100 lines
2.2 KiB
Nix
100 lines
2.2 KiB
Nix
{ pkgs, ... }: {
|
|
services.nginx = {
|
|
enable = true;
|
|
package = pkgs.nginx.override {
|
|
modules = with pkgs.nginxModules; [ rtmp ];
|
|
};
|
|
recommendedTlsSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedProxySettings = true;
|
|
|
|
virtualHosts = {
|
|
"www.lunamoonlight.xyz" = {
|
|
enableACME = true;
|
|
addSSL = true;
|
|
root = "/var/www/luna";
|
|
};
|
|
|
|
"www.bloxelcom.net" = {
|
|
enableACME = true;
|
|
addSSL = true;
|
|
root = "/var/www/bloxnet";
|
|
};
|
|
|
|
"nextcloud.bloxelcom.net" = {
|
|
enableACME = true;
|
|
addSSL = true;
|
|
proxyPass = "https://bloxelcom.net";
|
|
proxyWebsockets = true;
|
|
};
|
|
|
|
"radio.bloxelcom.net" = {
|
|
enableACME = true;
|
|
addSSL = true;
|
|
proxyPass = "https://bloxelcom.net";
|
|
proxyWebsockets = true;
|
|
};
|
|
|
|
|
|
# Nextcloud Proxy
|
|
"nextcloud.lunamoonlight.xyz" = {
|
|
enableACME = true;
|
|
addSSL = true;
|
|
locations."/" = {
|
|
proxyWebsockets = true;
|
|
extraConfig = ''
|
|
location /.well-known/carddav {
|
|
return 301 $scheme://$host/remote.php/dav;
|
|
}
|
|
location /.well-known/caldav {
|
|
return 301 $scheme://$host/remote.php/dav;
|
|
}
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
|
|
appendConfig = ''
|
|
rtmp {
|
|
server {
|
|
listen 1935;
|
|
chunk_size 4096;
|
|
allow publish all;
|
|
application stream {
|
|
record off;
|
|
live on;
|
|
allow play all;
|
|
}
|
|
}
|
|
}
|
|
'';
|
|
};
|
|
|
|
# Nextcloud server
|
|
services.nextcloud = {
|
|
enable = true;
|
|
package = pkgs.nextcloud29;
|
|
hostName = "nextcloud.lunamoonlight.xyz";
|
|
datadir = "/mnt/nextcloud";
|
|
https = true;
|
|
config = {
|
|
adminuser = "luna";
|
|
adminpassFile = "/mnt/nextcloud/password.txt";
|
|
};
|
|
settings = {
|
|
trusted_proxies = [ "127.0.0.1" ];
|
|
trusted_domains = [
|
|
"nextcloud.lunamoonlight.xyz"
|
|
"www.lunamoonlight.xyz" # Add this line
|
|
];
|
|
overwriteprotocol = "https";
|
|
};
|
|
};
|
|
|
|
# Open HTTP and HTTPS ports
|
|
networking.firewall = {
|
|
allowedTCPPorts = [ 80 443 ];
|
|
};
|
|
}
|