diff options
Diffstat (limited to 'nix/nginx.nix')
-rw-r--r-- | nix/nginx.nix | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/nix/nginx.nix b/nix/nginx.nix new file mode 100644 index 0000000..d60b884 --- /dev/null +++ b/nix/nginx.nix @@ -0,0 +1,57 @@ +{ lib, config, pkgs, ... }: + +with lib; +let + cfg = config.services.brook; +in +{ + options.services.brook.nginx = { + enable = mkEnableOption "brook nginx host handling"; + + hostAddr = mkOption { + type = types.str; + example = "stream.example.com"; + description = '' + Set the virtual host address to use for streaming + If nginx is not already enabled, this module will + enable it for you. + ''; + }; + + acmeHost = mkOption { + type = types.str; + description = '' + An additional host address to use for acme handling. Not setting + this option will disable `useACMEHost` and `forceSSL` for this + virtualhost. + ''; + }; + }; + + config = mkIf cfg.nginx.enable { + services.nginx.virtualHosts."${cfg.nginx.hostAddr}" = { + serverAliases = [ cfg.nginx.acmeHost ]; + enableACME = false; + useACMEHost = cfg.nginx.acmeHost; + forceSSL = true; + + locations."/xmpp-bosh" = mkIf cfg.prosody.enable { + proxyPass = "https://localhost:${cfg.prosody.port}/http-bind"; + extraConfig = '' + proxy_set_header Host ${cfg.prosody.guest-domain}; + proxy_set_header X-Forwarded-For ${cfg.prosody.guest-domain}; + proxy_buffering off; + tcp_nodelay on; + ''; + }; + + locations."/dash" = { + root = "/var/lib"; + }; + + locations."/metrics" = mkIf cfg.metrics.enable { + proxyPass = "http://localhost:${cfg.metrics.port}"; + }; + }; + }; +} |