From 2851c593dafffcfe425ea0e3de269f6c370d7fce Mon Sep 17 00:00:00 2001 From: Daniel Patterson Date: Tue, 12 Sep 2023 22:57:19 +0100 Subject: [PATCH] Modify caddy --- hosts/common/default.nix | 2 + modules/caddy/Caddyfile | 73 +++++++++++++++++++++++ modules/caddy/default.nix | 103 +++------------------------------ modules/monitoring/default.nix | 7 ++- 4 files changed, 88 insertions(+), 97 deletions(-) create mode 100644 modules/caddy/Caddyfile diff --git a/hosts/common/default.nix b/hosts/common/default.nix index 7e9a6e1..af3c412 100644 --- a/hosts/common/default.nix +++ b/hosts/common/default.nix @@ -101,6 +101,8 @@ in { enable = true; user = defaultUser.userName; dataDir = "/home/${defaultUser.userName}"; + overrideDevices = false; + overrideFolders = false; }; tailscale = { diff --git a/modules/caddy/Caddyfile b/modules/caddy/Caddyfile new file mode 100644 index 0000000..725d90f --- /dev/null +++ b/modules/caddy/Caddyfile @@ -0,0 +1,73 @@ +{ + log { + level ERROR + } + admin off +} + +matrix.broccoli.town { + reverse_proxy /_matrix/* http://localhost:8008 + reverse_proxy /_synapse/client/* http://localhost:8008 +} + +broccoli.town:8448 { + reverse_proxy http://localhost:8008 +} + +broccoli.town { + header /.well-known/* "Access-Control-Allow-Origin" "*" + respond /.well-known/matrix/client "{\"m.homeserver\": {\"base_url\": \"https://broccoli.town\"}}" + + reverse_proxy /_matrix/* http://localhost:8008 + reverse_proxy /_synapse/client/* http://localhost:8008 + + redir / https://chat.broccoli.town +} + +chat.broccoli.town { + header { + X-Frame-Options "SAMEORIGIN" + X-XSS-Protection "1; mode=block" + X-Content-Type-Options "nosniff" + X-Robots-Tag "noindex, noarchive, nofollow" + } + root * @element@ + file_server +} + +danielpatterson.dev { + header { + proof proven.lol/de4a14 + } + root * /srv/site/danielpatterson.dev + encode zstd gzip + file_server +} + +movies.danielpatterson.dev { + reverse_proxy localhost:8096 +} + +elixir.danielpatterson.dev { + reverse_proxy localhost:8080 +} + +git.broccoli.town { + reverse_proxy localhost:3030 +} + +http://bigding:8384 { + reverse_proxy localhost:8387 +} + +bigding.squirrel-clownfish.ts.net { + tls { + get_certificate tailscale + } + reverse_proxy localhost:9091 +} + +http://bigding { + reverse_proxy /transmission localhost:9091 + reverse_proxy /transmission/* localhost:9091 +} diff --git a/modules/caddy/default.nix b/modules/caddy/default.nix index 976cdba..a05a54f 100644 --- a/modules/caddy/default.nix +++ b/modules/caddy/default.nix @@ -23,103 +23,14 @@ } // catppuccin; }; + + config = pkgs.substituteAll { + inherit element; + src = ./Caddyfile; + }; in { enable = true; - virtualHosts = { - "http://metrics.town" = { - extraConfig = '' - reverse_proxy http://localhost:3000 - ''; - }; - - "matrix.broccoli.town" = { - extraConfig = '' - reverse_proxy /_matrix/* http://localhost:8008 - reverse_proxy /_synapse/client/* http://localhost:8008 - ''; - }; - - "broccoli.town:8448" = { - extraConfig = '' - reverse_proxy http://localhost:8008 - ''; - }; - - "broccoli.town" = { - extraConfig = '' - header /.well-known/* "Access-Control-Allow-Origin" "*" - respond /.well-known/matrix/client "{\"m.homeserver\": {\"base_url\": \"https://broccoli.town\"}}" - - reverse_proxy /_matrix/* http://localhost:8008 - reverse_proxy /_synapse/client/* http://localhost:8008 - - redir / https://chat.broccoli.town - ''; - }; - - "chat.broccoli.town" = { - extraConfig = '' - header { - X-Frame-Options "SAMEORIGIN" - X-XSS-Protection "1; mode=block" - X-Content-Type-Options "nosniff" - X-Robots-Tag "noindex, noarchive, nofollow" - } - root * ${element} - file_server - ''; - }; - - "danielpatterson.dev" = { - extraConfig = '' - header { - proof proven.lol/de4a14 - } - root * /srv/site/danielpatterson.dev - encode zstd gzip - file_server - ''; - }; - - "movies.danielpatterson.dev" = { - extraConfig = '' - reverse_proxy localhost:8096 - ''; - }; - - "elixir.danielpatterson.dev" = { - extraConfig = '' - reverse_proxy localhost:8080 - ''; - }; - - "git.broccoli.town" = { - extraConfig = '' - reverse_proxy localhost:3030 - ''; - }; - - "http://bigding:8384" = { - extraConfig = '' - reverse_proxy localhost:8387 - ''; - }; - - "bigding.squirrel-clownfish.ts.net" = { - extraConfig = '' - tls { - get_certificate tailscale - } - reverse_proxy localhost:9091 - ''; - }; - - "http://bigding" = { - extraConfig = '' - reverse_proxy /transmission localhost:9091 - reverse_proxy /transmission/* localhost:9091 - ''; - }; - }; + configFile = config; + adapter = "caddyfile"; }; } diff --git a/modules/monitoring/default.nix b/modules/monitoring/default.nix index 3f64388..88fd148 100644 --- a/modules/monitoring/default.nix +++ b/modules/monitoring/default.nix @@ -6,7 +6,12 @@ }: { services.grafana = { enable = true; - settings = {}; + settings = { + server = { + http_addr = "localhost"; + http_port = 3033; + }; + }; }; services.prometheus = {