old
1{
2 myvars,
3 config,
4 pkgs,
5 nur-hpcesia,
6 ...
7}: let
8 phanpy = nur-hpcesia.packages.${pkgs.system}.phanpy.overrideAttrs (oldAttrs: {
9 PHANPY_WEBSITE = "https://phanpy.trin.one";
10 PHANPY_DEFAULT_INSTANCE = "trin.one";
11 PHANPY_DISALLOW_ROBOTS = true;
12 });
13in {
14 services.caddy = {
15 enable = true;
16 # Reload Caddy instead of restarting it when configuration file changes.
17 enableReload = true;
18
19 globalConfig = ''
20 http_port 80
21 https_port 443
22 email ${myvars.useremail}
23 '';
24
25 virtualHosts = let
26 localAddress = {
27 artalk = "http://localhost:${builtins.toString config.services.artalk.settings.port}";
28 atuin = "http://localhost:${builtins.toString config.services.atuin.port}";
29 authelia = "http://${
30 # Assuming address start with `tcp://`.
31 builtins.substring 6 (-1) config.services.authelia.instances.main.settings.server.address
32 }";
33 forgejo = "http://localhost:${builtins.toString config.services.forgejo.settings.server.HTTP_PORT}";
34 goatcounter = "http://localhost:${builtins.toString config.services.goatcounter.port}";
35 gokapi = "http://localhost:${builtins.toString config.services.gokapi.environment.GOKAPI_PORT}";
36 gotosocial = "http://localhost:${builtins.toString config.services.gotosocial.settings.port}";
37 grafana = "http://localhost:${builtins.toString config.services.grafana.settings.server.http_port}";
38 homepage = "http://localhost:${builtins.toString config.services.homepage-dashboard.listenPort}";
39 prometheus = "http://${config.services.victoriametrics.listenAddress}";
40 vaultwarden = "http://localhost:${builtins.toString config.services.vaultwarden.config.rocketPort}";
41 };
42 in {
43 "artalk.hpcesia.com".extraConfig = ''
44 encode zstd gzip
45 reverse_proxy ${localAddress.artalk}
46 '';
47 "atuin.hpcesia.com".extraConfig = ''
48 encode zstd gzip
49 reverse_proxy ${localAddress.atuin}
50 '';
51 "auth.trin.one".extraConfig = config.services.caddy.virtualHosts."authelia.hpcesia.com".extraConfig;
52 "authelia.hpcesia.com".extraConfig = ''
53 encode zstd gzip
54 reverse_proxy ${localAddress.authelia}
55 '';
56 "bitwarden.hpcesia.com".extraConfig = ''
57 encode zstd gzip
58 reverse_proxy ${localAddress.vaultwarden}
59 '';
60 "goatcounter.hpcesia.com".extraConfig = ''
61 encode zstd gzip
62 reverse_proxy ${localAddress.goatcounter}
63 '';
64 "grafana.hpcesia.com".extraConfig = ''
65 encode zstd gzip
66 reverse_proxy ${localAddress.grafana}
67 '';
68 "home.hpcesia.com".extraConfig = ''
69 encode zstd gzip
70 forward_auth ${localAddress.authelia} {
71 uri /api/authz/forward-auth
72 copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
73 }
74 reverse_proxy ${localAddress.homepage}
75 '';
76 "phanpy.trin.one".extraConfig = ''
77 encode zstd gzip
78 root * ${phanpy}/dist/
79 file_server
80
81 @needsAuth {
82 not path / /favicon.ico /404.html /robots.txt /manifest.webmanifest
83 not path_regexp \.(css|js|png|jpg|svg|ico)$
84 }
85
86 handle @needsAuth {
87 forward_auth ${localAddress.authelia} {
88 uri /api/authz/forward-auth
89 copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
90 }
91 }
92 '';
93 "prometheus.hpcesia.com".extraConfig = ''
94 encode zstd gzip
95 reverse_proxy ${localAddress.prometheus}
96 '';
97 "repo.hpcesia.com".extraConfig = ''
98 encode zstd gzip
99 reverse_proxy ${localAddress.forgejo}
100 '';
101 "send.hpcesia.com".extraConfig = ''
102 encode zstd gzip
103 reverse_proxy ${localAddress.gokapi}
104 '';
105 "trin.one".extraConfig = ''
106 encode zstd gzip
107 reverse_proxy ${localAddress.gotosocial}
108 '';
109 };
110 };
111
112 networking.firewall.allowedTCPPorts = [80 443];
113}