{ ... }: let mkCloudLocation = { from, cloudHost }: { name = "/cal/${from}"; value = { extraConfig = '' proxy_pass https://${cloudHost}/remote.php/dav/public-calendars/; proxy_set_header Host ${cloudHost}; ''; }; }; clouds = [ { from = "klub-reseau"; cloudHost = "nuage.beta.rz.ens.wtf"; } { from = "eleves-ens"; cloudHost = "cloud.eleves.ens.fr"; } { from = "frama-agenda"; cloudHost = "framagenda.org"; } ]; in { services.nginx = { enable = true; resolver = { addresses = [ "1.1.1.1" ]; }; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts = { "home.beta.rz.ens.wtf" = { serverAliases = [ "beta.rz.ens.wtf" ]; default = true; forceSSL = true; enableACME = true; root = "/var/public-cof/home"; locations = builtins.listToAttrs (map mkCloudLocation clouds); }; }; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; }