dotfiles/system/nixos/home-proxy.nix

65 lines
1.6 KiB
Nix
Raw Normal View History

2023-07-16 22:17:50 +00:00
{ secret, ... }:
2023-04-08 22:37:43 +00:00
{
services.nginx.streamConfig = ''
2023-04-08 22:43:37 +00:00
resolver 1.1.1.1 ipv6=off;
2023-06-07 18:40:27 +00:00
upstream video {
server ${secret.nginx.upstream.video.hostname}:${builtins.toString secret.nginx.upstream.video.upstreamPort};
2023-04-09 00:11:14 +00:00
}
2023-04-08 22:37:43 +00:00
server {
2023-09-04 10:45:06 +00:00
listen *:${builtins.toString secret.nginx.upstream.video.externalPort} fastopen=63 backlog=1023;
listen [::]:${builtins.toString secret.nginx.upstream.video.externalPort} fastopen=63 backlog=1023;
2023-06-17 15:40:05 +00:00
2023-04-09 00:11:14 +00:00
proxy_protocol on;
2023-06-07 18:40:27 +00:00
proxy_pass video;
2023-04-08 22:37:43 +00:00
}
'';
2023-06-07 18:40:27 +00:00
services.nginx = {
commonHttpConfig = ''
resolver 1.1.1.1;
'';
upstreams.dns = {
servers = {
2023-06-10 18:48:07 +00:00
"${secret.nginx.upstream.dns.primary.hostname}:${builtins.toString secret.nginx.upstream.dns.primary.upstreamPort}" = {
2023-09-25 19:03:39 +00:00
fail_timeout = "2s";
2023-06-10 18:48:07 +00:00
};
"${secret.nginx.upstream.dns.secondary.hostname}:${builtins.toString secret.nginx.upstream.dns.secondary.upstreamPort}" = {
backup = true;
};
2023-06-07 18:40:27 +00:00
};
2023-06-10 18:48:07 +00:00
extraConfig = ''
keepalive 8;
'';
2023-06-07 18:40:27 +00:00
};
virtualHosts."${secret.nginx.upstream.dns.fqdn}" = {
quic = true;
http3 = true;
onlySSL = true;
useACMEHost = "daniel.sx";
2023-06-07 18:40:27 +00:00
locations."/${secret.adguardhome.auth}/dns-query" = {
recommendedProxySettings = true;
proxyPass = "https://dns";
extraConfig = ''
rewrite ^/${secret.adguardhome.auth}(.*)$ $1 break;
proxy_hide_header alt-svc;
'';
};
};
};
networking.firewall.interfaces."enp41s0".allowedTCPPorts = [
2023-06-07 18:40:27 +00:00
secret.nginx.upstream.video.externalPort
];
2023-04-08 22:37:43 +00:00
}