{ config, lib, pkgs, inputs, system, ... }: let cfg = config.mods; keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKEio+Y5wBVD1wILaH2R3wV10FvVjiqy/4gGBWHOITTB muon@muon" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKevYmkH7xvYoquBjnYZ7PJiVqf+GOh9fxAJBN6wZGBB gin4@hi.is" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmAOd9VbhyJeibt6Vrb101MNTk5W8+rh94Djv/C+pyu muon@muho" ]; in { # Hardware imports = [./hardware-configuration.nix ../ports.nix]; # System mods.user.name = "muon"; networking.hostName = "mups"; mods.home.file = ./home.nix; # Modules mods.desktop.enable = false; mods.theme.enable = true; mods.theme.scheme = "woodland"; mods.theme.wallpaper = ./wallpaper.png; mods.tailscale.enable = true; mods.unfree.minecraft.enable = false; mods.server.astral.enable = false; mods.server.astral.memory = "3G"; # mods.server.sync.enable = false; # mods.server.sync.address = "100.85.27.29"; # mods.server.sync.port = "8385"; mods.server.headscale.enable = false; mods.server.wireguard.enable = true; mods.server.nginx.enable = true; # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/vda"; boot.initrd.checkJournalingFS = false; services.static-web-server = { enable = true; listen = "[::]:8008"; root = "/var/www"; configuration = {general = {directory-listing = true;};}; }; services.nginx.virtualHosts = { "muon.host" = { enableACME = true; forceSSL = true; default = true; locations."/" = {proxyPass = "http://localhost:8008";}; }; "nvr.muon.host" = { enableACME = true; forceSSL = true; locations."/" = {proxyPass = "http://10.0.0.2:8095";}; }; "tetterodesportcomplex.nl" = { enableACME = true; forceSSL = true; locations."/" = {proxyPass = "http://10.0.0.3:5001";}; }; "www.tetterodesportcomplex.nl" = { enableACME = true; forceSSL = true; locations."/" = {proxyPass = "http://10.0.0.3:5001";}; }; "stream.muon.host" = { forceSSL = true; enableACME = true; locations = { "/" = { proxyPass = "http://10.0.0.3:3013"; }; "/api/" = { proxyPass = "http://10.0.0.3:3014"; extraConfig = #sh '' # CORS headers # add_header Access-Control-Allow-Origin "*" always; # add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; # add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization" always; # add_header Access-Control-Expose-Headers "Content-Length,Content-Range" always; # Handle preflight requests # if ($request_method = 'OPTIONS') { # add_header Access-Control-Allow-Origin "*"; # add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"; # add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization"; # add_header Content-Type text/plain; # add_header Content-Length 0; # return 204; # } ''; }; "/api/stream/" = { proxyPass = "http://10.0.0.3:3014"; extraConfig = #sh '' proxy_set_header Range $http_range; # Streaming optimizations proxy_buffering off; proxy_cache off; proxy_read_timeout 300s; proxy_connect_timeout 30s; proxy_send_timeout 300s; # Allow large file streaming client_max_body_size 0; proxy_max_temp_file_size 0; ''; }; }; }; }; # Enable the OpenSSH daemon. services.openssh.enable = true; users.users.muon.openssh.authorizedKeys.keys = keys; users.users.root.openssh.authorizedKeys.keys = keys; networking.firewall = { enable = true; allowedTCPPorts = [80 8080]; }; system.stateVersion = "24.05"; # Did you read the comment? }