{ pkgs, ... }: let domain = "genebean.me"; in { environment.etc.nginx-littlelinks = { # Info generated via # nurl https://github.com/genebean/littlelink genebean-sometag source = pkgs.fetchFromGitHub { owner = "genebean"; repo = "littlelink"; rev = "genebean-1.0.2"; hash = "sha256-Fr1Qt/YaXNoDI4WHUuI2s852ENte8GjOmJrtEpq/SfY="; }; }; security.acme.certs."${domain}" = { email = "lets-encrypt@technicalissues.us"; inheritDefaults = false; # server = "https://acme-staging-v02.api.letsencrypt.org/directory"; }; services.nginx = { enable = true; recommendedBrotliSettings = true; recommendedGzipSettings = true; recommendedOptimisation = true; #recommendedProxySettings = true; recommendedTlsSettings = true; appendHttpConfig = '' # Add HSTS header with preloading to HTTPS requests. # Adding this header to HTTP requests is discouraged map $scheme $hsts_header { https "max-age=31536000;"; } add_header Strict-Transport-Security $hsts_header; ''; virtualHosts = { "${domain}" = { serverAliases = [ "www.${domain}" ]; default = true; enableACME = true; forceSSL = true; root = "/etc/nginx-littlelinks"; locations = { "/.well-known/lnurlp/genebean" = { return = '' 200 '{"status":"OK","tag":"payRequest","commentAllowed":255,"callback":"https://getalby.com/lnurlp/genebean/callback","metadata":"[[\\"text/identifier\\",\\"genebean@getalby.com\\"],[\\"text/plain\\",\\"Sats for GeneBean\\"]]","minSendable":1000,"maxSendable":10000000000,"payerData":{"name":{"mandatory":false},"email":{"mandatory":false},"pubkey":{"mandatory":false}},"nostrPubkey":"79f00d3f5a19ec806189fcab03c1be4ff81d18ee4f653c88fac41fe03570f432","allowsNostr":true}' ''; extraConfig = '' default_type application/json; source_charset utf-8; charset utf-8; add_header Access-Control-Allow-Origin *; ''; }; "/.well-known/nostr.json" = { return = '' 200 '{"names": {"genebean": "dba168fc95fdbd94b40096f4a6db1a296c0e85c4231bfc9226fca5b7fcc3e5ca"}}' ''; extraConfig = '' default_type application/json; add_header Access-Control-Allow-Origin *; ''; }; "/api/event" = { proxyPass = "https://stats.technicalissues.us/api/event"; extraConfig = '' proxy_http_version 1.1; proxy_set_header Host stats.technicalissues.us; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; ''; }; "/github" = { return = "301 https://github.com/genebean"; }; "/js/script.hash.outbound-links.js" = { proxyPass = "https://stats.technicalissues.us/js/script.hash.outbound-links.js"; extraConfig = '' proxy_http_version 1.1; proxy_set_header Host stats.technicalissues.us; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; ''; }; "/mastodon" = { return = "302 https://fosstodon.org/@genebean"; }; "/nostr" = { return = "302 https://primal.net/p/npub1mwsk3ly4lk7efdqqjm62dkc699kqapwyyvdley3xljjm0lxruh9qzvu46p"; }; "/server_status" = { extraConfig = '' stub_status; allow 127.0.0.1; deny all; ''; }; }; }; # end bare domain }; # end virtualHosts }; # end nginx }