atridad/haschel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update nginx.nix

Browse Source
This commit is contained in:
Atridad Lahiji
2026-02-17 19:03:47 -07:00
parent 38620aba96
commit 097a60c0e0
1 changed files with 107 additions and 277 deletions
Download Patch File Download Diff File Expand all files Collapse all files

384
modules/nginx.nix
View File

@@ -1,9 +1,17 @@
{ config, pkgs, lib, ... }: {
config,
lib,
...
}:
let let
serverName = "atri.dad"; atriDotDad = "atri.dad";
matrixDomain = "matrix.atri.dad"; atashDotDev = "atash.dev";
matrixRtcDomain = "matrixrtc.atri.dad";
matrixDomain = "matrix.${atriDotDad}";
matrixRtcDomain = "matrixrtc.${atriDotDad}";
upstream = "lloyd.tadpole-pain.ts.net";
wellKnownServer = builtins.toJSON { wellKnownServer = builtins.toJSON {
"m.server" = "${matrixDomain}:443"; "m.server" = "${matrixDomain}:443";
@@ -20,11 +28,44 @@ let
} }
]; ];
}; };
# Helper: standard proxy virtual host
mkProxy = port: {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://${upstream}:${toString port}";
extraConfig = "if ($fuckai) { return 444; }";
};
};
# Helper: proxy host with websocket support and extra location config
mkProxyWs = port: extraLocationConfig: {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://${upstream}:${toString port}";
proxyWebsockets = true;
extraConfig = ''
if ($fuckai) { return 444; }
${extraLocationConfig}
'';
};
};
# Helper: stream server block (TCP + UDP)
mkStream = port: ''
server {
listen ${toString port};
listen ${toString port} udp;
proxy_pass ${upstream}:${toString port};
}
'';
in in
{ {
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "me@atri.dad"; defaults.email = "me@${atriDotDad}";
}; };
services.nginx = { services.nginx = {
@@ -103,48 +144,22 @@ in
} }
''; '';
# Stream Hosts streamConfig = lib.concatStrings (
streamConfig = '' map mkStream [
# Port 69 69
server { 420
listen 69; 25565
listen 69 udp; 25566
proxy_pass lloyd.tadpole-pain.ts.net:69; 25567
} ]
);
# Port 420
server {
listen 420;
listen 420 udp;
proxy_pass lloyd.tadpole-pain.ts.net:420;
}
# Minecraft / Game Ports
server {
listen 25565;
listen 25565 udp;
proxy_pass lloyd.tadpole-pain.ts.net:25565;
}
server {
listen 25566;
listen 25566 udp;
proxy_pass lloyd.tadpole-pain.ts.net:25566;
}
server {
listen 25567;
listen 25567 udp;
proxy_pass lloyd.tadpole-pain.ts.net:25567;
}
'';
# Proxy Hosts
virtualHosts = { virtualHosts = {
# atri.dad hosts "${atriDotDad}" = {
"atri.dad" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:3000"; proxyPass = "http://${upstream}:3000";
extraConfig = "if ($fuckai) { return 444; }"; extraConfig = "if ($fuckai) { return 444; }";
}; };
locations."= /.well-known/matrix/server" = { locations."= /.well-known/matrix/server" = {
@@ -161,94 +176,41 @@ in
''; '';
}; };
}; };
"analytics.atri.dad" = {
enableACME = true; "analytics.${atriDotDad}" = mkProxy 30060;
forceSSL = true; "archive.${atriDotDad}" = mkProxy 30288;
locations."/" = { "ascently.${atriDotDad}" = mkProxy 8838;
proxyPass = "http://lloyd.tadpole-pain.ts.net:30060"; "bsky.${atriDotDad}" = mkProxy 31173;
extraConfig = "if ($fuckai) { return 444; }"; "chef.${atriDotDad}" = mkProxy 30111;
}; "democlimb.${atriDotDad}" = mkProxy 8008;
}; "fedi.${atriDotDad}" = mkProxy 8181;
"archive.atri.dad" = { "gist.${atriDotDad}" = mkProxy 1227;
enableACME = true; "git.${atriDotDad}" = mkProxy 30010;
forceSSL = true; "links.${atriDotDad}" = mkProxy 30243;
locations."/" = { "memos.${atriDotDad}" = mkProxy 30311;
proxyPass = "http://lloyd.tadpole-pain.ts.net:30288"; "mermaid.${atriDotDad}" = mkProxy 8280;
extraConfig = "if ($fuckai) { return 444; }"; "msrc.${atriDotDad}" = mkProxy 3311;
}; "n8n.${atriDotDad}" = mkProxy 30109;
}; "ocr.${atriDotDad}" = mkProxy 30070;
"ascently.atri.dad" = { "openclimb.${atriDotDad}" = mkProxy 1337;
enableACME = true; "photos.${atriDotDad}" = mkProxy 30041;
forceSSL = true; "pods.${atriDotDad}" = mkProxy 8828;
locations."/" = { "requests.${atriDotDad}" = mkProxy 30042;
proxyPass = "http://lloyd.tadpole-pain.ts.net:8838"; "s3.${atriDotDad}" = mkProxy 30188;
extraConfig = "if ($fuckai) { return 444; }"; "search.${atriDotDad}" = mkProxy 30053;
}; "sync.${atriDotDad}" = mkProxy 20910;
}; "travel.${atriDotDad}" = mkProxy 30251;
"bsky.atri.dad" = { "travelapi.${atriDotDad}" = mkProxy 30250;
enableACME = true; "vault.${atriDotDad}" = mkProxy 30032;
forceSSL = true;
locations."/" = { "media.${atriDotDad}" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:31173";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"chef.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30111";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"democlimb.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:8008";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"fedi.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:8181";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"gist.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:1227";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"git.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30010";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"links.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30243";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"media.atri.dad" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
locations."/" = { locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30013"; proxyPass = "http://${upstream}:30013";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = '' extraConfig = ''
if ($fuckai) { return 444; } if ($fuckai) { return 444; }
@@ -260,139 +222,10 @@ in
''; '';
}; };
}; };
"memos.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30311";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"mermaid.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:8280";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"msrc.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:3311";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"n8n.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30109";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"ocr.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30070";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"openclimb.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:1337";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"photos.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30041";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"pods.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:8828";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"requests.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30042";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"ripkyle.org" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:4321";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"s3.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30188";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"search.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30053";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"sync.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:20910";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"travel.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30251";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"travelapi.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30250";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"vault.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30032";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"matrix.atri.dad" = { "${matrixDomain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://[::1]:6167"; proxyPass = "http://[::1]:6167";
proxyWebsockets = true; proxyWebsockets = true;
@@ -400,18 +233,15 @@ in
client_max_body_size 100M; client_max_body_size 100M;
''; '';
}; };
locations."^~ /livekit/jwt/" = { locations."^~ /livekit/jwt/" = {
priority = 400; priority = 400;
proxyPass = "http://[::1]:${toString config.services.lk-jwt-service.port}/"; proxyPass = "http://[::1]:${toString config.services.lk-jwt-service.port}/";
}; };
}; };
"matrixrtc.atri.dad" = { "${matrixRtcDomain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
# livekit
locations."/" = { locations."/" = {
proxyPass = "http://[::1]:${toString config.services.livekit.settings.port}"; proxyPass = "http://[::1]:${toString config.services.livekit.settings.port}";
proxyWebsockets = true; proxyWebsockets = true;
@@ -424,26 +254,26 @@ in
}; };
}; };
"atash.dev" = { "ripkyle.org" = mkProxy 4321;
enableACME = true; "${atashDotDev}" = mkProxy 6969;
forceSSL = true; "chronus.${atashDotDev}" = mkProxy 7337;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:6969";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"chronus.atash.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:7337";
extraConfig = "if ($fuckai) { return 444; }";
};
};
}; };
}; };
# Open Ports networking.firewall.allowedTCPPorts = [
networking.firewall.allowedTCPPorts = [ 80 443 69 420 25565 25566 25567 ]; 80
networking.firewall.allowedUDPPorts = [ 69 420 25565 25566 25567 ]; 443
69
420
25565
25566
25567
];
networking.firewall.allowedUDPPorts = [
69
420
25565
25566
25567
];
} }