From 87f974172e7df301b1c7db17760d62bdb23d752f Mon Sep 17 00:00:00 2001
From: Jordan Holt <jordan@vimium.com>
Date: Sun, 11 Jun 2023 00:07:40 +0100
Subject: [PATCH] Add reverse proxy on library

---
 hosts/library/default.nix | 64 ++++++++++++++++++++++++++++++++++++++-
 1 file changed, 63 insertions(+), 1 deletion(-)

diff --git a/hosts/library/default.nix b/hosts/library/default.nix
index c439fe1..464951c 100644
--- a/hosts/library/default.nix
+++ b/hosts/library/default.nix
@@ -67,9 +67,11 @@ with lib.my;
           -o ServerAliveInterval=60 \
           -o TCPKeepAlive=no \
           -i %h/.ssh/id_jellyfin \
-          -R localhost:8096:localhost:8096 \
           -R localhost:3579:localhost:3579 \
           -R localhost:7878:localhost:7878 \
+          -R localhost:8000:localhost:8000 \
+          -R localhost:8096:localhost:8096 \
+          -R localhost:8686:localhost:8686 \
           -R localhost:8989:localhost:8989 \
           jellyfin@vps1.mesh.vimium.net
       '';
@@ -78,6 +80,66 @@ with lib.my;
     wantedBy = [ "default.target" ];
   };
 
+  services.nginx = let
+    proxyConfig = ''
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header Host $host;
+
+      proxy_set_header Range $http_range;
+      proxy_set_header If-Range $http_if_range;
+
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection "upgrade";
+    '';
+  in {
+    enable = true;
+    package = pkgs.openresty;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedTlsSettings = true;
+    clientMaxBodySize = "2G";
+    virtualHosts = {
+      "jellyfin.vimium.com" = {
+        default = true;
+        listen = {
+          addr = "127.0.0.1";
+          port = 8000;
+        };
+        locations."/" = {
+          proxyPass = "http://localhost:8096";
+          extraConfig = proxyConfig;
+        };
+        locations."/downloads" = {
+          proxyPass = "http://localhost:8080";
+          extraConfig = proxyConfig;
+        };
+        locations."/lidarr" = {
+          proxyPass = "http://localhost:8686";
+          extraConfig = proxyConfig;
+        };
+        locations."/prowlarr" = {
+          proxyPass = "http://localhost:9696";
+          extraConfig = proxyConfig;
+        };
+        locations."/radarr" = {
+          proxyPass = "http://localhost:7878";
+          extraConfig = proxyConfig;
+        };
+        locations."/requests" = {
+          proxyPass = "http://localhost:3579";
+          extraConfig = proxyConfig;
+        };
+        locations."/sonarr" = {
+          proxyPass = "http://localhost:8989";
+          extraConfig = proxyConfig;
+        };
+      };
+    };
+  };
+
   virtualisation.podman = {
     enable = true;
     defaultNetwork.settings.dns_enabled = true;