From 908508743bfef1e30e6f4dd0562ca4efab9de770 Mon Sep 17 00:00:00 2001
From: Andrea Ciceri <andrea.ciceri@autistici.org>
Date: Thu, 29 May 2025 10:42:13 +0200
Subject: [PATCH] Move Nginx virtual hosts to relative modules

---
 modules/home-assistant/default.nix |  13 ++++
 modules/immich/default.nix         |  12 ++++
 modules/sisko-proxy/default.nix    | 104 +----------------------------
 3 files changed, 27 insertions(+), 102 deletions(-)

diff --git a/modules/home-assistant/default.nix b/modules/home-assistant/default.nix
index 086e8e7..3801ed8 100644
--- a/modules/home-assistant/default.nix
+++ b/modules/home-assistant/default.nix
@@ -163,6 +163,19 @@ in
     config.services.home-assistant.configDir
   ];
 
+  services.nginx.virtualHosts."home.aciceri.dev" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://localhost:${builtins.toString config.services.home-assistant.config.http.server_port}";
+      proxyWebsockets = true;
+    };
+    extraConfig = ''
+      proxy_set_header    Upgrade     $http_upgrade;
+      proxy_set_header    Connection  $connection_upgrade;
+    '';
+  };
+
   # virtualisation.oci-containers = {
   #   backend = "podman";
   #   containers.homeassistant = {
diff --git a/modules/immich/default.nix b/modules/immich/default.nix
index bf93484..505d325 100644
--- a/modules/immich/default.nix
+++ b/modules/immich/default.nix
@@ -22,4 +22,16 @@
     fsType = "ext4";
     options = [ "bind" ];
   };
+
+  services.nginx.virtualHosts."photos.aciceri.dev" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://localhost:${builtins.toString config.services.immich.port}";
+      proxyWebsockets = true;
+    };
+    extraConfig = ''
+      client_max_body_size 50000M;
+    '';
+  };
 }
diff --git a/modules/sisko-proxy/default.nix b/modules/sisko-proxy/default.nix
index 19b32b5..2a79fec 100644
--- a/modules/sisko-proxy/default.nix
+++ b/modules/sisko-proxy/default.nix
@@ -1,105 +1,5 @@
-{ config, ... }:
 {
   imports = [ ../nginx-base ];
-  services.nginx.virtualHosts = {
-    localhost.listen = [ { addr = "127.0.0.1"; } ];
-    "home.aciceri.dev" = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/" = {
-        proxyPass = "http://localhost:${builtins.toString config.services.home-assistant.config.http.server_port}";
-        proxyWebsockets = true;
-      };
-      extraConfig = ''
-        proxy_set_header    Upgrade     $http_upgrade;
-        proxy_set_header    Connection  $connection_upgrade;
-      '';
-    };
-    "home.sisko.aciceri.dev" = {
-      forceSSL = true;
-      useACMEHost = "aciceri.dev";
-      locations."/" = {
-        proxyPass = "http://localhost:${builtins.toString config.services.home-assistant.config.http.server_port}";
-        proxyWebsockets = true;
-      };
-      extraConfig = ''
-        proxy_set_header    Upgrade     $http_upgrade;
-        proxy_set_header    Connection  $connection_upgrade;
-      '';
-    };
-    "photos.aciceri.dev" = {
-      extraConfig = ''
-        client_max_body_size 50000M;
-      '';
-      forceSSL = true;
-      enableACME = true;
-      locations."/" = {
-        proxyPass = "http://localhost:${builtins.toString config.services.immich.port}";
-        proxyWebsockets = true;
-      };
-    };
-    # "${config.services.nextcloud.hostName}" = {
-    #   forceSSL = true;
-    #   enableACME = true;
-    # };
-    # "sevenofnix.aciceri.dev" = {
-    #   forceSSL = true;
-    #   enableACME = true;
-    #   locations."/" = {
-    #     proxyPass = "http://10.1.1.2:${builtins.toString config.services.buildbot-master.port}";
-    #     proxyWebsockets = true;
-    #   };
-    # };
-  };
-
-  # services.oauth2_proxy = {
-  #   enable = true;
-  #   provider = "oidc";
-  #   reverseProxy = true;
-  #   # replaces following options with .keyFile
-
-  #   clientID = "shouldThisBePrivate?";
-  #   clientSecret = "thisShouldBePrivate";
-  #   cookie.secret = "thisShouldBePrivate00000";
-
-  #   email.domains = [ "*" ];
-  #   extraConfig = {
-  #      # custom-sign-in-logo = "${../../lib/mlabs-logo.svg}";
-  #      # scope = "user:email";
-  #      # banner = "MLabs Status";
-  #      # whitelist-domain = ".status.staging.mlabs.city";
-  #     oidc-issuer-url = "http://127.0.0.1:5556/dex";
-  #   };
-  #   # redirectURL = "https://status.staging.mlabs.city/oauth2/callback";
-  #   # keyFile = config.age.secrets.status-oauth2-secrets.path;
-  #   # cookie.domain = ".status.staging.mlabs.city";
-  #   nginx = {
-  #     virtualHosts = [
-  # 	"search.aciceri.dev"
-  #     ];
-  #   };
-  # };
-
-  # services.dex = {
-  #   enable = true;
-  #   settings = {
-  #     issuer = "http://127.0.0.1:5556/dex";
-  #     storage = {
-  # 	type = "postgres";
-  # 	config.host = "/var/run/postgresql";
-  #     };
-  #     web = {
-  # 	http = "127.0.0.1:5556";
-  #     };
-  #     enablePasswordDB = true;
-  #     staticClients = [
-  # 	{
-  # 	  # id = "oidcclient";
-  # 	  # name = "client";
-  # 	  # redirecturis = [ "https://login.aciceri.dev/callback" ];
-  # 	  # secretfile = "/etc/dex/oidcclient"; # the content of `secretfile` will be written into to the config as `secret`.
-  # 	}
-  #     ];
-  #   };
-  # };
+  # TODO this file can be probably deleted now
+  # each module defining a virtualHost should import nginx-base
 }