From 90bf2a8891e00c83586cdb023f19b8261784e743 Mon Sep 17 00:00:00 2001
From: Ahwx <ahwx@ahwx.org>
Date: Tue, 3 Jun 2025 21:00:03 +0200
Subject: [PATCH] chore: switch back to frp since haproxy was causing a lot of
 issues

---
 modules/services/nginx.nix | 59 +++++++++++++-------------------------
 1 file changed, 20 insertions(+), 39 deletions(-)

diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix
index 952473a..6e6f98f 100644
--- a/modules/services/nginx.nix
+++ b/modules/services/nginx.nix
@@ -37,41 +37,35 @@
     recommendedProxySettings = true;
     clientMaxBodySize = lib.mkDefault "10G";
 
-    defaultListen =
-      let
-        listen = [
-          {
-            addr = "[::]";
-            port = 80;
-            extraParameters = [ "proxy_protocol" ];
-          }
-          {
-            addr = "[::]";
-            port = 443;
-            ssl = true;
-            extraParameters = [ "proxy_protocol" ];
-          }
-        ];
-      in
-      map (x: (x // { addr = "0.0.0.0"; })) listen ++ listen;
+    #defaultListen =
+    #  let
+    #    listen = [
+    #      {
+    #        addr = "[::]";
+    #        port = 80;
+    #        extraParameters = [ "proxy_protocol" ];
+    #      }
+    #      {
+    #        addr = "[::]";
+    #        port = 443;
+    #        ssl = true;
+    #        extraParameters = [ "proxy_protocol" ];
+    #      }
+    #    ];
+    #  in
+    #  map (x: (x // { addr = "0.0.0.0"; })) listen ++ listen;
 
     # Hardened TLS and HSTS preloading
     appendHttpConfig = ''
       # Proxying
       # real_ip_header proxy_protocol;
 
-      server {
-        listen 80   proxy_protocol;
-        listen 443  ssl proxy_protocol;
-        # set_real_ip_from 10.7.0.0/24;
-      }
-
       ssl_certificate /var/lib/acme/quack.social/cert.pem;
       ssl_certificate_key /var/lib/acme/quack.social/key.pem;
 
-      proxy_set_header Host            $host;
-      proxy_set_header X-Real-IP       $proxy_protocol_addr;
-      proxy_set_header X-Forwarded-For $proxy_protocol_addr;
+      # proxy_set_header Host            $host;
+      # proxy_set_header X-Real-IP       $proxy_protocol_addr;
+      # proxy_set_header X-Forwarded-For $proxy_protocol_addr;
 
       # Add HSTS header with preloading to HTTPS requests.
       # Do not add HSTS header to HTTP requests.
@@ -98,19 +92,6 @@
       add_header pronouns "any but neopronouns";
       add_header locale "[en_US, nl_NL]";
     '';
-    appendConfig = ''
-      # https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/
-      # set_real_ip_from 213.210.34.27;
-
-      # real_ip_header proxy_protocol;
-
-      # proxy_set_header Host               $host;
-      # proxy_set_header X-Real-IP          $proxy_protocol_addr;
-      # proxy_set_header X-Forwarded-For    $proxy_protocol_addr;
-      # proxy_set_header X-Forwarded-Proto  $scheme;
-      # proxy_set_header X-Forwarded-Host   $host;
-      # proxy_set_header X-Forwarded-Server $host;
-    '';
   };
   networking.firewall = {
     allowedTCPPorts = [