Biz/Cloud/Web.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106

{ config, ... }:

let
  rootDomain = config.networking.domain;
  bensIp = "199.26.245.64";
in
{
  services = {
    nginx = {
      enable = true;
      recommendedGzipSettings = true;
      recommendedOptimisation = true;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;

      group = "users";

      virtualHosts = {
        ${rootDomain} = {
          locations."/".root = "/srv/www/";

          # serve /~$USER paths
          locations."~ ^/~(.+?)(/.*)?$" = {
            alias = "/home/$1/public_html$2";
            index = "index.html index.htm";
            extraConfig = ''
              autoindex on;
            '';
          };
          forceSSL = true;
          enableACME = true;
        };

        "bsima.me" = {
          locations."/" = {
            root = "/home/ben/public_html/";
            index = "index.html index.htm";
            extraConfig = ''
              autoindex on;
            '';
          };
          serverAliases = [ "www.bsima.me" ];
          forceSSL = true;
          useACMEHost = rootDomain;
        };

        "hoogle.${rootDomain}" = {
          locations."/".proxyPass = "http://${bensIp}:8008";
          forceSSL = true;
          useACMEHost = rootDomain;
        };

        "tv.${rootDomain}" = {
          locations."/".proxyPass = "http://${bensIp}:8096"; # emby runs on port 8096
          forceSSL = true;
          useACMEHost = rootDomain;
        };

        "devalloc.io" = {
          locations."/".proxyPass = "http://${bensIp}:8095";
          forceSSL = true;
          useACMEHost = rootDomain;
        };

        "dandel-rovbur.${rootDomain}" = {
          locations."/".proxyPass = "http://${bensIp}:8080";
          forceSSL = true;
          useACMEHost = rootDomain;
        };

        "sabten.${rootDomain}" = {
          locations."/".proxyPass = "http://localhost:8080";
          forceSSL = true;
          useACMEHost = rootDomain;
        };

        # Jupyter is currently disabled on Biz.Dev
        #"notebook.simatime.com".locations = {
        #  "/" = {
        #    proxyPass = "http://${bensIp}:3099";
        #    proxyWebsockets = true;
        #    extraConfig = ''
        #      proxy_buffering off;
        #      proxy_read_timeout 86400;
        #    '';
        #  };
        #  "/(api/kernels/[^/]+/channels|terminals/websocket)/" = {
        #    proxyPass = "http://${bensIp}:3099";
        #    proxyWebsockets = true;
        #  };
        #};
      };
    };
  };

  # This must contain all of the other domains we host
  security.acme.certs.${rootDomain}.extraDomainNames = [
    "bsima.me" "www.bsima.me" "tv.${rootDomain}"
    "devalloc.io"
    "matrix.${rootDomain}"
    "chat.${rootDomain}"
    "hoogle.${rootDomain}"
    "dandel-rovbur.${rootDomain}"
    "sabten.${rootDomain}"
  ];#
}