{ pkgs, ... }: { security.acme = { acceptTerms = true; defaults.email = "admin+acme@heartles.xyz"; certs."ANY.dev.egirls.gay" = { domain = "*.dev.egirls.gay"; dnsProvider = "namecheap"; credentialsFile = "/etc/nixos-secrets/namecheap-acme"; group = "nginx"; }; }; services.nginx = { enable = true; recommendedProxySettings = true; virtualHosts = let mkHost = upstream: { listen = [ { port = 443; addr = "0.0.0.0"; ssl = true; } { port = 80; addr = "0.0.0.0"; } ]; useACMEHost = "ANY.dev.egirls.gay"; forceSSL = true; locations."/" = { proxyWebsockets = true; proxyPass = upstream; }; }; in { "masto1.dev.egirls.gay" = { listen = [ { port = 443; addr = "0.0.0.0"; ssl = true; } { port = 80; addr = "0.0.0.0"; } ]; useACMEHost = "ANY.dev.egirls.gay"; forceSSL = true; locations."/" = { proxyWebsockets = true; proxyPass = "http://172.16.128.1"; }; }; "eg.dev.egirls.gay" = mkHost "http://127.0.0.1:3000"; "goto.dev.egirls.gay" = mkHost "http://127.0.0.1:8080"; }; }; networking.nat = { enable = true; internalInterfaces = [ "ve-+" ]; externalInterface = "wlp0s20f3"; enableIPv6 = true; }; networking.hosts = { "127.0.0.1" = [ "masto1.dev.egirls.gay" "eg.dev.egirls.gay" "goto.dev.egirls.gay" ]; #"5.78.100.40" = [ "jellyfin.home.heartles.xyz" ]; }; networking.firewall.allowedTCPPortRanges = [{ from = 55000; to = 55100; }]; }