{ config, lib, ... }: { services.nginx.virtualHosts."git.cloonar.com" = { forceSSL = true; enableACME = true; acmeRoot = null; locations."/" = { proxyPass = "https://git.cloonar.com/"; }; }; services.nginx.virtualHosts."foundry-vtt.cloonar.com" = { forceSSL = true; enableACME = true; acmeRoot = null; locations."/" = { proxyPass = "http://${config.networkPrefix}.97.21:30000"; proxyWebsockets = true; }; }; services.nginx.virtualHosts."sync.cloonar.com" = { forceSSL = true; enableACME = true; acmeRoot = null; locations."/" = { proxyPass = "http://${config.networkPrefix}.97.6:5000"; recommendedProxySettings = true; }; }; services.nginx.virtualHosts."fivefilters.cloonar.com" = { forceSSL = true; enableACME = true; acmeRoot = null; locations."/" = { proxyPass = "http://${config.networkPrefix}.97.10"; }; }; services.nginx.virtualHosts."dl.cloonar.com" = { forceSSL = true; enableACME = true; acmeRoot = null; # Restrict to internal LAN only extraConfig = '' allow ${config.networkPrefix}.96.0/24; allow ${config.networkPrefix}.98.0/24; deny all; ''; locations."/" = { proxyPass = "http://${config.networkPrefix}.97.11:8000"; proxyWebsockets = true; }; }; services.nginx.virtualHosts."jellyfin.cloonar.com" = { forceSSL = true; enableACME = true; acmeRoot = null; # Restrict to internal LAN only extraConfig = '' allow ${config.networkPrefix}.96.0/24; allow ${config.networkPrefix}.98.0/24; allow ${config.networkPrefix}.99.0/24; deny all; ''; locations."/" = { proxyPass = "http://${config.networkPrefix}.97.11:8096"; proxyWebsockets = true; extraConfig = '' # Jellyfin-specific headers for proper streaming proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $http_host; # Disable buffering for better streaming performance proxy_buffering off; ''; }; }; }