{ pkgs, ... }: { services.nginx = { enable = true; package = pkgs.nginx.override { modules = with pkgs.nginxModules; [ rtmp ]; }; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; recommendedProxySettings = true; virtualHosts = { "www.lunamoonlight.xyz" = { enableACME = true; addSSL = true; root = "/var/www/luna"; }; # Nextcloud Proxy "nextcloud.lunamoonlight.xyz" = { enableACME = true; addSSL = true; locations."/" = { proxyWebsockets = true; extraConfig = '' location /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } ''; }; }; }; appendConfig = '' rtmp { server { listen 1935; chunk_size 4096; allow publish all; application stream { record off; live on; allow play all; } } } ''; }; # Nextcloud server services.nextcloud = { enable = true; package = pkgs.nextcloud29; hostName = "nextcloud.lunamoonlight.xyz"; datadir = "/mnt/nextcloud"; https = true; config = { adminuser = "luna"; adminpassFile = "/mnt/nextcloud/password.txt"; }; settings = { trusted_proxies = [ "127.0.0.1" ]; trusted_domains = [ "nextcloud.lunamoonlight.xyz" ]; overwriteprotocol = "https"; }; }; # Open HTTP and HTTPS ports networking.firewall = { allowedTCPPorts = [ 80 443 ]; }; }