{ config, lib, pkgs, self, ... }: { # Changing the Caddyfile should only trigger a reload, not a restart systemd.services.caddy.reloadTriggers = [ config.services.caddy.configFile ]; systemd.tmpfiles.rules = [ "d '/data/srv/www/os/download/' 0750 hakkonaut hakkonaut - -" ]; services.caddy = { enable = lib.mkForce true; group = "hakkonaut"; email = "admins@pub.solar"; globalConfig = lib.mkForce ""; virtualHosts = { "pub.solar" = { logFormat = lib.mkForce '' output discard ''; extraConfig = '' # Named matcher, used below for Mastodon webfinger @query query resource=* # PubSolarOS images handle /os/download/* { root * /data/srv/www file_server /os/download/* browse } # serve base domain pub.solar for mastodon.pub.solar # https://masto.host/mastodon-usernames-different-from-the-domain-used-for-installation/ handle /.well-known/host-meta { redir https://mastodon.pub.solar{uri} } # Tailscale OIDC webfinger requirement plus Mastodon webfinger redirect handle /.well-known/webfinger { # Redirect requests that match /.well-known/webfinger?resource=* to Mastodon handle @query { redir https://mastodon.pub.solar{uri} } respond 200 { body `{ "subject": "acct:admins@pub.solar", "links": [ { "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://auth.pub.solar/realms/pub.solar" } ] }` } } # redirect to statutes redir /satzung https://cloud.pub.solar/s/2tRCP9aZFCiWxQy temporary # pub.solar website handle { root * /srv/www/pub.solar try_files {path}.html {path} file_server } # minimal error handling, respond with status code and text handle_errors { respond "{http.error.status_code} {http.error.status_text}" } ''; }; "www.pub.solar" = { logFormat = lib.mkForce '' output discard ''; extraConfig = '' redir https://pub.solar{uri} ''; }; "auth.pub.solar" = { logFormat = lib.mkForce '' output discard ''; extraConfig = '' redir / /realms/pub.solar/account temporary reverse_proxy :8080 ''; }; "git.pub.solar" = { logFormat = lib.mkForce '' output discard ''; extraConfig = '' redir /user/login /user/oauth2/keycloak temporary reverse_proxy :3000 ''; }; "ci.pub.solar" = { logFormat = lib.mkForce '' output discard ''; extraConfig = '' reverse_proxy :4000 ''; }; "list.pub.solar" = { logFormat = lib.mkForce '' output discard ''; extraConfig = '' handle_path /static/* { root * /var/lib/mailman-web-static file_server } reverse_proxy :18507 ''; }; "obs-portal.pub.solar" = { logFormat = lib.mkForce '' output discard ''; extraConfig = '' reverse_proxy obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone:3000 ''; }; }; }; networking.firewall.allowedTCPPorts = [80 443]; }