old
  1{
  2  myvars,
  3  config,
  4  pkgs,
  5  nur-hpcesia,
  6  ...
  7}: let
  8  phanpy = nur-hpcesia.packages.${pkgs.system}.phanpy.overrideAttrs (oldAttrs: {
  9    PHANPY_WEBSITE = "https://phanpy.trin.one";
 10    PHANPY_DEFAULT_INSTANCE = "trin.one";
 11    PHANPY_DISALLOW_ROBOTS = true;
 12  });
 13in {
 14  services.caddy = {
 15    enable = true;
 16    # Reload Caddy instead of restarting it when configuration file changes.
 17    enableReload = true;
 18
 19    globalConfig = ''
 20      http_port   80
 21      https_port  443
 22      email ${myvars.useremail}
 23    '';
 24
 25    virtualHosts = let
 26      localAddress = {
 27        artalk = "http://localhost:${builtins.toString config.services.artalk.settings.port}";
 28        atuin = "http://localhost:${builtins.toString config.services.atuin.port}";
 29        authelia = "http://${
 30          # Assuming address start with `tcp://`.
 31          builtins.substring 6 (-1) config.services.authelia.instances.main.settings.server.address
 32        }";
 33        forgejo = "http://localhost:${builtins.toString config.services.forgejo.settings.server.HTTP_PORT}";
 34        goatcounter = "http://localhost:${builtins.toString config.services.goatcounter.port}";
 35        gokapi = "http://localhost:${builtins.toString config.services.gokapi.environment.GOKAPI_PORT}";
 36        gotosocial = "http://localhost:${builtins.toString config.services.gotosocial.settings.port}";
 37        grafana = "http://localhost:${builtins.toString config.services.grafana.settings.server.http_port}";
 38        homepage = "http://localhost:${builtins.toString config.services.homepage-dashboard.listenPort}";
 39        prometheus = "http://${config.services.victoriametrics.listenAddress}";
 40        vaultwarden = "http://localhost:${builtins.toString config.services.vaultwarden.config.rocketPort}";
 41      };
 42    in {
 43      "artalk.hpcesia.com".extraConfig = ''
 44        encode zstd gzip
 45        reverse_proxy ${localAddress.artalk}
 46      '';
 47      "atuin.hpcesia.com".extraConfig = ''
 48        encode zstd gzip
 49        reverse_proxy ${localAddress.atuin}
 50      '';
 51      "auth.trin.one".extraConfig = config.services.caddy.virtualHosts."authelia.hpcesia.com".extraConfig;
 52      "authelia.hpcesia.com".extraConfig = ''
 53        encode zstd gzip
 54        reverse_proxy ${localAddress.authelia}
 55      '';
 56      "bitwarden.hpcesia.com".extraConfig = ''
 57        encode zstd gzip
 58        reverse_proxy ${localAddress.vaultwarden}
 59      '';
 60      "goatcounter.hpcesia.com".extraConfig = ''
 61        encode zstd gzip
 62        reverse_proxy ${localAddress.goatcounter}
 63      '';
 64      "grafana.hpcesia.com".extraConfig = ''
 65        encode zstd gzip
 66        reverse_proxy ${localAddress.grafana}
 67      '';
 68      "home.hpcesia.com".extraConfig = ''
 69        encode zstd gzip
 70        forward_auth ${localAddress.authelia} {
 71          uri /api/authz/forward-auth
 72          copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
 73        }
 74        reverse_proxy ${localAddress.homepage}
 75      '';
 76      "phanpy.trin.one".extraConfig = ''
 77        encode zstd gzip
 78        root * ${phanpy}/dist/
 79        file_server
 80
 81        @needsAuth {
 82          not path / /favicon.ico /404.html /robots.txt /manifest.webmanifest
 83          not path_regexp \.(css|js|png|jpg|svg|ico)$
 84        }
 85
 86        handle @needsAuth {
 87            forward_auth ${localAddress.authelia} {
 88            uri /api/authz/forward-auth
 89            copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
 90          }
 91        }
 92      '';
 93      "prometheus.hpcesia.com".extraConfig = ''
 94        encode zstd gzip
 95        reverse_proxy ${localAddress.prometheus}
 96      '';
 97      "repo.hpcesia.com".extraConfig = ''
 98        encode zstd gzip
 99        reverse_proxy ${localAddress.forgejo}
100      '';
101      "send.hpcesia.com".extraConfig = ''
102        encode zstd gzip
103        reverse_proxy ${localAddress.gokapi}
104      '';
105      "trin.one".extraConfig = ''
106        encode zstd gzip
107        reverse_proxy ${localAddress.gotosocial}
108      '';
109    };
110  };
111
112  networking.firewall.allowedTCPPorts = [80 443];
113}