{ pkgs, ... }: { security.acme = { acceptTerms = true; defaults = { email = "jade@schrottkatze.de"; webroot = "/var/lib/acme/acme-challenge"; }; certs = { "meet.katzen.cafe" = { group = "nginx"; keyType = "rsa4096"; }; "forge.katzen.cafe" = { group = "nginx"; keyType = "rsa4096"; }; "wiki.phtanum-b.katzen.cafe" = { group = "nginx"; keyType = "rsa4096"; }; "auth.katzen.cafe" = { group = "nginx"; keyType = "rsa4096"; }; "design.katzen.cafe" = { group = "nginx"; keyType = "rsa4096"; }; "ck.katzen.cafe" = { group = "nginx"; keyType = "rsa4096"; }; "mumble.katzen.cafe" = { group = "murmur"; keyType = "rsa4096"; }; }; }; services.nginx = { enable = true; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedTlsSettings = true; recommendedProxySettings = true; virtualHosts = { "ck.katzen.cafe" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://127.0.0.1:3000"; proxyWebsockets = true; extraConfig = '' client_max_body_size 8M; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; ''; }; }; "forge.katzen.cafe" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://127.0.0.1:8082"; }; }; "auth.katzen.cafe" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://127.0.0.1:8080"; extraConfig = '' proxy_buffers 4 256k; proxy_buffer_size 128k; proxy_busy_buffers_size 256k; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_protocol_addr; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ''; }; #extraConfig = '' #''; }; "design.katzen.cafe" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://127.0.0.1:9001"; proxyWebsockets = true; }; }; "wiki.phtanum-b.katzen.cafe" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://127.0.0.2:8081"; }; }; }; }; }