{ config, lib, pkgs, self, ... }: { services.caddy = { enable = lib.mkForce true; group = "hakkonaut"; email = "admins@pub.solar"; globalConfig = lib.mkForce ""; virtualHosts = { "pub.solar" = { logFormat = lib.mkForce '' output discard ''; extraConfig = '' # PubSolarOS images handle /os/download/* { root * /srv/www file_server /os/download/* browse } # serve base domain pub.solar for mastodon.pub.solar # https://masto.host/mastodon-usernames-different-from-the-domain-used-for-installation/ handle /.well-known/host-meta { redir https://mastodon.pub.solar{uri} } # pub.solar website handle { root * /srv/www/pub.solar try_files {path}.html {path} file_server } # minimal error handling, respond with status code and text handle_errors { respond "{http.error.status_code} {http.error.status_text}" } ''; }; "www.pub.solar" = { logFormat = lib.mkForce '' output discard ''; extraConfig = '' redir https://pub.solar{uri} ''; }; "auth.pub.solar" = { logFormat = lib.mkForce '' output discard ''; extraConfig = '' redir / /realms/pub.solar/account temporary reverse_proxy :8080 ''; }; "git.pub.solar" = { logFormat = lib.mkForce '' output discard ''; extraConfig = '' redir /user/login /user/oauth2/keycloak temporary reverse_proxy :3000 ''; }; "ci.pub.solar" = { logFormat = lib.mkForce '' output discard ''; extraConfig = '' reverse_proxy :4000 ''; }; "list.pub.solar" = { logFormat = lib.mkForce '' output discard ''; extraConfig = '' handle_path /static/* { root * /var/lib/mailman/web file_server } reverse_proxy :8000 ''; }; "obs-portal.pub.solar" = { logFormat = lib.mkForce '' output discard ''; extraConfig = '' reverse_proxy obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone:3000 ''; }; }; }; networking.firewall.allowedTCPPorts = [80 443]; }