{ config, pkgs, ... }: { services.nginx = { enable = true; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; # Fuck AI commonHttpConfig = '' more_clear_headers Server; more_clear_headers X-Powered-By; map $http_user_agent $fuckai { default 0; "~*GPTBot" 1; "~*ChatGPT-User" 1; "~*OAI-SearchBot" 1; "~*ChatGPT-Browser" 1; "~*ClaudeBot" 1; "~*Claude-Web" 1; "~*anthropic-ai" 1; "~*Anthropic-Claude" 1; "~*xAI-Bot" 1; "~*DeepseekBot" 1; "~*Google-Extended" 1; "~*Gemini-Ai" 1; "~*Gemini-Deep-Research" 1; "~*Google-CloudVertexBot" 1; "~*Google-NotebookLM" 1; "~*GoogleAgent-Mariner" 1; "~*Bard-Ai" 1; "~*FacebookBot" 1; "~*Meta-ExternalAgent" 1; "~*meta-webindexer" 1; "~*Applebot-Extended" 1; "~*bingbot" 1; "~*CCBot" 1; "~*PerplexityBot" 1; "~*Perplexity-User" 1; "~*Bytespider" 1; "~*Diffbot" 1; "~*Amazonbot" 1; "~*cohere-ai" 1; "~*Cohere-Command" 1; "~*YouBot" 1; "~*Omgilibot" 1; "~*ImagesiftBot" 1; "~*AI2Bot" 1; "~*Andibot" 1; "~*bigsur.ai" 1; "~*Brightbot" 1; "~*TerraCotta" 1; "~*Character-AI" 1; "~*Devin" 1; "~*Crawlspace" 1; "~*DuckAssistBot" 1; "~*FirecrawlAgent" 1; "~*Groq-Bot" 1; "~*HuggingFace-Bot" 1; "~*IbouBot" 1; "~*MistralAI-User" 1; "~*Replicate-Bot" 1; "~*RunPod-Bot" 1; "~*TimpiBot" 1; "~*Together-Bot" 1; "~*Kangaroo Bot" 1; "~*PanguBot" 1; "~*Cotoyogi" 1; "~*Webzio-Extended" 1; } ''; # Stream Hosts streamConfig = '' # Port 69 server { listen 69; listen 69 udp; proxy_pass lloyd.tadpole-pain.ts.net:69; } # Port 420 server { listen 420; listen 420 udp; proxy_pass lloyd.tadpole-pain.ts.net:420; } # Minecraft / Game Ports server { listen 25565; listen 25565 udp; proxy_pass lloyd.tadpole-pain.ts.net:25565; } server { listen 25566; listen 25566 udp; proxy_pass lloyd.tadpole-pain.ts.net:25566; } server { listen 25567; listen 25567 udp; proxy_pass lloyd.tadpole-pain.ts.net:25567; } ''; # Proxy Hosts virtualHosts = { # atri.dad hosts "atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:3000"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "analytics.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30060"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "archive.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30288"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "ascently.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:8838"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "bsky.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:31173"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "chef.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30111"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "democlimb.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:8008"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "fedi.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:8181"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "gist.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:1227"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "git.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30010"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "links.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30243"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "media.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30013"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "memos.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30311"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "mermaid.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:8280"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "msrc.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:3311"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "n8n.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30109"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "ocr.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30070"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "openclimb.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:1337"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "photos.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30041"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "pods.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:8828"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "requests.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30042"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "ripkyle.org" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:4321"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "s3.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30188"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "search.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30053"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "sync.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:20910"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "travel.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30251"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "travelapi.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30250"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "vault.atri.dad" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:30032"; extraConfig = "if ($fuckai) { return 444; }"; }; }; # atash.dev hosts "atash.dev" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:6969"; extraConfig = "if ($fuckai) { return 444; }"; }; }; "chronus.atash.dev" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://lloyd.tadpole-pain.ts.net:7337"; extraConfig = "if ($fuckai) { return 444; }"; }; }; }; }; # Open Ports networking.firewall.allowedTCPPorts = [ 80 443 69 420 25565 25566 25567 ]; networking.firewall.allowedUDPPorts = [ 69 420 25565 25566 25567 ]; }