2023-07-16 22:17:50 +00:00
|
|
|
{ secret, ... }:
|
2023-04-08 22:37:43 +00:00
|
|
|
|
|
|
|
{
|
|
|
|
services.nginx.streamConfig = ''
|
2023-04-08 22:43:37 +00:00
|
|
|
resolver 1.1.1.1 ipv6=off;
|
|
|
|
|
2023-06-07 18:40:27 +00:00
|
|
|
upstream video {
|
|
|
|
server ${secret.nginx.upstream.video.hostname}:${builtins.toString secret.nginx.upstream.video.upstreamPort};
|
2023-04-09 00:11:14 +00:00
|
|
|
}
|
|
|
|
|
2023-04-08 22:37:43 +00:00
|
|
|
server {
|
2023-06-17 15:40:05 +00:00
|
|
|
listen *:${builtins.toString secret.nginx.upstream.video.externalPort};
|
|
|
|
listen [::]:${builtins.toString secret.nginx.upstream.video.externalPort};
|
|
|
|
|
2023-04-09 00:11:14 +00:00
|
|
|
proxy_protocol on;
|
2023-06-07 18:40:27 +00:00
|
|
|
proxy_pass video;
|
2023-04-08 22:37:43 +00:00
|
|
|
}
|
|
|
|
'';
|
|
|
|
|
2023-06-07 18:40:27 +00:00
|
|
|
services.nginx = {
|
|
|
|
commonHttpConfig = ''
|
|
|
|
resolver 1.1.1.1;
|
|
|
|
'';
|
|
|
|
|
|
|
|
upstreams.dns = {
|
|
|
|
servers = {
|
2023-06-10 18:48:07 +00:00
|
|
|
"${secret.nginx.upstream.dns.primary.hostname}:${builtins.toString secret.nginx.upstream.dns.primary.upstreamPort}" = {
|
|
|
|
fail_timeout = "5s";
|
|
|
|
};
|
|
|
|
|
|
|
|
"${secret.nginx.upstream.dns.secondary.hostname}:${builtins.toString secret.nginx.upstream.dns.secondary.upstreamPort}" = {
|
|
|
|
backup = true;
|
|
|
|
};
|
2023-06-07 18:40:27 +00:00
|
|
|
};
|
2023-06-10 18:48:07 +00:00
|
|
|
|
|
|
|
extraConfig = ''
|
|
|
|
keepalive 8;
|
|
|
|
'';
|
2023-06-07 18:40:27 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
virtualHosts."${secret.nginx.upstream.dns.fqdn}" = {
|
|
|
|
quic = true;
|
|
|
|
http3 = true;
|
|
|
|
|
|
|
|
onlySSL = true;
|
2023-06-21 12:21:40 +00:00
|
|
|
useACMEHost = "daniel.sx";
|
2023-06-07 18:40:27 +00:00
|
|
|
|
|
|
|
locations."/${secret.adguardhome.auth}/dns-query" = {
|
|
|
|
recommendedProxySettings = true;
|
|
|
|
proxyPass = "https://dns";
|
|
|
|
|
|
|
|
extraConfig = ''
|
|
|
|
rewrite ^/${secret.adguardhome.auth}(.*)$ $1 break;
|
|
|
|
|
|
|
|
proxy_hide_header alt-svc;
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2023-06-21 12:21:40 +00:00
|
|
|
networking.firewall.interfaces."enp41s0".allowedTCPPorts = [
|
2023-06-07 18:40:27 +00:00
|
|
|
secret.nginx.upstream.video.externalPort
|
|
|
|
];
|
2023-04-08 22:37:43 +00:00
|
|
|
}
|