blob: 9f6bf499a6c5c0429800308521d7d156509c6f14 [file] [log] [blame]
Skyler Grey40ab9af2023-05-20 18:03:53 +02001let
2 HTTPReverseProxyRoute = hosts: upstreams: {
3 handle = [
4 {
5 handler = "subroute";
6 routes = [
7 {
8 handle = [
9 {
10 handler = "reverse_proxy";
11 upstreams = map (upstream: { dial = upstream; }) upstreams;
12 }
13 ];
14 }
15 ];
16 }
17 ];
18 match = [{ host = hosts; }];
19 terminal = true;
20 };
Skyler Grey9fe61282023-08-20 21:52:48 +000021 PHPRoute = hosts: root: socket: {
22 handle = [
23 {
24 handler = "subroute";
25 routes = [
26 {
27 handle = [
28 {
29 handler = "vars";
30 inherit root;
31 }
32 ];
33 }
34 {
35 handle = [
36 {
37 handler = "static_response";
38 headers.Location = [ "{http.request.orig_uri.path}/" ];
39 status_code = 307;
40 }
41 ];
42 match = [
43 {
44 file.try_files = [ "{http.request.uri.path}/index.php" ];
45 not = [ { path = ["*/"]; } ];
46 }
47 ];
48 }
49 {
50 handle = [
51 {
52 handler = "rewrite";
53 uri = "{http.matchers.file.relative}";
54 }
55 ];
56 match = [
57 {
58 file = {
59 split_path = [ ".php" ];
60 try_files = [
61 "{http.request.uri.path}"
62 "{http.request.uri.path}/index.php"
63 "index.php"
64 ];
65 };
66 }
67 ];
68 }
69 {
70 handle = [
71 {
72 handler = "reverse_proxy";
73 transport = {
74 protocol = "fastcgi";
75 split_path = [".php"];
76 };
77 upstreams = [{ dial = socket; }];
78 }
79 ];
80 match = [{ path = ["*.php"]; }];
81 }
82 {
83 handle = [
84 {
85 handler = "file_server";
86 }
87 ];
88 }
89 ];
90 }
91 ];
92 match = [{ host = hosts; }];
93 terminal = true;
94 };
Skyler Grey40ab9af2023-05-20 18:03:53 +020095 HTTPRedirectRoute = hosts: goto: {
96 handle = [
97 {
98 handler = "subroute";
99 routes = [
100 {
101 handle = [
102 {
103 handler = "static_response";
104 headers = { Location = [ goto ]; };
105 status_code = 302;
106 }
107 ];
108 }
109 ];
110 }
111 ];
112 match = [{ host = hosts; }];
113 terminal = true;
114 };
Skyler Grey0e71dcd2023-05-21 00:05:17 +0200115 HTTPFileServerRoute = hosts: root: {
116 handle = [
117 {
118 handler = "subroute";
119 routes = [
120 {
121 handle = [
122 {
123 handler = "file_server";
124 inherit root;
125 }
126 ];
127 }
128 ];
129 }
130 ];
131 match = [{ host = hosts; }];
132 terminal = true;
133 };
134
Skyler Grey40ab9af2023-05-20 18:03:53 +0200135 TCPReverseProxyRoute = ports: upstreams: {
136 listen = map (port: "0.0.0.0:${toString port}") ports;
137 routes = [
138 {
139 handle = [
140 {
141 handler = "proxy";
142 proxy_protocol = "v2";
143 upstreams = [{ dial = upstreams; }];
144 }
145 ];
146 }
147 ];
148 };
149in
TheCodedProf85256bc2023-06-13 13:02:53 -0400150{ pkgs, lib, config }: {
Skyler Grey40ab9af2023-05-20 18:03:53 +0200151 apps = {
Skyler Grey19f9fa22023-05-24 17:51:24 +0200152 http.servers = {
153 srv0 = {
154 listen = [ ":443" ];
155 routes = [
156 (HTTPReverseProxyRoute [ "signup.hopescaramels.com" ] [ "192.168.0.4:3035" ])
157 (HTTPReverseProxyRoute [ "homebridge.coded.codes" ] [ "localhost:8581" ])
158 {
159 handle = [
160 {
161 handler = "subroute";
162 routes = [
163 {
164 handle = [
165 {
166 error = "You can't access admin routes from outside the server. Please use SSH tunneling, cURL on the host or similar";
167 handler = "error";
168 status_code = "403";
169 }
170 ];
171 match = [{ path = [ "/_dendrite/admin/*" "/_synapse/admin/*" ]; }];
172 terminal = true;
173 }
174 {
175 handle = [
176 {
177 handler = "reverse_proxy";
178 transport = { protocol = "http"; };
179 upstreams = [{ dial = "localhost:4527"; }];
180 }
181 ];
182 }
183 ];
Skyler Grey0e71dcd2023-05-21 00:05:17 +0200184 }
Skyler Grey19f9fa22023-05-24 17:51:24 +0200185 ];
186 match = [{ host = [ "matrix-backend.coded.codes" ]; }];
187 terminal = true;
188 }
189 (HTTPReverseProxyRoute
190 [
191 "mail.coded.codes"
192 "mail.clicks.codes"
193 "mail.hopescaramels.com"
194 ]
195 [ "localhost:1080" ]
196 )
197 (HTTPReverseProxyRoute [ "logs.clicks.codes" ] [ "localhost:9052" ])
198 (HTTPRedirectRoute
199 [
200 "hopescaramels.com"
201 "www.hopescaramels.com"
202 ]
203 "https://etsy.com/shop/HopesCaramels"
204 )
205 # (HTTPReverseProxyRoute [ "omv.coded.codes" ] [ "localhost:6773" ])
206 # (HTTPReverseProxyRoute [ "jellyfin.coded.codes" ] [ "localhost:8096" ])
207 (HTTPReverseProxyRoute [ "codedpc.coded.codes" ] [ "192.168.0.2:3389" ])
208 (HTTPReverseProxyRoute [ "testing.coded.codes" ] [ "192.168.0.2:3030" ])
209 (HTTPReverseProxyRoute [ "kavita.coded.codes" ] [ "localhost:5000" ])
210 {
211 handle = [
212 {
213 handler = "subroute";
214 routes = [
215 {
216 handle = [
217 {
218 handler = "subroute";
219 routes = [
220 {
221 handle = [
222 {
223 handler = "rewrite";
224 strip_path_prefix = "/nucleus";
225 }
226 ];
227 }
228 {
229 handle = [
230 {
231 handler = "reverse_proxy";
232 upstreams = [{ dial = "127.0.0.1:10000"; }];
233 }
234 ];
235 }
236 ];
237 }
238 ];
239 match = [{ path = [ "/nucleus/*" ]; }];
240 }
241 {
242 handle = [
243 {
244 handler = "error";
245 error = "This API route does not exist";
246 status_code = 404;
247 }
248 ];
249 }
250 ];
251 }
252 ];
253 match = [{ host = [ "api.clicks.codes" ]; }];
254 terminal = true;
255 }
256 {
257 handle = [
258 {
259 handler = "subroute";
260 routes = [
261 {
262 handle = [
263 {
264 handler = "subroute";
265 routes = [
266 {
267 handle = [
268 {
269 handler = "rewrite";
270 strip_path_prefix = "/nucleus";
271 }
272 ];
273 }
274 {
275 handle = [
276 {
277 handler = "reverse_proxy";
278 upstreams = [{ dial = "192.168.0.2:10000"; }];
279 }
280 ];
281 }
282 ];
283 }
284 ];
285 match = [{ path = [ "/nucleus/*" ]; }];
286 }
287 {
288 handle = [
289 {
290 handler = "error";
291 error = "This API route does not exist";
292 status_code = 404;
293 }
294 ];
295 }
296 ];
297 }
298 ];
299 match = [{ host = [ "api.coded.codes" ]; }];
300 terminal = true;
301 }
302 (HTTPRedirectRoute
303 [
304 "www.clicks.codes"
305 ]
306 "https://clicks.codes{http.request.uri}"
307 )
308 (HTTPReverseProxyRoute [ "clicks.codes" ] [ "127.0.0.1:3000" ])
309 {
310 handle = [
311 {
312 handler = "subroute";
313 routes = [
314 {
315 handle = [
316 {
317 handler = "static_response";
318 status_code = 200;
319 body = builtins.readFile ./coded.codes/.well-known/matrix;
320 headers = { Access-Control-Allow-Origin = [ "*" ]; };
321 }
322 ];
323 match = [{
324 path = [
325 "/.well-known/matrix/server"
326 "/.well-known/matrix/client"
327 ];
328 }];
329 terminal = true;
330 }
331 {
332 handle = [
333 {
334 handler = "static_response";
335 headers = { Location = [ "https://clicks.codes{http.request.uri}" ]; };
336 status_code = 302;
337 }
338 ];
339 }
340 ];
341 }
342 ];
343 match = [{ host = [ "coded.codes" ]; }];
344 terminal = true;
345 }
346 (HTTPFileServerRoute [ "matrix.coded.codes" ] (
Skyler Greyb64b5e92023-08-20 21:53:37 +0000347 pkgs.schildichat-web.override {
Skyler Grey19f9fa22023-05-24 17:51:24 +0200348 conf = {
349 default_server_config = lib.pipe ./coded.codes/.well-known/matrix [
350 builtins.readFile
351 builtins.fromJSON
352 ];
Skyler Greyb64b5e92023-08-20 21:53:37 +0000353 features = {
354 feature_report_to_moderators = true;
355 feature_latex_maths = true;
356 feature_pinning = true;
357 feature_mjolnir = true;
358 feature_presence_in_room_list = true;
359 feature_custom_themes = true;
360 feature_dehydration = true;
361 };
362 setting_defaults = {
363 "fallbackICEServerAllowed" = true;
364 };
365 default_theme = "dark";
366 permalink_prefix = "https://matrix.coded.codes";
367 disable_guests = true;
368 disable_3pid_login = true;
Skyler Grey19f9fa22023-05-24 17:51:24 +0200369 };
370 }
371 ))
TheCodedProfe6f67ce2023-06-13 17:07:02 -0400372 (HTTPReverseProxyRoute [ "passwords.clicks.codes" ] [ "localhost:8452" ])
Skyler Grey0e05d262023-10-09 07:04:36 +0000373 (HTTPReverseProxyRoute [ "login.clicks.codes" ] [ "localhost:9083" ])
TheCodedProfbdc23452023-06-14 13:39:10 -0400374 (HTTPReverseProxyRoute [
375 "syncthing.clicks.codes"
376 "syncthing.coded.codes"
377 "syncthing.thecoded.prof"
378 "syncthing.hopescaramels.com"
379 ] [ "localhost:8384" ])
Skyler Grey08758a62023-10-09 07:35:09 +0000380 (HTTPReverseProxyRoute [
381 "git.clicks.codes"
382 "gerrit.clicks.codes"
383 ] [ "127.0.0.255:1000" ])
Skyler Grey9fe61282023-08-20 21:52:48 +0000384 (PHPRoute
385 [ "paste.clicks.codes" "paste.coded.codes" ]
386 "${pkgs.privatebin}/share/privatebin"
387 "unix/${config.services.phpfpm.pools.privatebin.socket}"
388 )
Skyler Grey09c5cda2023-10-09 07:10:10 +0000389 (PHPRoute
390 [ "cloud.clicks.codes" "nextcloud.clicks.codes" "docs.clicks.codes" ]
391 "${config.services.nextcloud.package}"
392 "unix/${config.services.phpfpm.pools.nextcloud.socket}"
393 )
Skyler Grey19f9fa22023-05-24 17:51:24 +0200394 ];
395 };
396 srv1 = {
397 listen = [ ":80" ];
398 routes = [
399 (HTTPReverseProxyRoute
400 [
401 "mail.clicks.codes"
402 "mail.coded.codes"
403 "mail.hopescaramels.com"
404 "autoconfig.coded.codes"
405 "autoconfig.clicks.codes"
406 "autoconfig.hopescaramels.com"
407 "imap.coded.codes"
408 "imap.clicks.codes"
409 "imap.hopescaramels.com"
410 "pop.coded.codes"
411 "pop.clicks.codes"
412 "pop.hopescaramels.com"
413 "smtp.coded.codes"
414 "smtp.clicks.codes"
415 "smtp.hopescaramels.com"
416 ]
417 [ "localhost:1080" ]
418 )
419 ];
Skyler Grey40ab9af2023-05-20 18:03:53 +0200420 };
421 };
Skyler Grey19f9fa22023-05-24 17:51:24 +0200422 layer4.servers = {
423 imap-143 = (TCPReverseProxyRoute [ 143 ] [ "localhost:1143" ]);
424 imap-993 = (TCPReverseProxyRoute [ 993 ] [ "localhost:1993" ]);
425 pop-110 = (TCPReverseProxyRoute [ 110 ] [ "localhost:1110" ]);
426 pop-995 = (TCPReverseProxyRoute [ 995 ] [ "localhost:1995" ]);
427 smtp-25 = (TCPReverseProxyRoute [ 25 ] [ "localhost:1025" ]);
428 smtp-465 = (TCPReverseProxyRoute [ 465 ] [ "localhost:1465" ]);
429 smtp-587 = (TCPReverseProxyRoute [ 587 ] [ "localhost:1587" ]);
Skyler Grey40ab9af2023-05-20 18:03:53 +0200430 };
Skyler Grey19f9fa22023-05-24 17:51:24 +0200431 tls.automation.policies = [{
432 issuers = [{
433 module = "acme";
434 challenges.dns.provider = {
435 name = "cloudflare";
436 api_token = "!!cloudflare_token!!";
437 };
438 }];
439 }];
Skyler Grey40ab9af2023-05-20 18:03:53 +0200440 };
441}