From fbd308509d43d147f13357414f7b6d8fef41a16f Mon Sep 17 00:00:00 2001
From: Jordan Holt <jordan@vimium.com>
Date: Sat, 1 Nov 2025 13:35:31 +0000
Subject: [PATCH] hosts/vps1: use mesh domains for upstreams

---
 hosts/vps1/nginx.nix | 54 ++++++++++++++++++++++++++------------------
 1 file changed, 32 insertions(+), 22 deletions(-)

diff --git a/hosts/vps1/nginx.nix b/hosts/vps1/nginx.nix
index 29ee61c..3576580 100644
--- a/hosts/vps1/nginx.nix
+++ b/hosts/vps1/nginx.nix
@@ -82,14 +82,32 @@ in
         maxSize = "100m";
       };
     };
+    resolver.addresses = [ "100.100.100.100" ];
+    upstreams = {
+      jellyfin.servers = {
+        "library.mesh.vimium.net:8096" = {
+          fail_timeout = "30s";
+        };
+      };
+      open-webui.servers = {
+        "library.mesh.vimium.net:8081" = {
+          fail_timeout = "30s";
+        };
+      };
+      skycam.servers = {
+        "skycam.mesh.vimium.net:1984" = {
+          fail_timeout = "30s";
+        };
+      };
+    };
     virtualHosts = {
-      ## Static sites
+      ## Proxied sites
       "chat.ai.vimium.com" = {
         forceSSL = true;
         enableACME = true;
         extraConfig = nginxErrorPages + nginxEdgeHeaders;
         locations."/" = {
-          proxyPass = "http://localhost:8001";
+          proxyPass = "http://open-webui";
           extraConfig = ''
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Proto $scheme;
@@ -112,24 +130,19 @@ in
       "jellyfin.vimium.com" = {
         forceSSL = true;
         enableACME = true;
-        extraConfig = nginxErrorPages + nginxEdgeHeaders;
+        extraConfig = nginxEdgeHeaders + ''
+          error_page 503 /maintenance.html;
+        '';
+        locations."/maintenance.html" = {
+          root = "/var/www/html";
+          extraConfig = "internal; default_type text/html;";
+        };
         locations."/" = {
-          proxyPass = "http://localhost:8000";
-          extraConfig = ''
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header Host $host;
-
-            proxy_set_header Range $http_range;
-            proxy_set_header If-Range $http_if_range;
-
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection "upgrade";
-          '';
+          return = "503";
         };
       };
+
+      ## Static sites
       "jdholt.com" = {
         forceSSL = true;
         enableACME = true;
@@ -140,11 +153,7 @@ in
         };
         locations."/skycam/snapshot.jpg" = {
           extraConfig = ''
-            set $backend "skycam.mesh.vimium.net:1984";
-
-            resolver 100.100.100.100;
-
-            proxy_pass http://$backend/api/frame.jpeg?src=rpicam;
+            proxy_pass http://skycam/api/frame.jpeg?src=rpicam;
             proxy_cache skycam_cache;
             proxy_cache_valid any 10s;
             proxy_ignore_headers Cache-Control Expires Set-Cookie;
@@ -181,6 +190,7 @@ in
         };
       };
     }
+
     ## Redirects
     // (mkRedirect "h0lt.com" "jdholt.com")
     // (mkRedirect "jordanholt.xyz" "jdholt.com")