{ config, lib, pkgs, ... }: let port = 8888; services = { "media" = config.krops.secrets.media-proxy-auth.path; "scan" = config.krops.secrets.media-proxy-auth.path; "torrent" = config.krops.secrets.torrent-proxy-auth.path; }; in { options.sbruder.media-proxy.enable = lib.mkEnableOption "media proxy"; config = lib.mkIf config.sbruder.media-proxy.enable { krops.secrets = { torrent-proxy-auth.group = "nginx"; media-proxy-auth.group = "nginx"; }; users.users.nginx.extraGroups = [ "keys" ]; services.nginx = { enable = true; virtualHosts.media-proxy = { serverName = "localhost"; listen = [ { inherit port; addr = "127.0.0.1"; } { inherit port; addr = "[::1]"; } ]; locations = { "/".extraConfig = '' rewrite ^/__assets/(.*)$ /media/__assets/$1; ''; } // lib.mapAttrs' (name: secret: { name = "/${name}/"; value = { proxyPass = "https://${name}.sbruder.de/"; proxyWebsockets = true; extraConfig = '' proxy_buffering off; include ${secret}; charset utf-8; ''; }; }) services; }; }; }; }