l orange.r: add coms service, proxy via neoprism.r

1 files changed, 41 insertions, 0 deletions

diff --git a/lass/2configs/services/coms/proxy.nix b/lass/2configs/services/coms/proxy.nix
new file mode 100644
index 000000000..57e132151
--- /dev/null
+++ b/lass/2configs/services/coms/proxy.nix
@@ -0,0 +1,41 @@
+{ config, lib, pkgs, ... }:
+let
+  tcpports = [
+    4443 # jitsi
+    64738 # murmur
+  ];
+  udpports = [
+    10000 # jitsi
+    64738 # murmur
+  ];
+  target = "orange.r";
+in
+{
+  networking.firewall.allowedTCPPorts = tcpports;
+  networking.firewall.allowedUDPPorts = udpports;
+  services.nginx.streamConfig = ''
+    ${lib.concatMapStringsSep "\n" (port: ''
+      server {
+        listen ${toString port};
+        proxy_pass ${target}:${toString port};
+      }
+    '') tcpports}
+    ${lib.concatMapStringsSep "\n" (port: ''
+      server {
+        listen ${toString port} udp;
+        proxy_pass ${target}:${toString port};
+      }
+    '') udpports}
+  '';
+
+  services.nginx.virtualHosts."jitsi.lassul.us" = {
+    enableACME = true;
+    acmeFallbackHost = "${target}";
+    addSSL = true;
+    locations."/" = {
+      recommendedProxySettings = true;
+      proxyWebsockets = true;
+      proxyPass = "http://${target}";
+    };
+  };
+}