adjust nginx config

flake.nix

@@ -27,6 +27,7 @@
         time.timeZone = "UTC";
         boot.kernelPackages = pkgs.linuxPackages_latest;
         boot.tmpOnTmpfs = true;
+
         environment.systemPackages = with pkgs; [
           wget curl htop iftop tmux tcpdump rsync
           alacritty.terminfo
@@ -43,6 +44,20 @@
 
         services.openssh.enable = true;
         services.fail2ban.enable = true;
+        services.nginx = {
+          package = pkgs.nginxMainline;
+          recommendedOptimisation = true;
+          recommendedTlsSettings = true;
+          recommendedGzipSettings = true;
+          recommendedProxySettings = true;
+          appendHttpConfig = ''
+            access_log syslog:server=unix:/dev/log;
+          '';
+          appendConfig = ''
+            error_log stderr info;
+          '';
+        };
+
         zramSwap.enable = true;
         nixpkgs.system = "x86_64-linux";
         nixpkgs.overlays = [ muccc-api.overlay ];

nixbus.nix

@@ -125,9 +125,18 @@
     virtualHosts."nixbus.club.muc.ccc.de" = {
       enableACME = true;
       addSSL = true;
-      locations."/".extraConfig = "return 204;";
-      locations."/spaceapi.json".proxyPass = "http://[::1]:8020";
-      locations."/schleuse.json".proxyPass = "http://[::1]:8020";
+      locations."/".extraConfig = "return 404;";
+      locations."/api/" = {
+        proxyPass = "http://[::1]:8020/";
+        #extraConfig = ''
+        #  set_real_ip_from 83.133.178.64/26;
+        #  set_real_ip_from 2001:7f0:3003:beef::/64;
+        #  real_ip_header X-Forwarded-For;
+        #'';
+      };
+    };
+    virtualHosts."api.muc.ccc.de" = {
+      locations."/".proxyPass = "http://[::1]:8020";
     };
   };