Setup virtualhosts back by mini-watcher

modules/hosts/nixos/nixnuc/containers/nginx-proxy.nix

@@ -4,6 +4,8 @@
   gandi_api = "${config.sops.secrets.gandi_api.path}";
   #gandi_dns_pat = "${config.sops.secrets.gandi_dns_pat.path}";
   home_domain = "home.technicalissues.us";
+  backend_ip = "192.168.20.190";
+  mini_watcher = "192.168.23.20";
 in {
   sops.secrets.gandi_api = {
     sopsFile = ../../../../system/common/secrets.yaml;
@@ -57,9 +59,18 @@ in {
         recommendedOptimisation = true;
         recommendedProxySettings = true;
         recommendedTlsSettings = true;
+        appendHttpConfig = ''
+          # Add HSTS header with preloading to HTTPS requests.
+          # Adding this header to HTTP requests is discouraged
+          map $scheme $hsts_header {
+              https   "max-age=31536000 always;";
+          }
+          add_header Strict-Transport-Security $hsts_header;
+        '';
 
         virtualHosts = {
-          "nix-tester.${home_domain}" = {
+          "${home_domain}" = {
+            serverAliases = [ "nix-tester.${home_domain}" ];
             default = true;
             listen = [
               { port = http_port; addr = "0.0.0.0"; }
@@ -69,6 +80,69 @@ in {
             acmeRoot = null;
             addSSL = true;
             forceSSL = false;
+            locations."/" = {
+              return = "200 '<h1>Hello world ;)</h1>'";
+              extraConfig = ''
+                add_header Content-Type text/html;
+              '';
+            };
+          };
+          "ab.${home_domain}" = {
+            listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
+            enableACME = true;
+            acmeRoot = null;
+            forceSSL = true;
+            locations."/".proxyWebsockets = true;
+            locations."/".proxyPass = "http://${mini_watcher}:13378";
+          };
+          "atuin.${home_domain}" = {
+            listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
+            enableACME = true;
+            acmeRoot = null;
+            forceSSL = true;
+            locations."/".proxyPass = "http://${mini_watcher}:9999";
+          };
+          "nc.${home_domain}" = {
+            listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
+            enableACME = true;
+            acmeRoot = null;
+            forceSSL = true;
+            extraConfig = ''
+              client_max_body_size 0;
+              underscores_in_headers on;
+            '';
+            locations."/".proxyWebsockets = true;
+            locations."/".proxyPass = "http://${mini_watcher}:8081";
+            locations."/".extraConfig = ''
+              # these are added per https://www.nicemicro.com/tutorials/debian-snap-nextcloud.html
+              add_header Front-End-Https on;
+              proxy_headers_hash_max_size 512;
+              proxy_headers_hash_bucket_size 64;
+              proxy_buffering off;
+              proxy_max_temp_file_size 0;
+            '';
+          };
+          "onlyoffice.${home_domain}" = {
+            listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
+            enableACME = true;
+            acmeRoot = null;
+            forceSSL = true;
+            locations."/".proxyWebsockets = true;
+            locations."/".proxyPass = "http://${mini_watcher}:8888";
+          };
+          "readit.${home_domain}" = {
+            listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
+            enableACME = true;
+            acmeRoot = null;
+            forceSSL = true;
+            locations."/".proxyPass = "http://${mini_watcher}:8090";
+          };
+          "tandoor.${home_domain}" = {
+            listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
+            enableACME = true;
+            acmeRoot = null;
+            forceSSL = true;
+            locations."/".proxyPass = "http://${mini_watcher}:8080";
           };
         };
       };