nixcfg/hosts/dingserver/caddy.nix

{ pkgs, lib, ... }:

{
  networking.firewall.allowedTCPPorts = [ 80 8448 443 ];

  services.caddy = {
    enable = true;
    virtualHosts = {

      "matrix.broccoli.town" = {
        extraConfig = ''
          reverse_proxy /_matrix/* http://localhost:8008
          reverse_proxy /_synapse/client/* http://localhost:8008
        '';
      };

      "broccoli.town:8448" = {
        extraConfig = ''
          reverse_proxy http://localhost:8008
        '';
      };

      "broccoli.town" = {
        extraConfig = ''
          header /.well-known/* "Access-Control-Allow-Origin" "*"
          respond /.well-known/matrix/client "{\"m.homeserver\": {\"base_url\": \"https://broccoli.town\"}}"
          reverse_proxy /_matrix/* http://localhost:8008
          reverse_proxy /_synapse/client/* http://localhost:8008
        '';
      };

      "chat.broccoli.town" = {
        extraConfig = ''
          header {
            X-Frame-Options "SAMEORIGIN"
            X-XSS-Protection "1; mode=block"
            X-Content-Type-Options "nosniff"
            X-Robots-Tag "noindex, noarchive, nofollow"
          }
          root * ${pkgs.element-web.override {
            conf = {
              default_server_config."m.homeserver" = {
                "base_url" = "https://broccoli.town";
                "server_name" = "broccoli.town";
              };
            };
          }
          }
          file_server
        '';
      };

      "danielpatterson.dev" = {
        extraConfig = ''
          root * /srv/site/danielpatterson.dev
          encode zstd gzip
          file_server
        '';
      };

    };
  };
}