{ common, ... }: let domain = common.domain; proxyTo = address: port: { enableACME = true; forceSSL = true; locations."/".proxyPass = "${address}:${builtins.toString port}"; }; proxyLocations = locations: { enableACME = true; forceSSL = true; inherit locations; }; homelab = "http://${common.localIpAddr 231}"; homelabProxy = proxyTo homelab; # TODO get homelab local ip from systems redirect = subdomain: { enableACME = true; forceSSL = true; globalRedirect = if subdomain == "" then domain else "${subdomain}.${domain}"; }; in { services.nginx = { enable = true; recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts = { # Beta is currently stable "beta.${domain}" = redirect ""; "git.${domain}" = redirect "code"; "kitchenowl.${domain}" = redirect "grocery"; # Gitea "code.${domain}" = homelabProxy 3000; # Nextcloud "nextcloud.${domain}" = proxyLocations { "/".proxyPass = "${homelab}:11000"; "/.well-known/carddav".return = "301 /remote.php/dav"; "/.well-known/caldav".return = "301 /remote.php/dav"; }; # Kitchenowl "grocery.${domain}" = homelabProxy 800; # Actual budget "budget.${domain}" = homelabProxy 5006; # Uptime Kuma "status.${domain}" = homelabProxy 3001; # Headscale "vpn.${domain}" = proxyLocations { "/web".proxyPass = "${homelab}:8084"; "/".proxyPass = "${homelab}:8082"; }; # Headscale SmartDNS "dns.${domain}" = homelabProxy 8082; # FreshRSS "rss.${domain}" = homelabProxy 8085; # Ente backend "api.ente.${domain}" = homelabProxy 8083; # Ente Photos frontend "ente.${domain}" = homelabProxy 3003; # Ente Auth frontend "mfa.${domain}" = homelabProxy 3004; # Homepage / portfolio "${domain}" = homelabProxy 4321; # Yamtrack "track.${domain}" = homelabProxy 8090; # Donetick "chore.${domain}" = homelabProxy 2021; }; }; security.acme = { acceptTerms = true; defaults.email = "acme@${domain}"; }; }