Gitiles
Code Review Sign In
git.clicks.codes / Infra / NixFiles / bdc2345acae7c87fd97cb37165b2a3609f63a86e / . / modules / caddy / caddyfile.nix
blob: f3c8b20795278995a57bbaad8b63e7cafa46c9b6 [file] [log] [blame]
Skyler Grey40ab9af2023-05-20 18:03:53 +0200[diff] [blame]1let
2 HTTPReverseProxyRoute = hosts: upstreams: {
3 handle = [
4 {
5 handler = "subroute";
6 routes = [
7 {
8 handle = [
9 {
10 handler = "reverse_proxy";
11 upstreams = map (upstream: { dial = upstream; }) upstreams;
12 }
13 ];
14 }
15 ];
16 }
17 ];
18 match = [{ host = hosts; }];
19 terminal = true;
20 };
21 HTTPRedirectRoute = hosts: goto: {
22 handle = [
23 {
24 handler = "subroute";
25 routes = [
26 {
27 handle = [
28 {
29 handler = "static_response";
30 headers = { Location = [ goto ]; };
31 status_code = 302;
32 }
33 ];
34 }
35 ];
36 }
37 ];
38 match = [{ host = hosts; }];
39 terminal = true;
40 };
Skyler Grey0e71dcd2023-05-21 00:05:17 +0200[diff] [blame]41 HTTPFileServerRoute = hosts: root: {
42 handle = [
43 {
44 handler = "subroute";
45 routes = [
46 {
47 handle = [
48 {
49 handler = "file_server";
50 inherit root;
51 }
52 ];
53 }
54 ];
55 }
56 ];
57 match = [{ host = hosts; }];
58 terminal = true;
59 };
60
Skyler Grey40ab9af2023-05-20 18:03:53 +0200[diff] [blame]61 TCPReverseProxyRoute = ports: upstreams: {
62 listen = map (port: "0.0.0.0:${toString port}") ports;
63 routes = [
64 {
65 handle = [
66 {
67 handler = "proxy";
68 proxy_protocol = "v2";
69 upstreams = [{ dial = upstreams; }];
70 }
71 ];
72 }
73 ];
74 };
75in
TheCodedProf85256bc2023-06-13 13:02:53 -0400[diff] [blame]76{ pkgs, lib, config }: {
Skyler Grey40ab9af2023-05-20 18:03:53 +0200[diff] [blame]77 apps = {
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]78 http.servers = {
79 srv0 = {
80 listen = [ ":443" ];
81 routes = [
82 (HTTPReverseProxyRoute [ "signup.hopescaramels.com" ] [ "192.168.0.4:3035" ])
83 (HTTPReverseProxyRoute [ "homebridge.coded.codes" ] [ "localhost:8581" ])
84 {
85 handle = [
86 {
87 handler = "subroute";
88 routes = [
89 {
90 handle = [
91 {
92 error = "You can't access admin routes from outside the server. Please use SSH tunneling, cURL on the host or similar";
93 handler = "error";
94 status_code = "403";
95 }
96 ];
97 match = [{ path = [ "/_dendrite/admin/*" "/_synapse/admin/*" ]; }];
98 terminal = true;
99 }
100 {
101 handle = [
102 {
103 handler = "reverse_proxy";
104 transport = { protocol = "http"; };
105 upstreams = [{ dial = "localhost:4527"; }];
106 }
107 ];
108 }
109 ];
Skyler Grey0e71dcd2023-05-21 00:05:17 +0200[diff] [blame]110 }
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]111 ];
112 match = [{ host = [ "matrix-backend.coded.codes" ]; }];
113 terminal = true;
114 }
115 (HTTPReverseProxyRoute
116 [
117 "mail.coded.codes"
118 "mail.clicks.codes"
119 "mail.hopescaramels.com"
120 ]
121 [ "localhost:1080" ]
122 )
123 (HTTPReverseProxyRoute [ "logs.clicks.codes" ] [ "localhost:9052" ])
124 (HTTPRedirectRoute
125 [
126 "hopescaramels.com"
127 "www.hopescaramels.com"
128 ]
129 "https://etsy.com/shop/HopesCaramels"
130 )
131 # (HTTPReverseProxyRoute [ "omv.coded.codes" ] [ "localhost:6773" ])
132 # (HTTPReverseProxyRoute [ "jellyfin.coded.codes" ] [ "localhost:8096" ])
133 (HTTPReverseProxyRoute [ "codedpc.coded.codes" ] [ "192.168.0.2:3389" ])
134 (HTTPReverseProxyRoute [ "testing.coded.codes" ] [ "192.168.0.2:3030" ])
135 (HTTPReverseProxyRoute [ "kavita.coded.codes" ] [ "localhost:5000" ])
136 {
137 handle = [
138 {
139 handler = "subroute";
140 routes = [
141 {
142 handle = [
143 {
144 handler = "subroute";
145 routes = [
146 {
147 handle = [
148 {
149 handler = "rewrite";
150 strip_path_prefix = "/nucleus";
151 }
152 ];
153 }
154 {
155 handle = [
156 {
157 handler = "reverse_proxy";
158 upstreams = [{ dial = "127.0.0.1:10000"; }];
159 }
160 ];
161 }
162 ];
163 }
164 ];
165 match = [{ path = [ "/nucleus/*" ]; }];
166 }
167 {
168 handle = [
169 {
170 handler = "error";
171 error = "This API route does not exist";
172 status_code = 404;
173 }
174 ];
175 }
176 ];
177 }
178 ];
179 match = [{ host = [ "api.clicks.codes" ]; }];
180 terminal = true;
181 }
182 {
183 handle = [
184 {
185 handler = "subroute";
186 routes = [
187 {
188 handle = [
189 {
190 handler = "subroute";
191 routes = [
192 {
193 handle = [
194 {
195 handler = "rewrite";
196 strip_path_prefix = "/nucleus";
197 }
198 ];
199 }
200 {
201 handle = [
202 {
203 handler = "reverse_proxy";
204 upstreams = [{ dial = "192.168.0.2:10000"; }];
205 }
206 ];
207 }
208 ];
209 }
210 ];
211 match = [{ path = [ "/nucleus/*" ]; }];
212 }
213 {
214 handle = [
215 {
216 handler = "error";
217 error = "This API route does not exist";
218 status_code = 404;
219 }
220 ];
221 }
222 ];
223 }
224 ];
225 match = [{ host = [ "api.coded.codes" ]; }];
226 terminal = true;
227 }
228 (HTTPRedirectRoute
229 [
230 "www.clicks.codes"
231 ]
232 "https://clicks.codes{http.request.uri}"
233 )
234 (HTTPReverseProxyRoute [ "clicks.codes" ] [ "127.0.0.1:3000" ])
235 {
236 handle = [
237 {
238 handler = "subroute";
239 routes = [
240 {
241 handle = [
242 {
243 handler = "static_response";
244 status_code = 200;
245 body = builtins.readFile ./coded.codes/.well-known/matrix;
246 headers = { Access-Control-Allow-Origin = [ "*" ]; };
247 }
248 ];
249 match = [{
250 path = [
251 "/.well-known/matrix/server"
252 "/.well-known/matrix/client"
253 ];
254 }];
255 terminal = true;
256 }
257 {
258 handle = [
259 {
260 handler = "static_response";
261 headers = { Location = [ "https://clicks.codes{http.request.uri}" ]; };
262 status_code = 302;
263 }
264 ];
265 }
266 ];
267 }
268 ];
269 match = [{ host = [ "coded.codes" ]; }];
270 terminal = true;
271 }
272 (HTTPFileServerRoute [ "matrix.coded.codes" ] (
273 pkgs.element-web.override {
274 conf = {
275 default_server_config = lib.pipe ./coded.codes/.well-known/matrix [
276 builtins.readFile
277 builtins.fromJSON
278 ];
279 };
280 }
281 ))
TheCodedProfe6f67ce2023-06-13 17:07:02 -0400[diff] [blame]282 (HTTPReverseProxyRoute [ "passwords.clicks.codes" ] [ "localhost:8452" ])
TheCodedProfbdc23452023-06-14 13:39:10 -0400[diff] [blame^]283 (HTTPReverseProxyRoute [
284 "syncthing.clicks.codes"
285 "syncthing.coded.codes"
286 "syncthing.thecoded.prof"
287 "syncthing.hopescaramels.com"
288 ] [ "localhost:8384" ])
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]289 ];
290 };
291 srv1 = {
292 listen = [ ":80" ];
293 routes = [
294 (HTTPReverseProxyRoute
295 [
296 "mail.clicks.codes"
297 "mail.coded.codes"
298 "mail.hopescaramels.com"
299 "autoconfig.coded.codes"
300 "autoconfig.clicks.codes"
301 "autoconfig.hopescaramels.com"
302 "imap.coded.codes"
303 "imap.clicks.codes"
304 "imap.hopescaramels.com"
305 "pop.coded.codes"
306 "pop.clicks.codes"
307 "pop.hopescaramels.com"
308 "smtp.coded.codes"
309 "smtp.clicks.codes"
310 "smtp.hopescaramels.com"
311 ]
312 [ "localhost:1080" ]
313 )
314 ];
Skyler Grey40ab9af2023-05-20 18:03:53 +0200[diff] [blame]315 };
316 };
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]317 layer4.servers = {
318 imap-143 = (TCPReverseProxyRoute [ 143 ] [ "localhost:1143" ]);
319 imap-993 = (TCPReverseProxyRoute [ 993 ] [ "localhost:1993" ]);
320 pop-110 = (TCPReverseProxyRoute [ 110 ] [ "localhost:1110" ]);
321 pop-995 = (TCPReverseProxyRoute [ 995 ] [ "localhost:1995" ]);
322 smtp-25 = (TCPReverseProxyRoute [ 25 ] [ "localhost:1025" ]);
323 smtp-465 = (TCPReverseProxyRoute [ 465 ] [ "localhost:1465" ]);
324 smtp-587 = (TCPReverseProxyRoute [ 587 ] [ "localhost:1587" ]);
Skyler Grey40ab9af2023-05-20 18:03:53 +0200[diff] [blame]325 };
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]326 tls.automation.policies = [{
327 issuers = [{
328 module = "acme";
329 challenges.dns.provider = {
330 name = "cloudflare";
331 api_token = "!!cloudflare_token!!";
332 };
333 }];
334 }];
Skyler Grey40ab9af2023-05-20 18:03:53 +0200[diff] [blame]335 };
336}