{ inputs, config, pkgs, ... }: { security.acme = { acceptTerms = true; defaults.email = "jade@schrottkatze.de"; certs = { "schrottkatze.de" = { group = "nginx"; keyType = "rsa2048"; }; "vw.schrottkatze.de" = { group = "nginx"; keyType = "rsa2048"; }; "wolke.schrottkatze.de" = { group = "nginx"; keyType = "rsa2047"; }; "s10e.de" = { group = "nginx"; keyType = "rsa2048"; }; "synapse.schrottkatze.de" = { group = "nginx"; keyType = "rsa2048"; } }; }; environment.systemPackages = [ inputs.meowsite.packages."x86_64-linux".default ]; services.nginx = { enable = true; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts = { "schrottkatze.de" = { forceSSL = true; enableACME = true; root = "${inputs.meowsite.packages."x86_64-linux".default}"; }; "vw.schrottkatze.de" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://localhost:8812"; #changed the default rocket port due to some conflict proxyWebsockets = true; }; locations."/notifications/hub" = { proxyPass = "http://localhost:3012"; proxyWebsockets = true; }; locations."/notifications/hub/negotiate" = { proxyPass = "http://localhost:8812"; proxyWebsockets = true; }; }; "wolke.schrottkatze.de" = { forceSSL = true; enableACME = true; }; "s10e.de" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://127.0.0.1:8080$request_uri"; }; }; "synapse.schrottkatze.de" = { forceSSL = true; enableACME = true; http2 = true; listen = [ { port = 443; ssl = true; } { port = 8448; ssl = true; } ]; locations."~ ^(/_matrix|/_synapse/client)" { proxyPass = "http://localhost:8008"; extraConfig = [ "proxy_pass http://localhost:8008;" "proxy_set_header X-Forwarded-For $remote_addr;" "proxy_set_header X-Forwarded-Proto $scheme;" "proxy_set_header Host $host;" "client_max_body_size 2G;" ]; }; extraConfig = [ "proxy_http_version 1.1;" ]; }; }; }; }