1 files changed, 57 insertions, 0 deletions

diff --git a/nix/nginx.nix b/nix/nginx.nix
new file mode 100644
index 0000000..d60b884
--- /dev/null
+++ b/nix/nginx.nix
@@ -0,0 +1,57 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+let
+  cfg = config.services.brook;
+in
+{
+  options.services.brook.nginx = {
+    enable = mkEnableOption "brook nginx host handling";
+
+    hostAddr = mkOption {
+      type = types.str;
+      example = "stream.example.com";
+      description = ''
+        Set the virtual host address to use for streaming
+        If nginx is not already enabled, this module will
+        enable it for you.
+      '';
+    };
+
+    acmeHost = mkOption {
+      type = types.str;
+      description = ''
+        An additional host address to use for acme handling.  Not setting
+        this option will disable `useACMEHost` and `forceSSL` for this
+        virtualhost.
+      '';
+    };
+  };
+
+  config = mkIf cfg.nginx.enable {
+    services.nginx.virtualHosts."${cfg.nginx.hostAddr}" = {
+      serverAliases = [ cfg.nginx.acmeHost ];
+      enableACME = false;
+      useACMEHost = cfg.nginx.acmeHost;
+      forceSSL = true;
+
+      locations."/xmpp-bosh" = mkIf cfg.prosody.enable {
+        proxyPass = "https://localhost:${cfg.prosody.port}/http-bind";
+        extraConfig = ''
+          proxy_set_header Host ${cfg.prosody.guest-domain};
+          proxy_set_header X-Forwarded-For ${cfg.prosody.guest-domain};
+          proxy_buffering off;
+          tcp_nodelay on;
+        '';
+      };
+
+      locations."/dash" = {
+        root = "/var/lib";
+      };
+
+      locations."/metrics" = mkIf cfg.metrics.enable {
+        proxyPass = "http://localhost:${cfg.metrics.port}";
+      };
+    };
+  };
+}