vcp-bula-nixfiles/hosts/pre-router/nginx.nix

{ config, pkgs, ...}:

{

   networking.interfaces = {
      ens20 = {
        ipv4.addresses = [{
          address = "10.42.123.55";
          prefixLength = 24;
        }];
      };
   };


   networking.firewall.allowedTCPPorts = [ 80 443 ];
   security.acme.acceptTerms = true;
   security.acme.defaults.email = "letsencrypt@entr0py.de";
   services.nginx = {
    enable = true;
    clientMaxBodySize = "400M";
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
   };
   services.nginx.virtualHosts."lightbuffet.entr0py.cloud" = {    # Gitea hostname
    enableACME = true; # Use ACME certs
    forceSSL = true; # Force SSL
    locations."/" = {
      proxyPass = "https://10.42.123.20:8006";
      proxyWebsockets = true;
    };
  };
}