142 lines
3.7 KiB
Nix
142 lines
3.7 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
self,
|
|
...
|
|
}: let
|
|
pubsolarDomain = import ./pubsolar-domain.nix;
|
|
in {
|
|
networking.networkmanager.unmanaged = ["interface-name:ve-caddy"];
|
|
networking.nat = {
|
|
enable = true;
|
|
|
|
internalInterfaces = ["ve-caddy"];
|
|
externalInterface = "enp0s31f6";
|
|
|
|
# Lazy IPv6 connectivity for the container
|
|
enableIPv6 = true;
|
|
};
|
|
containers.caddy = {
|
|
autoStart = true;
|
|
privateNetwork = true;
|
|
hostAddress = "192.168.101.0";
|
|
localAddress = "192.168.102.0";
|
|
hostAddress6 = "fc00::1";
|
|
localAddress6 = "fc00::2";
|
|
|
|
forwardPorts = [
|
|
{
|
|
containerPort = 443;
|
|
hostPort = 443;
|
|
protocol = "tcp";
|
|
}
|
|
{
|
|
containerPort = 80;
|
|
hostPort = 80;
|
|
protocol = "tcp";
|
|
}
|
|
];
|
|
|
|
bindMounts = {
|
|
"/srv/www/" = {
|
|
hostPath = "/data/www/";
|
|
isReadOnly = false;
|
|
};
|
|
};
|
|
|
|
config = {
|
|
services.caddy = {
|
|
enable = lib.mkForce true;
|
|
group = "hakkonaut";
|
|
email = "admins@pub.solar";
|
|
globalConfig = lib.mkForce ''
|
|
auto_https off
|
|
'';
|
|
acmeCA = null;
|
|
virtualHosts = {
|
|
"dashboard.nougat-2.b12f.io" = {
|
|
extraConfig = ''
|
|
reverse_proxy :2019
|
|
'';
|
|
};
|
|
"www.b12f.io" = {
|
|
extraConfig = ''
|
|
redir https://pub.solar{uri}
|
|
'';
|
|
};
|
|
"mail.b12f.io" = {
|
|
extraConfig = ''
|
|
redir / /realms/pub.solar/account temporary
|
|
reverse_proxy :8080
|
|
'';
|
|
};
|
|
|
|
"${pubsolarDomain}" = {
|
|
logFormat = lib.mkForce ''
|
|
output discard
|
|
'';
|
|
extraConfig = ''
|
|
# PubSolarOS images
|
|
handle /os/download/* {
|
|
root * /srv/www
|
|
file_server /os/download/* browse
|
|
}
|
|
# serve base domain pub.solar for mastodon.pub.solar
|
|
# https://masto.host/mastodon-usernames-different-from-the-domain-used-for-installation/
|
|
handle /.well-known/host-meta {
|
|
redir https://mastodon.${pubsolarDomain}{uri}
|
|
}
|
|
# pub.solar website
|
|
handle {
|
|
root * /srv/www/pub.solar
|
|
try_files {path}.html {path}
|
|
file_server
|
|
}
|
|
# minimal error handling, respond with status code and text
|
|
handle_errors {
|
|
respond "{http.error.status_code} {http.error.status_text}"
|
|
}
|
|
'';
|
|
};
|
|
"www.${pubsolarDomain}" = {
|
|
logFormat = lib.mkForce ''
|
|
output discard
|
|
'';
|
|
extraConfig = ''
|
|
redir https://${pubsolarDomain}{uri}
|
|
'';
|
|
};
|
|
"auth.${pubsolarDomain}" = {
|
|
logFormat = lib.mkForce ''
|
|
output discard
|
|
'';
|
|
extraConfig = ''
|
|
redir / /realms/${pubsolarDomain}/account temporary
|
|
reverse_proxy 192.168.103.0:8080
|
|
'';
|
|
};
|
|
"git.${pubsolarDomain}" = {
|
|
logFormat = lib.mkForce ''
|
|
output discard
|
|
'';
|
|
extraConfig = ''
|
|
redir /user/login /user/oauth2/keycloak temporary
|
|
reverse_proxy 192.168.101.0:3000
|
|
'';
|
|
};
|
|
"ci.${pubsolarDomain}" = {
|
|
logFormat = lib.mkForce ''
|
|
output discard
|
|
'';
|
|
extraConfig = ''
|
|
reverse_proxy 192.168.101.0:8080
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
networking.firewall.allowedTCPPorts = [80 443];
|
|
};
|
|
};
|
|
}
|