nixosConfigurations/manwe/webserver.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

{
  inputs,
  lib,
  pkgs,
  ...
}:
with lib; {
  nixfiles.modules.nginx = {
    enable = true;
    virtualHosts = with my.domain;
      {
        # TODO Use a Self-signed certificate.
        # TODO Allow overriding config.json, possibly via NGINX itself.
        "start.local" = {
          root = pkgs.hiccup;
          locations."/".tryFiles = "$uri $uri/ /index.html";
          enableACME = false;
          forceSSL = false;
        };
        ${shire}.locations."/".return = "301 https://www.youtube.com/watch?v=dQw4w9WgXcQ";
        "git.${shire}".locations."/".return = "301 https://git.${azahi}";
        "bitwarden.${shire}".locations."/".return = "301 https://vaultwarden.${shire}";
        ${azahi} = {
          serverAliases = ["frodo.${gondor}" "frodo.${rohan}"];
          locations."/" = {
            root = inputs.azahi-cc;
            extraConfig = ''
              sub_filter '</head>'
                  '<script defer data-domain="${azahi}" src="https://plausible.shire.net/js/script.js"></script></head>';
              sub_filter_once on;
            '';
          };
        };
      }
      // (let
        frodo = "301 https://frodo.";
      in {
        ${gondor}.locations."/".return = concatStrings [frodo gondor];
        ${rohan}.locations."/".return = concatStrings [frodo rohan];
      });
  };
}