atridad/haschel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update nginx.nix

Browse Source
This commit is contained in:
Atridad Lahiji
2026-02-17 19:03:47 -07:00
parent 38620aba96
commit 097a60c0e0
1 changed files with 107 additions and 277 deletions
Download Patch File Download Diff File Expand all files Collapse all files

384
modules/nginx.nix
View File

@@ -1,9 +1,17 @@
{ config, pkgs, lib, ... }:
{
config,
lib,
...
}:
let
serverName = "atri.dad";
matrixDomain = "matrix.atri.dad";
matrixRtcDomain = "matrixrtc.atri.dad";
atriDotDad = "atri.dad";
atashDotDev = "atash.dev";
matrixDomain = "matrix.${atriDotDad}";
matrixRtcDomain = "matrixrtc.${atriDotDad}";
upstream = "lloyd.tadpole-pain.ts.net";
wellKnownServer = builtins.toJSON {
"m.server" = "${matrixDomain}:443";
@@ -20,11 +28,44 @@ let
}
];
};
# Helper: standard proxy virtual host
mkProxy = port: {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://${upstream}:${toString port}";
extraConfig = "if ($fuckai) { return 444; }";
};
};
# Helper: proxy host with websocket support and extra location config
mkProxyWs = port: extraLocationConfig: {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://${upstream}:${toString port}";
proxyWebsockets = true;
extraConfig = ''
if ($fuckai) { return 444; }
${extraLocationConfig}
'';
};
};
# Helper: stream server block (TCP + UDP)
mkStream = port: ''
server {
listen ${toString port};
listen ${toString port} udp;
proxy_pass ${upstream}:${toString port};
}
'';
in
{
security.acme = {
acceptTerms = true;
defaults.email = "me@atri.dad";
defaults.email = "me@${atriDotDad}";
};
services.nginx = {
@@ -103,48 +144,22 @@ in
}
'';
# Stream Hosts
streamConfig = ''
# Port 69
server {
listen 69;
listen 69 udp;
proxy_pass lloyd.tadpole-pain.ts.net:69;
}
streamConfig = lib.concatStrings (
map mkStream [
69
420
25565
25566
25567
]
);
# Port 420
server {
listen 420;
listen 420 udp;
proxy_pass lloyd.tadpole-pain.ts.net:420;
}
# Minecraft / Game Ports
server {
listen 25565;
listen 25565 udp;
proxy_pass lloyd.tadpole-pain.ts.net:25565;
}
server {
listen 25566;
listen 25566 udp;
proxy_pass lloyd.tadpole-pain.ts.net:25566;
}
server {
listen 25567;
listen 25567 udp;
proxy_pass lloyd.tadpole-pain.ts.net:25567;
}
'';
# Proxy Hosts
virtualHosts = {
# atri.dad hosts
"atri.dad" = {
"${atriDotDad}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:3000";
proxyPass = "http://${upstream}:3000";
extraConfig = "if ($fuckai) { return 444; }";
};
locations."= /.well-known/matrix/server" = {
@@ -161,94 +176,41 @@ in
'';
};
};
"analytics.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30060";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"archive.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30288";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"ascently.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:8838";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"bsky.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:31173";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"chef.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30111";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"democlimb.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:8008";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"fedi.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:8181";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"gist.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:1227";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"git.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30010";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"links.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30243";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"media.atri.dad" = {
"analytics.${atriDotDad}" = mkProxy 30060;
"archive.${atriDotDad}" = mkProxy 30288;
"ascently.${atriDotDad}" = mkProxy 8838;
"bsky.${atriDotDad}" = mkProxy 31173;
"chef.${atriDotDad}" = mkProxy 30111;
"democlimb.${atriDotDad}" = mkProxy 8008;
"fedi.${atriDotDad}" = mkProxy 8181;
"gist.${atriDotDad}" = mkProxy 1227;
"git.${atriDotDad}" = mkProxy 30010;
"links.${atriDotDad}" = mkProxy 30243;
"memos.${atriDotDad}" = mkProxy 30311;
"mermaid.${atriDotDad}" = mkProxy 8280;
"msrc.${atriDotDad}" = mkProxy 3311;
"n8n.${atriDotDad}" = mkProxy 30109;
"ocr.${atriDotDad}" = mkProxy 30070;
"openclimb.${atriDotDad}" = mkProxy 1337;
"photos.${atriDotDad}" = mkProxy 30041;
"pods.${atriDotDad}" = mkProxy 8828;
"requests.${atriDotDad}" = mkProxy 30042;
"s3.${atriDotDad}" = mkProxy 30188;
"search.${atriDotDad}" = mkProxy 30053;
"sync.${atriDotDad}" = mkProxy 20910;
"travel.${atriDotDad}" = mkProxy 30251;
"travelapi.${atriDotDad}" = mkProxy 30250;
"vault.${atriDotDad}" = mkProxy 30032;
"media.${atriDotDad}" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
client_max_body_size 0;
'';
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30013";
proxyPass = "http://${upstream}:30013";
proxyWebsockets = true;
extraConfig = ''
if ($fuckai) { return 444; }
@@ -260,139 +222,10 @@ in
'';
};
};
"memos.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30311";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"mermaid.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:8280";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"msrc.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:3311";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"n8n.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30109";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"ocr.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30070";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"openclimb.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:1337";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"photos.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30041";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"pods.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:8828";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"requests.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30042";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"ripkyle.org" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:4321";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"s3.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30188";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"search.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30053";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"sync.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:20910";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"travel.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30251";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"travelapi.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30250";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"vault.atri.dad" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:30032";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"matrix.atri.dad" = {
"${matrixDomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://[::1]:6167";
proxyWebsockets = true;
@@ -400,18 +233,15 @@ in
client_max_body_size 100M;
'';
};
locations."^~ /livekit/jwt/" = {
priority = 400;
proxyPass = "http://[::1]:${toString config.services.lk-jwt-service.port}/";
};
};
"matrixrtc.atri.dad" = {
"${matrixRtcDomain}" = {
enableACME = true;
forceSSL = true;
# livekit
locations."/" = {
proxyPass = "http://[::1]:${toString config.services.livekit.settings.port}";
proxyWebsockets = true;
@@ -424,26 +254,26 @@ in
};
};
"atash.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:6969";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"chronus.atash.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://lloyd.tadpole-pain.ts.net:7337";
extraConfig = "if ($fuckai) { return 444; }";
};
};
"ripkyle.org" = mkProxy 4321;
"${atashDotDev}" = mkProxy 6969;
"chronus.${atashDotDev}" = mkProxy 7337;
};
};
# Open Ports
networking.firewall.allowedTCPPorts = [ 80 443 69 420 25565 25566 25567 ];
networking.firewall.allowedUDPPorts = [ 69 420 25565 25566 25567 ];
networking.firewall.allowedTCPPorts = [
80
443
69
420
25565
25566
25567
];
networking.firewall.allowedUDPPorts = [
69
420
25565
25566
25567
];
}