diff --git a/server/nginx.nix b/server/nginx.nix index 1b7249e..d32e866 100644 --- a/server/nginx.nix +++ b/server/nginx.nix @@ -1,26 +1,75 @@ -{pkgs, ...}: { +{ pkgs, ... }: { services.nginx = { enable = true; - package = (pkgs.nginx.override { + package = pkgs.nginx.override { modules = with pkgs.nginxModules; [ rtmp ]; - }); + }; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; recommendedProxySettings = true; + virtualHosts = { - "lunamoonlight.xyz" = { + "www.lunamoonlight.xyz" = { enableACME = true; addSSL = true; root = "/var/www/lunalanding"; - }; - }; - }; + }; - # Open HTTP and HTTPs ports + # Nextcloud Proxy + "nextcloud.lunamoonlight.xyz" = { + enableACME = true; + addSSL = true; + locations."/" = { + proxyWebsockets = true; + extraConfig = '' + location /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + location /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + ''; + }; + }; + }; + + appendConfig = '' + rtmp { + server { + listen 1935; + chunk_size 4096; + allow publish all; + application stream { + record off; + live on; + allow play all; + } + } + } + ''; + }; + + # Nextcloud server + services.nextcloud = { + enable = true; + package = pkgs.nextcloud29; + hostName = "nextcloud.lunamoonlight.xyz"; + datadir = "/mnt/nextcloud"; + https = true; + config = { + adminuser = "luna"; + adminpassFile = "/mnt/nextcloud/password.txt"; + }; + settings = { + trusted_proxies = [ "127.0.0.1" ]; + trusted_domains = [ "nextcloud.lunamoonlight.xyz" ]; + overwriteprotocol = "https"; + }; + }; + + # Open HTTP and HTTPS ports networking.firewall = { - allowedTCPPorts = [ - 80 443 - ]; + allowedTCPPorts = [ 80 443 ]; }; }