nixos/modules/www/global.nix

88 lines
3.0 KiB
Nix
Raw Normal View History

2022-10-26 23:04:53 +01:00
{ pkgs, lib, config, ... }:
2023-04-07 21:37:23 +01:00
let
cfg = config.custom.www.global;
2023-04-29 19:20:42 +01:00
locations = config.custom.locations.locations;
2023-04-07 21:37:23 +01:00
in
2022-10-26 23:04:53 +01:00
{
2023-04-07 21:37:23 +01:00
options.custom.www.global = {
enable = lib.mkEnableOption "global";
2022-10-26 23:04:53 +01:00
};
2023-04-07 21:37:23 +01:00
config = lib.mkIf cfg.enable {
2024-04-13 22:43:03 +01:00
age.secrets =
let
mkSecret = domain: {
name = "caddy/${domain}.pem";
value = {
file = ../../secrets/certs/${domain}.pem.age;
owner = config.services.caddy.user;
group = config.services.caddy.group;
};
};
in
builtins.listToAttrs (builtins.map mkSecret [
"hillion.co.uk"
"blog.hillion.co.uk"
"gitea.hillion.co.uk"
"homeassistant.hillion.co.uk"
"links.hillion.co.uk"
]);
custom.www.www-repo.enable = true;
2023-04-07 21:37:23 +01:00
services.caddy = {
enable = true;
package = pkgs.unstable.caddy;
globalConfig = ''
email acme@hillion.co.uk
'';
2022-11-13 16:37:00 +00:00
virtualHosts = {
"hillion.co.uk".extraConfig = ''
2024-04-13 22:43:03 +01:00
tls ${./certs/hillion.co.uk.pem} ${config.age.secrets."caddy/hillion.co.uk.pem".path}
handle /.well-known/* {
2023-11-26 19:44:30 +00:00
header /.well-known/matrix/* Content-Type application/json
header /.well-known/matrix/* Access-Control-Allow-Origin *
respond /.well-known/matrix/server "{\"m.server\": \"matrix.hillion.co.uk:443\"}" 200
2024-05-24 09:52:22 +01:00
respond /.well-known/matrix/client `${builtins.toJSON {
"m.homeserver" = { "base_url" = "https://matrix.hillion.co.uk"; };
"org.matrix.msc3575.proxy" = { "url" = "https://matrix.hillion.co.uk"; };
}}` 200
2023-11-26 19:44:30 +00:00
respond 404
2023-04-07 21:37:23 +01:00
}
2023-01-17 22:36:39 +00:00
handle {
redir https://blog.hillion.co.uk{uri}
2023-01-17 22:36:39 +00:00
}
'';
"blog.hillion.co.uk".extraConfig = ''
2024-04-13 22:43:03 +01:00
tls ${./certs/blog.hillion.co.uk.pem} ${config.age.secrets."caddy/blog.hillion.co.uk.pem".path}
root * /var/www/blog.hillion.co.uk
2023-01-17 22:36:39 +00:00
file_server
'';
"homeassistant.hillion.co.uk".extraConfig = ''
2024-04-13 22:43:03 +01:00
tls ${./certs/homeassistant.hillion.co.uk.pem} ${config.age.secrets."caddy/homeassistant.hillion.co.uk.pem".path}
2023-12-24 22:09:53 +00:00
reverse_proxy http://${locations.services.homeassistant}:8123
'';
2023-12-30 22:34:27 +00:00
"gitea.hillion.co.uk".extraConfig = ''
2024-04-13 22:43:03 +01:00
tls ${./certs/gitea.hillion.co.uk.pem} ${config.age.secrets."caddy/gitea.hillion.co.uk.pem".path}
2023-12-30 22:34:27 +00:00
reverse_proxy http://${locations.services.gitea}:3000
'';
"matrix.hillion.co.uk".extraConfig = ''
2024-05-24 09:52:22 +01:00
reverse_proxy /_matrix/client/unstable/org.matrix.msc3575/sync http://${locations.services.matrix}:8009
2023-11-26 19:44:30 +00:00
reverse_proxy /_matrix/* http://${locations.services.matrix}:8008
reverse_proxy /_synapse/client/* http://${locations.services.matrix}:8008
'';
2024-03-27 22:37:31 +00:00
"links.hillion.co.uk".extraConfig = ''
2024-04-13 22:43:03 +01:00
tls ${./certs/links.hillion.co.uk.pem} ${config.age.secrets."caddy/links.hillion.co.uk.pem".path}
2024-03-27 22:37:31 +00:00
redir https://matrix.to/#/@jake:hillion.co.uk
'';
};
2023-04-07 21:37:23 +01:00
};
2022-10-26 23:04:53 +01:00
};
}