{ config, pkgs, lib, ... }: let serverName = "atri.dad"; matrixDomain = "chat.atri.dad"; # .well-known/matrix/client JSON wellKnownClient = builtins.toJSON { "m.homeserver" = { base_url = "https://${matrixDomain}"; }; "org.matrix.msc3575.proxy" = { url = "https://${matrixDomain}"; }; "org.matrix.msc4143.rtc_foci" = [ { type = "livekit"; livekit_service_url = "https://${matrixDomain}/livekit/jwt"; } ]; }; # .well-known/matrix/server JSON wellKnownServer = builtins.toJSON { "m.server" = "${matrixDomain}:443"; }; in { security.acme = { acceptTerms = true; defaults.email = "me@atri.dad"; }; services.nginx = { enable = true; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; # Fuck AI commonHttpConfig = '' more_clear_headers Server; more_clear_headers X-Powered-By; map $http_user_agent $fuckai { default 0; "~*GPTBot" 1; "~*ChatGPT-User" 1; "~*OAI-SearchBot" 1; "~*ChatGPT-Browser" 1; "~*ClaudeBot" 1; "~*Claude-Web" 1; "~*anthropic-ai" 1; "~*Anthropic-Claude" 1; "~*xAI-Bot" 1; "~*DeepseekBot" 1; "~*Google-Extended" 1; "~*Gemini-Ai" 1; "~*Gemini-Deep-Research" 1; "~*Google-CloudVertexBot" 1; "~*Google-NotebookLM" 1; "~*GoogleAgent-Mariner" 1; "~*Bard-Ai" 1; "~*FacebookBot" 1; "~*Meta-ExternalAgent" 1; "~*meta-webindexer" 1; "~*Applebot-Extended" 1; "~*bingbot" 1; "~*CCBot" 1; "~*PerplexityBot" 1; "~*Perplexity-User" 1; "~*Bytespider" 1; "~*Diffbot" 1; "~*Amazonbot" 1; "~*cohere-ai" 1; "~*Cohere-Command" 1; "~*YouBot" 1; "~*Omgilibot" 1; "~*ImagesiftBot" 1; "~*AI2Bot" 1; "~*Andibot" 1; "~*bigsur.ai" 1; "~*Brightbot" 1; "~*TerraCotta" 1; "~*Character-AI" 1; "~*Devin" 1; "~*Crawlspace" 1; "~*DuckAssistBot" 1; "~*FirecrawlAgent" 1; "~*Groq-Bot" 1; "~*HuggingFace-Bot" 1; "~*IbouBot" 1; "~*MistralAI-User" 1; "~*Replicate-Bot" 1; "~*RunPod-Bot" 1; "~*TimpiBot" 1; "~*Together-Bot" 1; "~*Kangaroo Bot" 1; "~*PanguBot" 1; "~*Cotoyogi" 1; "~*Webzio-Extended" 1; } ''; # Stream Hosts streamConfig = '' # Port 69 server { listen 69; listen 69 udp; proxy_pass lloyd.tadpole-pain.ts.net:69; } # Port 420 server { listen 420; listen 420 udp; proxy_pass lloyd.tadpole-pain.ts.net:420; } # Minecraft / Game Ports server { listen 25565; listen 25565 udp; proxy_pass lloyd.tadpole-pain.ts.net:25565; } server { listen 25566; listen 25566 udp; proxy_pass lloyd.tadpole-pain.ts.net:25566; } server { listen 25567; listen 25567 udp; proxy_pass lloyd.tadpole-pain.ts.net:25567; } ''; # Proxy Hosts virtualHosts = { # atri.dad hosts "atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:3000"; extraConfig = "if ($fuckai) { return 444; }"; }; locations."= /.well-known/matrix/server" = { extraConfig = '' default_type application/json; return 200 '${wellKnownServer}'; ''; }; locations."= /.well-known/matrix/client" = { extraConfig = '' default_type application/json; add_header Access-Control-Allow-Origin "*"; return 200 '${wellKnownClient}'; ''; }; }; "analytics.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30060"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "archive.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30288"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "ascently.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:8838"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "bsky.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:31173"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "chef.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30111"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "democlimb.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:8008"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "fedi.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:8181"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "gist.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:1227"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "git.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30010"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "links.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30243"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "media.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30013"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "memos.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30311"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "mermaid.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:8280"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "msrc.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:3311"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "n8n.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30109"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "ocr.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30070"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "openclimb.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:1337"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "photos.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30041"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "pods.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:8828"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "requests.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30042"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "ripkyle.org" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:4321"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "s3.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30188"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "search.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30053"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "sync.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:20910"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "travel.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30251"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "travelapi.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30250"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "vault.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30032"; extraConfig = "if ($fuckai) { return 444; }"; }; }; # Matrix "chat.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://[::1]:8008"; proxyWebsockets = true; extraConfig = '' client_max_body_size 100M; ''; }; locations."^~ /livekit/jwt/" = { priority = 400; proxyPass = "http://[::1]:${toString config.services.lk-jwt-service.port}/"; }; locations."^~ /livekit/sfu/" = { priority = 400; proxyPass = "http://[::1]:${toString config.services.livekit.settings.port}/"; proxyWebsockets = true; extraConfig = '' proxy_send_timeout 120; proxy_read_timeout 120; proxy_buffering off; proxy_set_header Accept-Encoding gzip; ''; }; locations."= /.well-known/matrix/server" = { extraConfig = '' default_type application/json; return 200 '${wellKnownServer}'; ''; }; locations."= /.well-known/matrix/client" = { extraConfig = '' default_type application/json; add_header Access-Control-Allow-Origin "*"; return 200 '${wellKnownClient}'; ''; }; }; # LiveKit WebRTC signaling domain "matrixrtc.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://[::1]:${toString config.services.livekit.settings.port}"; proxyWebsockets = true; extraConfig = '' proxy_send_timeout 120; proxy_read_timeout 120; proxy_buffering off; proxy_set_header Accept-Encoding gzip; ''; }; }; # atash.dev hosts "atash.dev" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:6969"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "chronus.atash.dev" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:7337"; extraConfig = "if ($fuckai) { return 444; }"; }; }; }; }; # Open Ports networking.firewall.allowedTCPPorts = [ 80 443 69 420 25565 25566 25567 ]; networking.firewall.allowedUDPPorts = [ 69 420 25565 25566 25567 ]; }