Server $host;`
			`proxy_set_header Connection "Upgrade";`
			`proxy_set_header Upgrade $http_upgrade;`
			`'';`
			`};`
			`"/Api/NLog" = {`
			`proxyPass = "http://127.0.0.1:1242";`
			`extraConfig = ''`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Host $host:$server_port;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_set_header X-Forwarded-Server $host;`
			`'';`
			`};`
			`};`
add asf 2024-10-14 19:36:42 +02:00			`};`
enable doc server 2024-05-01 19:33:12 +02:00			`};`
			`};`

forgot a service. 2024-05-01 19:34:08 +02:00			`services.hedgedoc = {`
enable doc server 2024-05-01 19:33:12 +02:00			`enable = true;`
			`settings = {`
			`db = {`
			`dialect = "sqlite";`
			`torage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";`
			`};`
			`domain = "pad.missing.ninja";`
			`port = 3333;`
			`useSSL = false;`
			`protocolUseSSL = true;`
			`};`
			`};`
add wordpress 2024-05-05 09:56:19 +02:00
add nix server 2024-10-09 10:20:16 +02:00			`services.nix-serve = {`
			`enable = true;`
			`secretKeyFile = "/var/cache-priv-key.pem";`
			`};`

add wordpress 2024-05-05 09:56:19 +02:00			`services.wordpress.webserver = "nginx";`
update php config 2024-05-05 10:39:36 +02:00			`services.phpfpm.phpOptions = ''`
			`post_max_size = "64M"`
			`upload_max_filesize = "64M"`
			`max_execution_time = 300`
			`max_input_time = 300`
			`'';`
add wordpress 2024-05-05 09:56:19 +02:00
add searx server 2024-07-16 20:53:45 +02:00			`services.searx = {`
			`enable = true;`
eweefe 2024-07-16 21:34:23 +02:00			`runInUwsgi = false;`
set a secrect key 2024-07-16 21:33:09 +02:00			`settings = {`
run nix fmt 2024-07-16 21:52:40 +02:00			`server.secret_key = "NotASecret";`
set a secrect key 2024-07-16 21:33:09 +02:00			`};`
add searx server 2024-07-16 20:53:45 +02:00			`uwsgiConfig = {`
			`socket = "/run/searx/searx.sock";`
chmod socket 2024-07-16 21:03:22 +02:00			`chmod-socket = "660";`
add searx server 2024-07-16 20:53:45 +02:00			`};`
			`};`
enable doc server 2024-05-01 19:33:12 +02:00			`}`