nixcfg/hosts/dingserver/caddy.nix

{
  pkgs,
  lib,
  ...
}: {
  networking.firewall.allowedTCPPorts = [80 8448 443];

  services.caddy = {
    enable = true;
    virtualHosts = {
      "http://metrics.town" = {
        extraConfig = ''
          reverse_proxy http://localhost:3000
        '';
      };

      "matrix.broccoli.town" = {
        extraConfig = ''
          reverse_proxy /_matrix/* http://localhost:8008
          reverse_proxy /_synapse/client/* http://localhost:8008
        '';
      };

      "broccoli.town:8448" = {
        extraConfig = ''
          reverse_proxy http://localhost:8008
        '';
      };

      "broccoli.town" = {
        extraConfig = ''
          header /.well-known/* "Access-Control-Allow-Origin" "*"
          respond /.well-known/matrix/client "{\"m.homeserver\": {\"base_url\": \"https://broccoli.town\"}}"

          reverse_proxy /_matrix/* http://localhost:8008
          reverse_proxy /_synapse/client/* http://localhost:8008

          redir / https://chat.broccoli.town
        '';
      };

      "chat.broccoli.town" = {
        extraConfig = ''
          header {
            X-Frame-Options "SAMEORIGIN"
            X-XSS-Protection "1; mode=block"
            X-Content-Type-Options "nosniff"
            X-Robots-Tag "noindex, noarchive, nofollow"
          }
          root * ${
            pkgs.element-web.override {
              conf = {
                default_server_config."m.homeserver" = {
                  "base_url" = "https://broccoli.town";
                  "server_name" = "broccoli.town";
                };
              };
            }
          }
          file_server
        '';
      };

      "danielpatterson.dev" = {
        extraConfig = ''
          root * /srv/site/danielpatterson.dev
          encode zstd gzip
          file_server
        '';
      };

      "movies.danielpatterson.dev" = {
        extraConfig = ''
          reverse_proxy localhost:8096
        '';
      };

      "dingserver.squirrel-clownfish.ts.net" = {
        extraConfig = ''
          tls {
            get_certificate tailscale
          }
          reverse_proxy localhost:9091
        '';
      };
    };
  };
}