Gitiles
Code Review Sign In
git.clicks.codes / Infra / NixFiles / 9fe6128b776bca75df14ef1325c8108659e37aca / . / modules / caddy / caddyfile.nix
blob: 69fbe2bf0db5ed29f5527f2d869cb11f4886082e [file] [log] [blame]
Skyler Grey40ab9af2023-05-20 18:03:53 +0200[diff] [blame]1let
2 HTTPReverseProxyRoute = hosts: upstreams: {
3 handle = [
4 {
5 handler = "subroute";
6 routes = [
7 {
8 handle = [
9 {
10 handler = "reverse_proxy";
11 upstreams = map (upstream: { dial = upstream; }) upstreams;
12 }
13 ];
14 }
15 ];
16 }
17 ];
18 match = [{ host = hosts; }];
19 terminal = true;
20 };
Skyler Grey9fe61282023-08-20 21:52:48 +0000[diff] [blame^]21 PHPRoute = hosts: root: socket: {
22 handle = [
23 {
24 handler = "subroute";
25 routes = [
26 {
27 handle = [
28 {
29 handler = "vars";
30 inherit root;
31 }
32 ];
33 }
34 {
35 handle = [
36 {
37 handler = "static_response";
38 headers.Location = [ "{http.request.orig_uri.path}/" ];
39 status_code = 307;
40 }
41 ];
42 match = [
43 {
44 file.try_files = [ "{http.request.uri.path}/index.php" ];
45 not = [ { path = ["*/"]; } ];
46 }
47 ];
48 }
49 {
50 handle = [
51 {
52 handler = "rewrite";
53 uri = "{http.matchers.file.relative}";
54 }
55 ];
56 match = [
57 {
58 file = {
59 split_path = [ ".php" ];
60 try_files = [
61 "{http.request.uri.path}"
62 "{http.request.uri.path}/index.php"
63 "index.php"
64 ];
65 };
66 }
67 ];
68 }
69 {
70 handle = [
71 {
72 handler = "reverse_proxy";
73 transport = {
74 protocol = "fastcgi";
75 split_path = [".php"];
76 };
77 upstreams = [{ dial = socket; }];
78 }
79 ];
80 match = [{ path = ["*.php"]; }];
81 }
82 {
83 handle = [
84 {
85 handler = "file_server";
86 }
87 ];
88 }
89 ];
90 }
91 ];
92 match = [{ host = hosts; }];
93 terminal = true;
94 };
Skyler Grey40ab9af2023-05-20 18:03:53 +0200[diff] [blame]95 HTTPRedirectRoute = hosts: goto: {
96 handle = [
97 {
98 handler = "subroute";
99 routes = [
100 {
101 handle = [
102 {
103 handler = "static_response";
104 headers = { Location = [ goto ]; };
105 status_code = 302;
106 }
107 ];
108 }
109 ];
110 }
111 ];
112 match = [{ host = hosts; }];
113 terminal = true;
114 };
Skyler Grey0e71dcd2023-05-21 00:05:17 +0200[diff] [blame]115 HTTPFileServerRoute = hosts: root: {
116 handle = [
117 {
118 handler = "subroute";
119 routes = [
120 {
121 handle = [
122 {
123 handler = "file_server";
124 inherit root;
125 }
126 ];
127 }
128 ];
129 }
130 ];
131 match = [{ host = hosts; }];
132 terminal = true;
133 };
134
Skyler Grey40ab9af2023-05-20 18:03:53 +0200[diff] [blame]135 TCPReverseProxyRoute = ports: upstreams: {
136 listen = map (port: "0.0.0.0:${toString port}") ports;
137 routes = [
138 {
139 handle = [
140 {
141 handler = "proxy";
142 proxy_protocol = "v2";
143 upstreams = [{ dial = upstreams; }];
144 }
145 ];
146 }
147 ];
148 };
149in
TheCodedProf85256bc2023-06-13 13:02:53 -0400[diff] [blame]150{ pkgs, lib, config }: {
Skyler Grey40ab9af2023-05-20 18:03:53 +0200[diff] [blame]151 apps = {
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]152 http.servers = {
153 srv0 = {
154 listen = [ ":443" ];
155 routes = [
156 (HTTPReverseProxyRoute [ "signup.hopescaramels.com" ] [ "192.168.0.4:3035" ])
157 (HTTPReverseProxyRoute [ "homebridge.coded.codes" ] [ "localhost:8581" ])
158 {
159 handle = [
160 {
161 handler = "subroute";
162 routes = [
163 {
164 handle = [
165 {
166 error = "You can't access admin routes from outside the server. Please use SSH tunneling, cURL on the host or similar";
167 handler = "error";
168 status_code = "403";
169 }
170 ];
171 match = [{ path = [ "/_dendrite/admin/*" "/_synapse/admin/*" ]; }];
172 terminal = true;
173 }
174 {
175 handle = [
176 {
177 handler = "reverse_proxy";
178 transport = { protocol = "http"; };
179 upstreams = [{ dial = "localhost:4527"; }];
180 }
181 ];
182 }
183 ];
Skyler Grey0e71dcd2023-05-21 00:05:17 +0200[diff] [blame]184 }
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]185 ];
186 match = [{ host = [ "matrix-backend.coded.codes" ]; }];
187 terminal = true;
188 }
189 (HTTPReverseProxyRoute
190 [
191 "mail.coded.codes"
192 "mail.clicks.codes"
193 "mail.hopescaramels.com"
194 ]
195 [ "localhost:1080" ]
196 )
197 (HTTPReverseProxyRoute [ "logs.clicks.codes" ] [ "localhost:9052" ])
198 (HTTPRedirectRoute
199 [
200 "hopescaramels.com"
201 "www.hopescaramels.com"
202 ]
203 "https://etsy.com/shop/HopesCaramels"
204 )
205 # (HTTPReverseProxyRoute [ "omv.coded.codes" ] [ "localhost:6773" ])
206 # (HTTPReverseProxyRoute [ "jellyfin.coded.codes" ] [ "localhost:8096" ])
207 (HTTPReverseProxyRoute [ "codedpc.coded.codes" ] [ "192.168.0.2:3389" ])
208 (HTTPReverseProxyRoute [ "testing.coded.codes" ] [ "192.168.0.2:3030" ])
209 (HTTPReverseProxyRoute [ "kavita.coded.codes" ] [ "localhost:5000" ])
210 {
211 handle = [
212 {
213 handler = "subroute";
214 routes = [
215 {
216 handle = [
217 {
218 handler = "subroute";
219 routes = [
220 {
221 handle = [
222 {
223 handler = "rewrite";
224 strip_path_prefix = "/nucleus";
225 }
226 ];
227 }
228 {
229 handle = [
230 {
231 handler = "reverse_proxy";
232 upstreams = [{ dial = "127.0.0.1:10000"; }];
233 }
234 ];
235 }
236 ];
237 }
238 ];
239 match = [{ path = [ "/nucleus/*" ]; }];
240 }
241 {
242 handle = [
243 {
244 handler = "error";
245 error = "This API route does not exist";
246 status_code = 404;
247 }
248 ];
249 }
250 ];
251 }
252 ];
253 match = [{ host = [ "api.clicks.codes" ]; }];
254 terminal = true;
255 }
256 {
257 handle = [
258 {
259 handler = "subroute";
260 routes = [
261 {
262 handle = [
263 {
264 handler = "subroute";
265 routes = [
266 {
267 handle = [
268 {
269 handler = "rewrite";
270 strip_path_prefix = "/nucleus";
271 }
272 ];
273 }
274 {
275 handle = [
276 {
277 handler = "reverse_proxy";
278 upstreams = [{ dial = "192.168.0.2:10000"; }];
279 }
280 ];
281 }
282 ];
283 }
284 ];
285 match = [{ path = [ "/nucleus/*" ]; }];
286 }
287 {
288 handle = [
289 {
290 handler = "error";
291 error = "This API route does not exist";
292 status_code = 404;
293 }
294 ];
295 }
296 ];
297 }
298 ];
299 match = [{ host = [ "api.coded.codes" ]; }];
300 terminal = true;
301 }
302 (HTTPRedirectRoute
303 [
304 "www.clicks.codes"
305 ]
306 "https://clicks.codes{http.request.uri}"
307 )
308 (HTTPReverseProxyRoute [ "clicks.codes" ] [ "127.0.0.1:3000" ])
309 {
310 handle = [
311 {
312 handler = "subroute";
313 routes = [
314 {
315 handle = [
316 {
317 handler = "static_response";
318 status_code = 200;
319 body = builtins.readFile ./coded.codes/.well-known/matrix;
320 headers = { Access-Control-Allow-Origin = [ "*" ]; };
321 }
322 ];
323 match = [{
324 path = [
325 "/.well-known/matrix/server"
326 "/.well-known/matrix/client"
327 ];
328 }];
329 terminal = true;
330 }
331 {
332 handle = [
333 {
334 handler = "static_response";
335 headers = { Location = [ "https://clicks.codes{http.request.uri}" ]; };
336 status_code = 302;
337 }
338 ];
339 }
340 ];
341 }
342 ];
343 match = [{ host = [ "coded.codes" ]; }];
344 terminal = true;
345 }
346 (HTTPFileServerRoute [ "matrix.coded.codes" ] (
347 pkgs.element-web.override {
348 conf = {
349 default_server_config = lib.pipe ./coded.codes/.well-known/matrix [
350 builtins.readFile
351 builtins.fromJSON
352 ];
353 };
354 }
355 ))
TheCodedProfe6f67ce2023-06-13 17:07:02 -0400[diff] [blame]356 (HTTPReverseProxyRoute [ "passwords.clicks.codes" ] [ "localhost:8452" ])
TheCodedProfbdc23452023-06-14 13:39:10 -0400[diff] [blame]357 (HTTPReverseProxyRoute [
358 "syncthing.clicks.codes"
359 "syncthing.coded.codes"
360 "syncthing.thecoded.prof"
361 "syncthing.hopescaramels.com"
362 ] [ "localhost:8384" ])
Skyler Grey9fe61282023-08-20 21:52:48 +0000[diff] [blame^]363 (PHPRoute
364 [ "paste.clicks.codes" "paste.coded.codes" ]
365 "${pkgs.privatebin}/share/privatebin"
366 "unix/${config.services.phpfpm.pools.privatebin.socket}"
367 )
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]368 ];
369 };
370 srv1 = {
371 listen = [ ":80" ];
372 routes = [
373 (HTTPReverseProxyRoute
374 [
375 "mail.clicks.codes"
376 "mail.coded.codes"
377 "mail.hopescaramels.com"
378 "autoconfig.coded.codes"
379 "autoconfig.clicks.codes"
380 "autoconfig.hopescaramels.com"
381 "imap.coded.codes"
382 "imap.clicks.codes"
383 "imap.hopescaramels.com"
384 "pop.coded.codes"
385 "pop.clicks.codes"
386 "pop.hopescaramels.com"
387 "smtp.coded.codes"
388 "smtp.clicks.codes"
389 "smtp.hopescaramels.com"
390 ]
391 [ "localhost:1080" ]
392 )
393 ];
Skyler Grey40ab9af2023-05-20 18:03:53 +0200[diff] [blame]394 };
395 };
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]396 layer4.servers = {
397 imap-143 = (TCPReverseProxyRoute [ 143 ] [ "localhost:1143" ]);
398 imap-993 = (TCPReverseProxyRoute [ 993 ] [ "localhost:1993" ]);
399 pop-110 = (TCPReverseProxyRoute [ 110 ] [ "localhost:1110" ]);
400 pop-995 = (TCPReverseProxyRoute [ 995 ] [ "localhost:1995" ]);
401 smtp-25 = (TCPReverseProxyRoute [ 25 ] [ "localhost:1025" ]);
402 smtp-465 = (TCPReverseProxyRoute [ 465 ] [ "localhost:1465" ]);
403 smtp-587 = (TCPReverseProxyRoute [ 587 ] [ "localhost:1587" ]);
Skyler Grey40ab9af2023-05-20 18:03:53 +0200[diff] [blame]404 };
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]405 tls.automation.policies = [{
406 issuers = [{
407 module = "acme";
408 challenges.dns.provider = {
409 name = "cloudflare";
410 api_token = "!!cloudflare_token!!";
411 };
412 }];
413 }];
Skyler Grey40ab9af2023-05-20 18:03:53 +0200[diff] [blame]414 };
415}