{ lib, config, ... }: { security.acme = { acceptTerms = true; defaults.email = "personal+letsencrypt@peprolinbot.com"; }; networking.firewall.allowedTCPPorts = [80 443]; services.nginx = { enable = true; # Use recommended settings recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts = let base = locations: { inherit locations; forceSSL = true; enableACME = true; }; proxy = { port, websockets ? false, }: (base { "/" = { proxyPass = "http://[::1]:" + toString port + "/"; proxyWebsockets = websockets; }; }) // { extraConfig = lib.mkIf websockets '' proxy_buffering off; ''; }; proxySimple = port: proxy {inherit port;}; proxyWebsockets = port: proxy { inherit port; websockets = true; }; in { "ha.campares.duckdns.org" = proxyWebsockets config.services.home-assistant.config.http.server_port; "wg.campares.duckdns.org" = proxySimple config.services.wg-access-server.settings.port; }; }; }