{ pkgs, lib, ... }: { networking.firewall.allowedTCPPorts = [80 8448 443]; services.tailscale.permitCertUid = "caddy"; services.caddy = { enable = true; virtualHosts = { "http://metrics.town" = { extraConfig = '' reverse_proxy http://localhost:3000 ''; }; "matrix.broccoli.town" = { extraConfig = '' reverse_proxy /_matrix/* http://localhost:8008 reverse_proxy /_synapse/client/* http://localhost:8008 ''; }; "broccoli.town:8448" = { extraConfig = '' reverse_proxy http://localhost:8008 ''; }; "broccoli.town" = { extraConfig = '' header /.well-known/* "Access-Control-Allow-Origin" "*" respond /.well-known/matrix/client "{\"m.homeserver\": {\"base_url\": \"https://broccoli.town\"}}" reverse_proxy /_matrix/* http://localhost:8008 reverse_proxy /_synapse/client/* http://localhost:8008 redir / https://chat.broccoli.town ''; }; "chat.broccoli.town" = { extraConfig = '' header { X-Frame-Options "SAMEORIGIN" X-XSS-Protection "1; mode=block" X-Content-Type-Options "nosniff" X-Robots-Tag "noindex, noarchive, nofollow" } root * ${ pkgs.element-web.override { conf = { default_server_config."m.homeserver" = { "base_url" = "https://broccoli.town"; "server_name" = "broccoli.town"; }; }; } } file_server ''; }; "danielpatterson.dev" = { extraConfig = '' root * /srv/site/danielpatterson.dev encode zstd gzip file_server ''; }; "movies.danielpatterson.dev" = { extraConfig = '' reverse_proxy localhost:8096 ''; }; "bigding.squirrel-clownfish.ts.net" = { extraConfig = '' tls { get_certificate tailscale } reverse_proxy localhost:9091 ''; }; }; }; }