From d211d671653d40343a5982cae54d1207e9ac3f88 Mon Sep 17 00:00:00 2001
From: stubbfelnewpc <stubbfelnewpc@stubbe.rocks>
Date: Tue, 30 Aug 2022 21:04:56 +0000
Subject: [PATCH] add nginx

---
 .gitignore               |  5 +++--
 examples/unciv-nixos.nix | 32 ++++++++++++++++++++++++++++++++
 unciv.nix                | 19 +++++++++++++++----
 3 files changed, 50 insertions(+), 6 deletions(-)
 create mode 100644 examples/unciv-nixos.nix

diff --git a/.gitignore b/.gitignore
index 71a1a0b..40c1889 100644
--- a/.gitignore
+++ b/.gitignore
@@ -44,5 +44,6 @@
 
 # End of https://www.toptal.com/developers/gitignore/api/visualstudiocode,git
 
-result/
-tmp/
\ No newline at end of file
+result
+tmp
+*.qcow2
\ No newline at end of file
diff --git a/examples/unciv-nixos.nix b/examples/unciv-nixos.nix
new file mode 100644
index 0000000..4e34d45
--- /dev/null
+++ b/examples/unciv-nixos.nix
@@ -0,0 +1,32 @@
+# nix-build '<nixpkgs/nixos>' -A vm -I nixos-config="examples/unciv-nixos.nix" && result/bin/run-nixos-vm -nographic
+{ config, pkgs, ... }:
+
+let
+
+  uc = pkgs.callPackage ../unciv.nix {
+    port = "7443";
+    nginxEnableACME = false;
+    nginxForceSSL = false;
+  };
+
+in
+{
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  services.nginx = {
+    enable = true;
+    appendHttpConfig = ''
+      server_names_hash_bucket_size 64;
+    '';
+    sslProtocols = "TLSv1 TLSv1.1 TLSv1.2";
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = false;
+    virtualHosts."unciv.*" = uc.nginx.virtualHosts.unciv;
+  };
+
+  systemd.services.unciv = uc.systemd.services.unciv;
+
+  users.users.root.initialPassword = "root";
+}
diff --git a/unciv.nix b/unciv.nix
index 113e7b7..e083a8d 100644
--- a/unciv.nix
+++ b/unciv.nix
@@ -1,11 +1,11 @@
 # nix-build unciv.rix
-{ pkgs ? import <nixpkgs> { }, stateDir ? "/var/lib/unciv", port ? "80", }:
+{   pkgs ? import <nixpkgs> { }, stateDir ? "/var/lib/unciv", port ? "80", nginxEnableACME ? true, nginxForceSSL ? true, nginxIsDefault ? true }:
 
 let
 
   jarFile = pkgs.fetchurl {
-    url = "https://github.com/yairm210/Unciv/releases/4.2.6/download/UncivServer.jar";
-    sha256 = "sha256-gGZCMG8+mqXK/2JgEN7ONBJ8QR7lAfl843EGB2j+N/E=";
+    url = "https://github.com/yairm210/Unciv/releases/download/4.2.6/UncivServer.jar";
+    sha256 = "sha256-7YJQnNPng87n1EN+533EBsGgVa3w+B8PuLO0xECcDug=";
   };
 
   uncivServerCmd = pkgs.writeShellScriptBin "UncivServer.sh" ''   
@@ -18,13 +18,24 @@ in
   packages = uncivServerCmd;
 
   systemd.services.unciv = {
-    serviceConfig.Type = "oneshot";
+    description = "unciv server";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig.Restart = "always";
     script = ''
       mkdir -p "${stateDir}"
       ${uncivServerCmd}/bin/UncivServer.sh -f "${stateDir}" -p "${port}"
     '';
   };
 
+  nginx.virtualHosts.unciv = {
+    enableACME = nginxEnableACME;
+    forceSSL = nginxForceSSL;
+    default = nginxIsDefault;
+    locations."/".proxyPass = "http://localhost:${port}";
+  };
+
+
   meta = {
     description = "The multiplayer server for Unciv - An open-source, mod-friendly Android+Desktop remake of Civ V.";
     homepage = https://yairm210.itch.io/unciv;