dotfiles/system/nixos/home-proxy.nix

{ secret, ... }:

{
  services.nginx.streamConfig = ''
    resolver 1.1.1.1 ipv6=off;

    upstream video {
      server ${secret.nginx.upstream.video.hostname}:${builtins.toString secret.nginx.upstream.video.upstreamPort};
    }

    server {
      listen *:${builtins.toString secret.nginx.upstream.video.externalPort} fastopen=63 backlog=1023;
      listen [::]:${builtins.toString secret.nginx.upstream.video.externalPort} fastopen=63 backlog=1023;

      proxy_protocol on;
      proxy_pass video;
    }
  '';

  services.nginx = {
    commonHttpConfig = ''
      resolver 1.1.1.1;
    '';

    upstreams.dns = {
      servers = {
        "${secret.nginx.upstream.dns.primary.hostname}:${builtins.toString secret.nginx.upstream.dns.primary.upstreamPort}" = {
          fail_timeout = "2s";
        };

        "${secret.nginx.upstream.dns.secondary.hostname}:${builtins.toString secret.nginx.upstream.dns.secondary.upstreamPort}" = {
          backup = true;
        };
      };

      extraConfig = ''
        keepalive 8;
      '';
    };

    virtualHosts."${secret.nginx.upstream.dns.fqdn}" = {
      quic = true;
      http3 = true;

      onlySSL = true;
      useACMEHost = "daniel.sx";

      locations."/${secret.adguardhome.auth}/dns-query" = {
        recommendedProxySettings = true;
        proxyPass = "https://dns";

        extraConfig = ''
          rewrite ^/${secret.adguardhome.auth}(.*)$ $1 break;

          proxy_hide_header alt-svc;
        '';
      };
    };
  };

  networking.firewall.interfaces."enp41s0".allowedTCPPorts = [
    secret.nginx.upstream.video.externalPort
  ];
}
Introduce pre-commit-hooks.nix 2023-07-17 00:17:50 +02:00			`{ secret, ... }:`
wip: home proxy 2023-04-09 00:37:43 +02:00
			`{`
			`services.nginx.streamConfig = ''`
fixup 2023-04-09 00:43:37 +02:00			`resolver 1.1.1.1 ipv6=off;`

argon: init system 2023-06-07 20:40:27 +02:00			`upstream video {`
			`server ${secret.nginx.upstream.video.hostname}:${builtins.toString secret.nginx.upstream.video.upstreamPort};`
fixup 2023-04-09 02:11:14 +02:00			`}`

wip: home proxy 2023-04-09 00:37:43 +02:00			`server {`
Update deps 2023-09-04 12:45:06 +02:00			`listen *:${builtins.toString secret.nginx.upstream.video.externalPort} fastopen=63 backlog=1023;`
			`listen [::]:${builtins.toString secret.nginx.upstream.video.externalPort} fastopen=63 backlog=1023;`
Updates 2023-06-17 17:40:05 +02:00
fixup 2023-04-09 02:11:14 +02:00			`proxy_protocol on;`
argon: init system 2023-06-07 20:40:27 +02:00			`proxy_pass video;`
wip: home proxy 2023-04-09 00:37:43 +02:00			`}`
			`'';`

argon: init system 2023-06-07 20:40:27 +02:00			`services.nginx = {`
			`commonHttpConfig = ''`
			`resolver 1.1.1.1;`
			`'';`

			`upstreams.dns = {`
			`servers = {`
Updates 2023-06-10 20:48:07 +02:00			`"${secret.nginx.upstream.dns.primary.hostname}:${builtins.toString secret.nginx.upstream.dns.primary.upstreamPort}" = {`
home-proxy: Decrease timeout 2023-09-25 21:03:39 +02:00			`fail_timeout = "2s";`
Updates 2023-06-10 20:48:07 +02:00			`};`

			`"${secret.nginx.upstream.dns.secondary.hostname}:${builtins.toString secret.nginx.upstream.dns.secondary.upstreamPort}" = {`
			`backup = true;`
			`};`
argon: init system 2023-06-07 20:40:27 +02:00			`};`
Updates 2023-06-10 20:48:07 +02:00
			`extraConfig = ''`
			`keepalive 8;`
			`'';`
argon: init system 2023-06-07 20:40:27 +02:00			`};`

			`virtualHosts."${secret.nginx.upstream.dns.fqdn}" = {`
			`quic = true;`
			`http3 = true;`

			`onlySSL = true;`
tanker: init system and consolidate attic and sail 2023-06-21 14:21:40 +02:00			`useACMEHost = "daniel.sx";`
argon: init system 2023-06-07 20:40:27 +02:00
			`locations."/${secret.adguardhome.auth}/dns-query" = {`
			`recommendedProxySettings = true;`
			`proxyPass = "https://dns";`

			`extraConfig = ''`
			`rewrite ^/${secret.adguardhome.auth}(.*)$ $1 break;`

			`proxy_hide_header alt-svc;`
			`'';`
			`};`
			`};`
			`};`

tanker: init system and consolidate attic and sail 2023-06-21 14:21:40 +02:00			`networking.firewall.interfaces."enp41s0".allowedTCPPorts = [`
argon: init system 2023-06-07 20:40:27 +02:00			`secret.nginx.upstream.video.externalPort`
			`];`
wip: home proxy 2023-04-09 00:37:43 +02:00			`}`