nixcfg/systems/x86_64-linux/sgx/nginx.nix

{ config
, ...
}:
{
  users.users.nginx.extraGroups = [ "acme" ];
  services.nginx = {
    enable = true;
    clientMaxBodySize = "1000M";
    appendHttpConfig = ''
      log_format vcombined '$host:$server_port '
              '$remote_addr - $remote_user [$time_local] '
              '"$request" $status $body_bytes_sent '
              '"$http_referer" "$http_user_agent"';
      access_log /var/log/nginx/access.log vcombined;
    '';
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    virtualHosts = {
      "openwebui.hoyer.world" = {
        enableACME = false;
        useACMEHost = "internal.hoyer.world";
        forceSSL = true;
        locations."/" = {
          proxyPass = "http://127.0.0.1:${toString config.services.open-webui.port}";
          proxyWebsockets = true;
        };
      };
      "syncthing.hoyer.world" = {
        enableACME = false;
        useACMEHost = "internal.hoyer.world";
        forceSSL = true;
        locations."/" = {
          proxyPass = "http://127.0.0.1:8384";
          recommendedProxySettings = true;
        };
      };
    };
  };
}