nixos/modules/www/global.nix
Jake Hillion 62e61bec8a
All checks were successful
flake / flake (push) Successful in 1m18s
matrix: add sliding sync
2024-05-24 10:18:30 +01:00

83 lines
2.9 KiB
Nix

{ pkgs, lib, config, ... }:
let
cfg = config.custom.www.global;
locations = config.custom.locations.locations;
in
{
options.custom.www.global = {
enable = lib.mkEnableOption "global";
};
config = lib.mkIf cfg.enable {
age.secrets =
let
mkSecret = domain: {
name = "caddy/${domain}.pem";
value = {
file = ../../secrets/certs/${domain}.pem.age;
owner = config.services.caddy.user;
group = config.services.caddy.group;
};
};
in
builtins.listToAttrs (builtins.map mkSecret [
"hillion.co.uk"
"blog.hillion.co.uk"
"gitea.hillion.co.uk"
"homeassistant.hillion.co.uk"
"links.hillion.co.uk"
]);
custom.www.www-repo.enable = true;
services.caddy = {
enable = true;
virtualHosts = {
"hillion.co.uk".extraConfig = ''
tls ${./certs/hillion.co.uk.pem} ${config.age.secrets."caddy/hillion.co.uk.pem".path}
handle /.well-known/* {
header /.well-known/matrix/* Content-Type application/json
header /.well-known/matrix/* Access-Control-Allow-Origin *
respond /.well-known/matrix/server "{\"m.server\": \"matrix.hillion.co.uk:443\"}" 200
respond /.well-known/matrix/client `${builtins.toJSON {
"m.homeserver" = { "base_url" = "https://matrix.hillion.co.uk"; };
"org.matrix.msc3575.proxy" = { "url" = "https://matrix.hillion.co.uk"; };
}}` 200
respond 404
}
handle {
redir https://blog.hillion.co.uk{uri}
}
'';
"blog.hillion.co.uk".extraConfig = ''
tls ${./certs/blog.hillion.co.uk.pem} ${config.age.secrets."caddy/blog.hillion.co.uk.pem".path}
root * /var/www/blog.hillion.co.uk
file_server
'';
"homeassistant.hillion.co.uk".extraConfig = ''
tls ${./certs/homeassistant.hillion.co.uk.pem} ${config.age.secrets."caddy/homeassistant.hillion.co.uk.pem".path}
reverse_proxy http://${locations.services.homeassistant}:8123
'';
"gitea.hillion.co.uk".extraConfig = ''
tls ${./certs/gitea.hillion.co.uk.pem} ${config.age.secrets."caddy/gitea.hillion.co.uk.pem".path}
reverse_proxy http://${locations.services.gitea}:3000
'';
"matrix.hillion.co.uk".extraConfig = ''
reverse_proxy /_matrix/client/unstable/org.matrix.msc3575/sync http://${locations.services.matrix}:8009
reverse_proxy /_matrix/* http://${locations.services.matrix}:8008
reverse_proxy /_synapse/client/* http://${locations.services.matrix}:8008
'';
"links.hillion.co.uk".extraConfig = ''
tls ${./certs/links.hillion.co.uk.pem} ${config.age.secrets."caddy/links.hillion.co.uk.pem".path}
redir https://matrix.to/#/@jake:hillion.co.uk
'';
};
};
};
}