2022-11-27 22:31:08 +00:00
|
|
|
{
|
2023-01-28 22:51:33 +00:00
|
|
|
config,
|
|
|
|
lib,
|
|
|
|
pkgs,
|
|
|
|
self,
|
|
|
|
...
|
|
|
|
}: {
|
2023-02-02 21:54:18 +00:00
|
|
|
# Changing the Caddyfile should only trigger a reload, not a restart
|
|
|
|
systemd.services.caddy.reloadTriggers = [
|
|
|
|
config.services.caddy.configFile
|
|
|
|
];
|
|
|
|
|
2023-03-05 22:54:56 +00:00
|
|
|
systemd.tmpfiles.rules = [
|
|
|
|
"d '/data/srv/www/os/download/' 0750 hakkonaut hakkonaut - -"
|
|
|
|
];
|
|
|
|
|
2022-11-27 22:31:08 +00:00
|
|
|
services.caddy = {
|
|
|
|
enable = lib.mkForce true;
|
2023-01-29 16:39:34 +00:00
|
|
|
group = "hakkonaut";
|
2022-11-27 22:31:08 +00:00
|
|
|
email = "admins@pub.solar";
|
|
|
|
globalConfig = lib.mkForce "";
|
|
|
|
virtualHosts = {
|
2023-01-07 20:26:14 +00:00
|
|
|
"pub.solar" = {
|
|
|
|
logFormat = lib.mkForce ''
|
|
|
|
output discard
|
|
|
|
'';
|
|
|
|
extraConfig = ''
|
2023-04-21 13:12:59 +00:00
|
|
|
# Named matcher, used below for Mastodon webfinger
|
|
|
|
@query query resource=*
|
|
|
|
|
2023-03-05 14:22:57 +00:00
|
|
|
# PubSolarOS images
|
|
|
|
handle /os/download/* {
|
2023-03-05 22:54:56 +00:00
|
|
|
root * /data/srv/www
|
2023-03-05 14:22:57 +00:00
|
|
|
file_server /os/download/* browse
|
|
|
|
}
|
|
|
|
# serve base domain pub.solar for mastodon.pub.solar
|
|
|
|
# https://masto.host/mastodon-usernames-different-from-the-domain-used-for-installation/
|
|
|
|
handle /.well-known/host-meta {
|
|
|
|
redir https://mastodon.pub.solar{uri}
|
|
|
|
}
|
2023-02-27 22:12:05 +00:00
|
|
|
|
2023-04-21 13:12:59 +00:00
|
|
|
# Tailscale OIDC webfinger requirement plus Mastodon webfinger redirect
|
2023-03-05 14:22:57 +00:00
|
|
|
handle /.well-known/webfinger {
|
2023-04-21 13:12:59 +00:00
|
|
|
# Redirect requests that match /.well-known/webfinger?resource=* to Mastodon
|
|
|
|
handle @query {
|
|
|
|
redir https://mastodon.pub.solar{uri}
|
|
|
|
}
|
2023-03-05 14:22:57 +00:00
|
|
|
respond 200 {
|
|
|
|
body `{
|
|
|
|
"subject": "acct:admins@pub.solar",
|
|
|
|
"links": [
|
|
|
|
{
|
|
|
|
"rel": "http://openid.net/specs/connect/1.0/issuer",
|
|
|
|
"href": "https://auth.pub.solar/realms/pub.solar"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}`
|
|
|
|
}
|
|
|
|
}
|
2023-02-27 22:12:05 +00:00
|
|
|
|
2023-03-05 14:22:57 +00:00
|
|
|
# redirect to statutes
|
|
|
|
redir /satzung https://cloud.pub.solar/s/2tRCP9aZFCiWxQy temporary
|
2023-03-04 01:24:52 +00:00
|
|
|
|
2023-03-05 14:22:57 +00:00
|
|
|
# pub.solar website
|
|
|
|
handle {
|
|
|
|
root * /srv/www/pub.solar
|
|
|
|
try_files {path}.html {path}
|
|
|
|
file_server
|
|
|
|
}
|
|
|
|
# minimal error handling, respond with status code and text
|
|
|
|
handle_errors {
|
|
|
|
respond "{http.error.status_code} {http.error.status_text}"
|
|
|
|
}
|
2023-01-21 22:22:50 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
"www.pub.solar" = {
|
|
|
|
logFormat = lib.mkForce ''
|
|
|
|
output discard
|
|
|
|
'';
|
|
|
|
extraConfig = ''
|
|
|
|
redir https://pub.solar{uri}
|
2023-01-07 20:26:14 +00:00
|
|
|
'';
|
|
|
|
};
|
2022-11-27 22:31:08 +00:00
|
|
|
"auth.pub.solar" = {
|
|
|
|
logFormat = lib.mkForce ''
|
|
|
|
output discard
|
|
|
|
'';
|
|
|
|
extraConfig = ''
|
2022-11-28 14:18:32 +00:00
|
|
|
redir / /realms/pub.solar/account temporary
|
2022-11-27 22:31:08 +00:00
|
|
|
reverse_proxy :8080
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
"git.pub.solar" = {
|
|
|
|
logFormat = lib.mkForce ''
|
|
|
|
output discard
|
|
|
|
'';
|
|
|
|
extraConfig = ''
|
2022-11-28 23:55:18 +00:00
|
|
|
redir /user/login /user/oauth2/keycloak temporary
|
2022-11-27 22:31:08 +00:00
|
|
|
reverse_proxy :3000
|
|
|
|
'';
|
|
|
|
};
|
2023-01-28 20:26:13 +00:00
|
|
|
"ci.pub.solar" = {
|
|
|
|
logFormat = lib.mkForce ''
|
|
|
|
output discard
|
|
|
|
'';
|
|
|
|
extraConfig = ''
|
|
|
|
reverse_proxy :4000
|
|
|
|
'';
|
|
|
|
};
|
2023-01-31 20:25:45 +00:00
|
|
|
"list.pub.solar" = {
|
|
|
|
logFormat = lib.mkForce ''
|
|
|
|
output discard
|
|
|
|
'';
|
|
|
|
extraConfig = ''
|
2023-02-02 21:54:18 +00:00
|
|
|
handle_path /static/* {
|
|
|
|
root * /var/lib/mailman-web-static
|
|
|
|
file_server
|
|
|
|
}
|
|
|
|
|
|
|
|
reverse_proxy :18507
|
2023-01-31 20:25:45 +00:00
|
|
|
'';
|
|
|
|
};
|
2022-11-28 14:18:32 +00:00
|
|
|
"obs-portal.pub.solar" = {
|
|
|
|
logFormat = lib.mkForce ''
|
|
|
|
output discard
|
|
|
|
'';
|
|
|
|
extraConfig = ''
|
|
|
|
reverse_proxy obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone:3000
|
|
|
|
'';
|
|
|
|
};
|
2022-11-27 22:31:08 +00:00
|
|
|
};
|
|
|
|
};
|
2023-01-28 22:51:33 +00:00
|
|
|
networking.firewall.allowedTCPPorts = [80 443];
|
2022-11-27 22:31:08 +00:00
|
|
|
}
|