{...}: let # rootDomain = config.networking.domain; rootDomain = "bensima.com"; ports = import ./Ports.nix; in { imports = [./Gmnisrv.nix]; networking.firewall = { allowedTCPPorts = [ ports.ssh ports.git ports.http ports.https ports.sabten ports.gemini ports.radicale ports.znc ports.gerrit-ssh ]; }; users.users.nginx.extraGroups = ["acme"]; services = { libreddit = { enable = true; address = "127.0.0.1"; openFirewall = true; port = ports.libreddit; }; invidious = { enable = true; database.createLocally = true; domain = "youtube.${rootDomain}"; nginx.enable = false; # do this myself, below port = ports.invidious; }; gmnisrv = { enable = false; listen = "0.0.0.0:${toString ports.gemini} [::]:${toString ports.gemini}"; settings = { ":tls" = {store = "/var/lib/gmnisrv";}; "bsima.me" = {"root" = "/var/web/ben";}; "${rootDomain}" = { "root" = "/var/web/ben"; "cgi" = "on"; }; }; }; nginx = { enable = true; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; statusPage = true; user = "nginx"; group = "nginx"; # Add PHP configuration for Monica appendHttpConfig = '' # PHP FastCGI configuration for Monica upstream php-handler { server unix:/run/phpfpm/monica.sock; } ''; virtualHosts = { ${rootDomain} = { serverName = rootDomain; forceSSL = true; enableACME = true; serverAliases = [ "www.simatime.com" "simatime.com" "www.bsima.me" "bsima.me" "mail.bensima.com" ]; locations = { # nostr nip-5 verification #"/.well-known/nostr.json".return = "200 '${ # builtins.toJSON { # names.bensima = "2fa4b9ba71b6dab17c4723745bb7850dfdafcb6ae1a8642f76f9c64fa5f43436"; # } #}'"; "/" = { root = "/var/web/ben"; index = "index.html index.htm"; extraConfig = '' autoindex on; ''; }; # serve /~$USER paths, yeah i'm the only user, but whatever this # trick might be useful someday "~ ^/~(.+?)(/.*)?$" = { alias = "/var/web/$1$2"; index = "index.html index.htm"; extraConfig = '' autoindex on; ''; }; }; }; "hoogle.${rootDomain}" = { locations."/".proxyPass = "http://${ports.bensIp}:${toString ports.hoogle}"; forceSSL = true; useACMEHost = rootDomain; }; "tv.${rootDomain}" = { locations."/".proxyPass = "http://tityos.feralhosting.com:50393"; forceSSL = true; useACMEHost = rootDomain; }; "youtube.${rootDomain}" = { locations."/".proxyPass = "http://localhost:${toString ports.invidious}"; forceSSL = true; useACMEHost = rootDomain; }; "www.youtube.${rootDomain}" = { forceSSL = true; useACMEHost = rootDomain; globalRedirect = "youtube.${rootDomain}"; }; "m.youtube.${rootDomain}" = { forceSSL = true; useACMEHost = rootDomain; globalRedirect = "youtube.${rootDomain}"; }; "music.${rootDomain}" = { forceSSL = true; useACMEHost = rootDomain; locations."/".proxyPass = "http://localhost:${toString ports.botamusique}"; }; "nostr.${rootDomain}" = { forceSSL = true; useACMEHost = rootDomain; locations."/" = { proxyPass = "http://localhost:${toString ports.nostr-relay}"; extraConfig = '' proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; ''; }; }; "jupyter.${rootDomain}" = { forceSSL = true; useACMEHost = rootDomain; locations = { "/" = { proxyPass = "http://${ports.bensIp}:${toString ports.jupyter}"; proxyWebsockets = true; extraConfig = '' proxy_buffering off; proxy_read_timeout 86400; ''; }; "/(api/kernels/[^/]+/channels|terminals/websocket)/" = { proxyPass = "http://${ports.bensIp}:${toString ports.jupyter}"; proxyWebsockets = true; }; }; }; }; }; }; security.acme.certs.${rootDomain} = { group = "nginx"; # This must contain all of the other domains we host extraDomainNames = ["simatime.com" "www.simatime.com" "bsima.me" "www.bsima.me"] ++ map (sub: "${sub}.${rootDomain}") [ "tv" "hoogle" "cal" "jupyter" "git" "monica" # xmpp stuff "upload" "conference" ]; }; }