216 lines
6.3 KiB
Nix
216 lines
6.3 KiB
Nix
{ lib, pkgs, config, inputs, ... }: let
|
|
tsHost = name: port: "${name}.hoki-porgy.ts.net:${toString port}";
|
|
flakePackage = flake: inputs.${flake}.packages.${pkgs.system}.default;
|
|
in rec {
|
|
imports = [
|
|
../../templates/proxmox-lxc.nix
|
|
../../server.nix
|
|
../../features/dns-cache.nix
|
|
../../features/nginx.nix
|
|
../../features/telemetry/nginx.nix
|
|
];
|
|
|
|
networking.hostName = "ingress-proxy";
|
|
system.stateVersion = "24.05";
|
|
nixpkgs.hostPlatform = "x86_64-linux";
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
networking.firewall.allowedUDPPorts = [ 80 443 ];
|
|
|
|
services.nginx = {
|
|
package = pkgs.tengine;
|
|
|
|
recommendedBrotliSettings = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedZstdSettings = true;
|
|
recommendedTlsSettings = true;
|
|
recommendedProxySettings = true;
|
|
|
|
clientMaxBodySize = "150m";
|
|
|
|
upstreams = {
|
|
ps2l_saerro.servers."${tsHost "ps2live" 8101}" = {};
|
|
ps2l_aggpop.servers."${tsHost "ps2live" 8201}" = {};
|
|
ps2l_metagame.servers."${tsHost "ps2live" 8301}" = {};
|
|
ps2l_plapkit.servers."${tsHost "ps2live" 8555}" = {};
|
|
pdr.servers."${tsHost "porcelain-doll-repair" 3000}" = {};
|
|
dsi.servers."${tsHost "dis-sociat-ing" 3000}" = {};
|
|
se.servers."${tsHost "sapphic-engineer" 4000}" = {};
|
|
git.servers."${tsHost "git" 3000}" = {};
|
|
staticsites.servers."${tsHost "static-sites" 80}" = {};
|
|
nextcloud.servers."${tsHost "nextcloud" 80}" = {};
|
|
nas0.servers."${tsHost "nas0" 6969}" = {};
|
|
|
|
pushps2.servers."push.planetside2.com:443" = {};
|
|
};
|
|
|
|
proxyCachePath."pdr" = {
|
|
enable = true;
|
|
keysZoneSize = "16m";
|
|
keysZoneName = "pdr";
|
|
inactive = "720m";
|
|
};
|
|
|
|
proxyCachePath."se" = {
|
|
enable = true;
|
|
keysZoneSize = "16m";
|
|
keysZoneName = "se";
|
|
inactive = "720m";
|
|
};
|
|
|
|
virtualHosts = let
|
|
defaultConfig = {
|
|
listen = [
|
|
{ addr = "0.0.0.0"; port = 80; }
|
|
{ addr = "0.0.0.0"; port = 443; ssl = true; }
|
|
{ addr = "[::]"; port = 80; }
|
|
{ addr = "[::]"; port = 443; ssl = true; }
|
|
];
|
|
http2 = true;
|
|
http3 = true;
|
|
forceSSL = lib.mkDefault true;
|
|
enableACME = true;
|
|
};
|
|
|
|
staticSite = {
|
|
locations."/" = {
|
|
proxyPass = "http://staticsites";
|
|
recommendedProxySettings = true;
|
|
};
|
|
} // defaultConfig;
|
|
|
|
ps2live = upstream: {
|
|
locations."/" = {
|
|
proxyPass = "http://ps2l_${upstream}";
|
|
proxyWebsockets = true;
|
|
};
|
|
} // defaultConfig;
|
|
in rec {
|
|
"mekanoe.com" = staticSite;
|
|
"noe.sh" = staticSite;
|
|
"foxxolay.com" = staticSite;
|
|
"kitsu.love" = staticSite;
|
|
"doll.repair" = staticSite;
|
|
|
|
"git.sapphic.engineer" = {
|
|
locations."/" = {
|
|
recommendedProxySettings = true;
|
|
proxyPass = "http://git";
|
|
};
|
|
} // defaultConfig // { forceSSL = false; };
|
|
|
|
"agg.ps2.live" = ps2live "aggpop";
|
|
"saerro.ps2.live" = ps2live "saerro";
|
|
"metagame.ps2.live" = ps2live "metagame";
|
|
"i-pk.noe.sh" = ps2live "plapkit";
|
|
|
|
"proxy.ps2.live" = {
|
|
locations."/" = {
|
|
recommendedProxySettings = true;
|
|
proxyPass = "https://pushps2";
|
|
proxyWebsockets = true;
|
|
};
|
|
extraConfig = ''
|
|
allow 127.0.0.1;
|
|
allow 100.64.0.0/10;
|
|
allow 10.0.0.0/8;
|
|
allow 15.204.161.37;
|
|
allow 108.238.21.159;
|
|
allow 162.197.1.49;
|
|
deny all;
|
|
'';
|
|
} // defaultConfig;
|
|
|
|
"porcelain.doll.repair" = {
|
|
# serverAliases = ["p.doll.repair"]; # Media Proxy
|
|
locations."/" = {
|
|
recommendedProxySettings = true;
|
|
proxyPass = "http://pdr";
|
|
proxyWebsockets = true;
|
|
extraConfig = ''
|
|
proxy_cache pdr;
|
|
proxy_cache_lock on;
|
|
proxy_cache_use_stale updating;
|
|
add_header X-Cache $upstream_cache_status;
|
|
'';
|
|
};
|
|
} // defaultConfig // { forceSSL = false; };
|
|
|
|
"dis.sociat.ing" = {
|
|
# serverAliases = ["p.doll.repair"]; # Media Proxy
|
|
locations."/" = {
|
|
recommendedProxySettings = true;
|
|
proxyPass = "http://dsi";
|
|
proxyWebsockets = true;
|
|
extraConfig = ''
|
|
proxy_cache pdr;
|
|
proxy_cache_lock on;
|
|
proxy_cache_use_stale updating;
|
|
add_header X-Cache $upstream_cache_status;
|
|
'';
|
|
};
|
|
} // defaultConfig;
|
|
|
|
"nc.noe.sh" = {
|
|
locations."/" = {
|
|
recommendedProxySettings = true;
|
|
proxyPass = "http://nextcloud";
|
|
proxyWebsockets = true;
|
|
extraConfig = ''
|
|
proxy_request_buffering off;
|
|
'';
|
|
};
|
|
} // defaultConfig;
|
|
|
|
"kat.cafe" = {
|
|
serverAliases = ["dripping.blood.pet"];
|
|
locations."/" = {
|
|
extraConfig = "return 302 https://noe.sh;";
|
|
};
|
|
locations."/s" = {
|
|
recommendedProxySettings = true;
|
|
proxyPass = "http://nas0";
|
|
};
|
|
} // defaultConfig;
|
|
|
|
"sapphic.engineer" = {
|
|
# serverAliases = ["p.sapphic.engineer"];
|
|
|
|
locations."/" = {
|
|
recommendedProxySettings = true;
|
|
proxyPass = "http://se";
|
|
proxyWebsockets = true;
|
|
extraConfig = ''
|
|
proxy_request_buffering off;
|
|
'';
|
|
};
|
|
|
|
locations."/media/proxy" = services.nginx.virtualHosts."media.sapphic.engineer".locations."/proxy";
|
|
} // defaultConfig // { forceSSL = false; };
|
|
|
|
"media.sapphic.engineer" = rec {
|
|
locations."/proxy" = {
|
|
recommendedProxySettings = true;
|
|
proxyPass = "http://se";
|
|
|
|
extraConfig = ''
|
|
proxy_request_buffering off;
|
|
proxy_cache se;
|
|
slice 1m;
|
|
proxy_cache_key $host$uri$is_args$args$slice_range;
|
|
proxy_set_header Range $slice_range;
|
|
proxy_buffering on;
|
|
proxy_cache_lock on;
|
|
proxy_ignore_client_abort on;
|
|
proxy_cache_valid 200 1y;
|
|
proxy_cache_valid 206 301 304 1h;
|
|
proxy_cache_use_stale error timeout invalid_header updating;
|
|
'';
|
|
};
|
|
locations."/media" = locations."/proxy";
|
|
} // defaultConfig // { forceSSL = false; };
|
|
};
|
|
|
|
};
|
|
|
|
}
|