infrastructure/machines/vpn/configuration.nix

{ config, lib, pkgs, inputs, ... }:

with lib;

{
  sops.defaultSopsFile = ./secrets.yaml;
  sops.secrets.wg_private = {};

  networking = {
    hostName = mkDefault "vpn";
    useDHCP = false;
    nameservers = [ "1.1.1.1" ];
    firewall = {
      allowedUDPPorts = [ 51821 ];
      allowedTCPPorts = [ 80 ];
    };
  };

  imports = [
    inputs.self.nixosModules.malobeo.vpn
    ../modules/malobeo_user.nix
    ../modules/sshd.nix
    ../modules/minimal_tools.nix
  ];

  services.malobeo.vpn = {
    enable = true;
    name = "vpn";
    privateKeyFile = config.sops.secrets.wg_private.path;
  };

  services.nginx = {
    enable = true;
    virtualHosts."docs.malobeo.org" = {
      locations."/" = {
        proxyPass = "http://10.100.0.101";
        extraConfig = ''
          proxy_set_header Host $host;
        '';
      };
    };

    virtualHosts."cloud.malobeo.org" = {
      locations."/" = {
        proxyPass = "http://10.100.0.101";
        extraConfig = ''
          proxy_set_header Host $host;
        '';
      };
    };

    virtualHosts."grafana.malobeo.org" = {
      locations."/" = {
        proxyPass = "http://10.100.0.101";
        extraConfig = ''
          proxy_set_header Host $host;
        '';
      };
    };

    virtualHosts."tasklist.malobeo.org" = {
      locations."/" = {
        proxyPass = "http://10.100.0.101";
        extraConfig = ''
          proxy_set_header Host $host;
        '';
      };
    };

    virtualHosts."shop.malobeo.org" = {
      locations."/" = {
        proxyPass = "http://10.100.0.101";
        extraConfig = ''
          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;
          proxy_set_header Authorization $http_authorization;  # Pass the Authorization header
          proxy_pass_header Authorization;
        '';
      };
    };
  };

  system.stateVersion = "22.11"; # Did you read the comment?
}