nixos-configs/nixosConfigurations/hetzner-vpn2/nginx.nix

{ pkgs, ... }:
let
  blog-domain-socket = "/run/nginx/blog.sock";
  anubis-domain-socket = "/run/anubis/anubis-main/anubis.sock";
  anubis-metrics-socket = "/run/anubis/anubis-main/anubis-metrics.sock";
in
{
  security.acme = {
    acceptTerms = true;
    defaults.email = "acme@zerforschen.plus";
  };

  systemd.services = {
    nginx.serviceConfig.SupplementaryGroups = [ "anubis" ];
    anubis-main.serviceConfig.SupplementaryGroups = [ "nginx" ];
  };

  services = {
    nginx = {
      enable = true;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
      recommendedGzipSettings = true;
      recommendedOptimisation = true;

      virtualHosts = {
        "zerforschen.plus" = {
          addSSL = true;
          enableACME = true;
          locations = {
            "/_metrics".proxyPass = "http://unix:" + anubis-metrics-socket + ":/metrics";
            "/".proxyPass = "http://unix:" + anubis-domain-socket;
          };
        };

        "blog-in-anubis" = {
          root = pkgs.zerforschen-plus-content;
          listen = [
            {
              addr = "unix:" + blog-domain-socket;
            }
          ];
        };
      };
    };

    anubis.instances.main = {
      enable = true;
      settings = {
        BIND = anubis-domain-socket;
        TARGET = "unix://" + blog-domain-socket;
        METRICS_BIND = anubis-metrics-socket;
      };
    };
  };

  networking.firewall.allowedTCPPorts = [
    80
    443
    5201
  ];
}
remove inputs from specialArgs 2025-09-13 15:10:42 +02:00			`{ pkgs, ... }:`
anubis for blog 2025-09-06 20:34:58 +02:00			`let`
			`blog-domain-socket = "/run/nginx/blog.sock";`
anubis: rename instance 2025-12-08 21:17:58 +01:00			`anubis-domain-socket = "/run/anubis/anubis-main/anubis.sock";`
			`anubis-metrics-socket = "/run/anubis/anubis-main/anubis-metrics.sock";`
anubis for blog 2025-09-06 20:34:58 +02:00			`in`
wip add hetzner-vpn2 2024-12-01 12:06:11 +01:00			`{`
			`security.acme = {`
			`acceptTerms = true;`
			`defaults.email = "acme@zerforschen.plus";`
			`};`

anubis for blog 2025-09-06 20:34:58 +02:00			`systemd.services = {`
clean up nginx config 2025-09-15 20:28:15 +02:00			`nginx.serviceConfig.SupplementaryGroups = [ "anubis" ];`
			`anubis-main.serviceConfig.SupplementaryGroups = [ "nginx" ];`
wip add hetzner-vpn2 2024-12-01 12:06:11 +01:00			`};`

fix brackets 2025-09-06 20:43:21 +02:00			`services = {`
			`nginx = {`
			`enable = true;`
			`recommendedProxySettings = true;`
			`recommendedTlsSettings = true;`
			`recommendedGzipSettings = true;`
			`recommendedOptimisation = true;`
wip add hetzner-vpn2 2024-12-01 12:06:11 +01:00
clean up nginx config 2025-09-15 20:28:15 +02:00			`virtualHosts = {`
			`"zerforschen.plus" = {`
			`addSSL = true;`
			`enableACME = true;`
anubis: export metrics 2025-12-08 21:01:59 +01:00			`locations = {`
anubis: fix metrics 2025-12-08 21:37:57 +01:00			`"/_metrics".proxyPass = "http://unix:" + anubis-metrics-socket + ":/metrics";`
anubis: export metrics 2025-12-08 21:01:59 +01:00			`"/".proxyPass = "http://unix:" + anubis-domain-socket;`
anubis for blog 2025-09-06 20:34:58 +02:00			`};`
clean up nginx config 2025-09-15 20:28:15 +02:00			`};`
anubis for blog 2025-09-06 20:34:58 +02:00
clean up nginx config 2025-09-15 20:28:15 +02:00			`"blog-in-anubis" = {`
			`root = pkgs.zerforschen-plus-content;`
			`listen = [`
			`{`
			`addr = "unix:" + blog-domain-socket;`
			`}`
			`];`
add website to vpn2 2025-04-07 19:52:23 +02:00			`};`
clean up nginx config 2025-09-15 20:28:15 +02:00			`};`
fix brackets 2025-09-06 20:43:21 +02:00			`};`
wip add hetzner-vpn2 2024-12-01 12:06:11 +01:00
anubis: rename instance 2025-12-08 21:17:58 +01:00			`anubis.instances.main = {`
remove inputs from specialArgs 2025-09-13 15:10:42 +02:00			`enable = true;`
			`settings = {`
			`BIND = anubis-domain-socket;`
			`TARGET = "unix://" + blog-domain-socket;`
anubis: export metrics 2025-12-08 21:01:59 +01:00			`METRICS_BIND = anubis-metrics-socket;`
anubis for blog 2025-09-06 20:34:58 +02:00			`};`
			`};`
			`};`
fix brackets 2025-09-06 20:43:21 +02:00
			`networking.firewall.allowedTCPPorts = [`
			`80`
			`443`
			`5201`
			`];`
wip add hetzner-vpn2 2024-12-01 12:06:11 +01:00			`}`