server-conf-1-HP/server/nginx.nix

{ pkgs, ... }: {
  services.nginx = {
    enable = true;
    package = pkgs.nginx.override {
      modules = with pkgs.nginxModules; [ rtmp ];
    };
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;
    recommendedProxySettings = true;

    virtualHosts = {
      "www.lunamoonlight.xyz" = {
        enableACME = true;
        addSSL = true;
        root = "/var/www/luna";
      };

      # Nextcloud Proxy
      "nextcloud.lunamoonlight.xyz" = {
        enableACME = true;
        addSSL = true;
        locations."/" = {
          proxyWebsockets = true;
          extraConfig = ''
            location /.well-known/carddav {
              return 301 $scheme://$host/remote.php/dav;
            }
            location /.well-known/caldav {
              return 301 $scheme://$host/remote.php/dav;
            }
          '';
        };
      };
    };

    appendConfig = ''
      rtmp {
        server {
          listen 1935;
          chunk_size 4096;
          allow publish all;
          application stream {
            record off;
            live on;
            allow play all;
          }
        }
      }
    '';
  };

  # Nextcloud server
  services.nextcloud = {
    enable = true;
    package = pkgs.nextcloud29;
    hostName = "nextcloud.lunamoonlight.xyz";
    datadir = "/mnt/nextcloud";
    https = true;
    config = {
      adminuser = "luna";
      adminpassFile = "/mnt/nextcloud/password.txt";
    };
    settings = {
      trusted_proxies = [ "127.0.0.1" ];
      trusted_domains = [ "nextcloud.lunamoonlight.xyz" ];
      overwriteprotocol = "https";
    };
  };

  # Open HTTP and HTTPS ports
  networking.firewall = {
    allowedTCPPorts = [ 80 443 ];
  };
}