nixos-infra/services/xray-3x-ui/nginx.nix

{
  lib,
  config,
  ...
}:
let
  inherit (config.machine.xray-3x-ui)
    enable
    port
    domain
    subscriptions
    ;
in
{
  services.nginx.virtualHosts =
    with lib;
    mkIf enable {
      ${domain} =
        with lib;
        mkIf (domain != null) {
          enableACME = true;
          forceSSL = true;
          locations."/" = {
            proxyPass = "http://127.0.0.1:${toString port}";
            proxyWebsockets = true;
            extraConfig = ''
              proxy_set_header X-Real-IP         $remote_addr;
              proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
              proxy_set_header X-Forwarded-Proto $scheme;
              proxy_redirect off;
            '';
          };
        };
      ${subscriptions.domain} =
        with lib;
        mkIf (subscriptions.domain != null) {
          enableACME = true;
          forceSSL = true;
          locations."/" = {
            proxyPass = "http://127.0.0.1:2096";
            proxyWebsockets = true;
            extraConfig = ''
              proxy_set_header X-Real-IP         $remote_addr;
              proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
              proxy_set_header X-Forwarded-Proto $scheme;
              proxy_redirect off;
            '';
          };
        };
    };
}