golgi/modules/caddy.nix

{ config, lib, pkgs, ... }:

with lib;

let
  domain = "tecosaur.net";
in {
  networking.firewall.allowedTCPPorts = [ 80 443 ];
  networking.firewall.allowedUDPPorts = [ 443 ];

  services.caddy = mkMerge [
    {
      enable = true;
      package = pkgs.callPackage ../packages/caddy.nix {
        externalPlugins = [
          {name = "caddy-fs-git"; repo = "github.com/tecosaur/caddy-fs-git";
           version = "ef9d0ab232f4fe5d7e86312cbba45ff8afea98a1";}
        ];
      };
      virtualHosts."${domain}".extraConfig = ''
respond "__        __   _
\ \      / /__| | ___ ___  _ __ ___   ___
 \ \ /\ / / _ \ |/ __/ _ \| '_ ` _ \ / _ \
  \ V  V /  __/ | (_| (_) | | | | | |  __/
   \_/\_/ \___|_|\___\___/|_| |_| |_|\___|

This is an in-progress replacement for tecosaur.com, done better.

For now, you can find an increasing number of my projects on code.${domain},
this includes the setup for this server, which is being constructed using:
+ NixOS (with flakes and deploy-rs)
+ Caddy (web server)
+ Forgejo (personal software forge)
+ Syncthing (cross-device folder sync tool)

In future, the following may be set up too:
+ Dendrite/Conduit (Matrix servers)
+ My TMiO blog
+ Kopia (backups)
+ Koel (music streaming)
"
  '';
    virtualHosts."blog.${domain}".extraConfig = ''
redir /tmio /tmio/
handle_path /tmio/* {
    file_server {
        fs git ${config.services.forgejo.stateDir}/repositories/tec/this-month-in-org.git html
    }
}
handle {
    respond 404
}
  '';
    }
    (mkIf config.services.syncthing.enable {
      virtualHosts."syncthing.${domain}".extraConfig =
        ''
reverse_proxy ${config.services.syncthing.guiAddress} {
    header_up Host {upstream_hostport}
}
'';
    })
    (mkIf config.services.syncthing.enable {
      virtualHosts."public.${domain}".extraConfig =
        ''
        root * ${config.services.syncthing.dataDir}/public/.build
        file_server
        '';
    })
    (mkIf config.services.forgejo.enable {
      virtualHosts."git.tecosaur.net".extraConfig = "redir https://code.${domain}{uri} 301";
    })
    (mkIf config.services.forgejo.enable {
      virtualHosts."code.${domain}".extraConfig =
      ''
@not_tec {
    not path /tec/*
    not header Cookie *caddy_tec_redirect=true*
}
handle @not_tec {
    reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT} {
        @404 status 404
        handle_response @404 {
            header +Set-Cookie "caddy_tec_redirect=true; Max-Age=5"
            redir * /tec{uri}
        }
    }
}
@tec_redirect {
    path /tec/*
    header Cookie *caddy_tec_redirect=true*
}
handle @tec_redirect {
    reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT} {
        @404 status 404
        handle_response @404 {
            header +Set-Cookie "caddy_tec_redirect=true; Max-Age=0"
            handle_path /tec/* {
                redir * {uri}
            }
        }
    }
}
handle {
    reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
}
'';
    })
  ];

  users.users.caddy = {
    extraGroups =
      lib.optional config.services.syncthing.enable config.services.syncthing.user ++
      lib.optional config.services.forgejo.enable   config.services.forgejo.user;
  };
}
Use custom caddy build 2024-01-09 16:55:19 +00:00			`{ config, lib, pkgs, ... }:`
Make caddy config more conditional 2022-08-05 12:29:25 +00:00
			`with lib;`
changes 2022-07-29 17:25:12 +00:00
Factor out domain in caddy config 2024-02-16 17:30:32 +00:00			`let`
			`domain = "tecosaur.net";`
			`in {`
Refactor network (port) config Turns out I can put :22 in admin.nix and it still works, which is more appropriate. 2023-12-10 16:45:11 +00:00			`networking.firewall.allowedTCPPorts = [ 80 443 ];`
			`networking.firewall.allowedUDPPorts = [ 443 ];`
changes 2022-07-29 17:25:12 +00:00
Make caddy config more conditional 2022-08-05 12:29:25 +00:00			`services.caddy = mkMerge [`
			`{`
			`enable = true;`
Use custom caddy build 2024-01-09 16:55:19 +00:00			`package = pkgs.callPackage ../packages/caddy.nix {`
Switch to alternative custom caddy Method Might as well use the to-be-upstreamed alternative build: https://github.com/NixOS/nixpkgs/pull/259275 As a bonus, this doesn't require the sandbox any more. 2024-01-09 18:09:49 +00:00			`externalPlugins = [`
			`{name = "caddy-fs-git"; repo = "github.com/tecosaur/caddy-fs-git";`
			`version = "ef9d0ab232f4fe5d7e86312cbba45ff8afea98a1";}`
Use custom caddy build 2024-01-09 16:55:19 +00:00			`];`
			`};`
Factor out domain in caddy config 2024-02-16 17:30:32 +00:00			`virtualHosts."${domain}".extraConfig = ''`
Informative stand in page 2022-08-14 07:34:09 +00:00			`respond "__ __ _`
			`\ \ / /__\| \| ___ ___ _ __ ___ ___`
			\ \ /\ / / _ \ \|/ __/ _ \\| '_ ` _ \ / _ \
			`\ V V / __/ \| (_\| (_) \| \| \| \| \| \| __/`
			`\_/\_/ \___\|_\|\___\___/\|_\| \|_\| \|_\|\___\|`

			`This is an in-progress replacement for tecosaur.com, done better.`

Factor out domain in caddy config 2024-02-16 17:30:32 +00:00			`For now, you can find an increasing number of my projects on code.${domain},`
Informative stand in page 2022-08-14 07:34:09 +00:00			`this includes the setup for this server, which is being constructed using:`
			`+ NixOS (with flakes and deploy-rs)`
			`+ Caddy (web server)`
Switch from gitea to forgejo 2023-06-24 05:16:32 +00:00			`+ Forgejo (personal software forge)`
Update site banner to mention syncthing 2023-12-10 19:10:08 +00:00			`+ Syncthing (cross-device folder sync tool)`
Informative stand in page 2022-08-14 07:34:09 +00:00
Typos, typos galore 2022-09-20 01:27:10 +00:00			`In future, the following may be set up too:`
Informative stand in page 2022-08-14 07:34:09 +00:00			`+ Dendrite/Conduit (Matrix servers)`
			`+ My TMiO blog`
			`+ Kopia (backups)`
			`+ Koel (music streaming)`
			`"`
Serve TMiO git repository 2024-01-09 18:25:18 +00:00			`'';`
Factor out domain in caddy config 2024-02-16 17:30:32 +00:00			`virtualHosts."blog.${domain}".extraConfig = ''`
Serve TMiO git repository 2024-01-09 18:25:18 +00:00			`redir /tmio /tmio/`
			`handle_path /tmio/* {`
			`file_server {`
Migrate from gitea service to forgejo While I'm at it, make it so I can use git@... at long last. 2024-02-16 17:20:44 +00:00			`fs git ${config.services.forgejo.stateDir}/repositories/tec/this-month-in-org.git html`
Serve TMiO git repository 2024-01-09 18:25:18 +00:00			`}`
			`}`
			`handle {`
			`respond 404`
			`}`
changes 2022-07-29 17:25:12 +00:00			`'';`
Make caddy config more conditional 2022-08-05 12:29:25 +00:00			`}`
Add syncthing module 2023-12-10 17:23:29 +00:00			`(mkIf config.services.syncthing.enable {`
Factor out domain in caddy config 2024-02-16 17:30:32 +00:00			`virtualHosts."syncthing.${domain}".extraConfig =`
Add public.tecosaur.net from syncthing folder 2023-12-10 17:52:01 +00:00			`''`
			`reverse_proxy ${config.services.syncthing.guiAddress} {`
			`header_up Host {upstream_hostport}`
			`}`
			`'';`
			`})`
			`(mkIf config.services.syncthing.enable {`
Factor out domain in caddy config 2024-02-16 17:30:32 +00:00			`virtualHosts."public.${domain}".extraConfig =`
Add public.tecosaur.net from syncthing folder 2023-12-10 17:52:01 +00:00			`''`
			`root * ${config.services.syncthing.dataDir}/public/.build`
			`file_server`
			`'';`
Add syncthing module 2023-12-10 17:23:29 +00:00			`})`
Migrate from gitea service to forgejo While I'm at it, make it so I can use git@... at long last. 2024-02-16 17:20:44 +00:00			`(mkIf config.services.forgejo.enable {`
Factor out domain in caddy config 2024-02-16 17:30:32 +00:00			`virtualHosts."git.tecosaur.net".extraConfig = "redir https://code.${domain}{uri} 301";`
Switch from git.DOMAIN to code.DOMAIN 2024-02-16 17:27:56 +00:00			`})`
			`(mkIf config.services.forgejo.enable {`
Factor out domain in caddy config 2024-02-16 17:30:32 +00:00			`virtualHosts."code.${domain}".extraConfig =`
Try to redirect /X 404s to /tec/X for brevity 2023-06-27 12:33:55 +00:00			`''`
			`@not_tec {`
			`not path /tec/*`
			`not header Cookie caddy_tec_redirect=true`
			`}`
			`handle @not_tec {`
Migrate from gitea service to forgejo While I'm at it, make it so I can use git@... at long last. 2024-02-16 17:20:44 +00:00			`reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT} {`
Try to redirect /X 404s to /tec/X for brevity 2023-06-27 12:33:55 +00:00			`@404 status 404`
			`handle_response @404 {`
			`header +Set-Cookie "caddy_tec_redirect=true; Max-Age=5"`
			`redir * /tec{uri}`
			`}`
			`}`
			`}`
			`@tec_redirect {`
			`path /tec/*`
			`header Cookie caddy_tec_redirect=true`
			`}`
			`handle @tec_redirect {`
Migrate from gitea service to forgejo While I'm at it, make it so I can use git@... at long last. 2024-02-16 17:20:44 +00:00			`reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT} {`
Try to redirect /X 404s to /tec/X for brevity 2023-06-27 12:33:55 +00:00			`@404 status 404`
			`handle_response @404 {`
			`header +Set-Cookie "caddy_tec_redirect=true; Max-Age=0"`
			`handle_path /tec/* {`
			`redir * {uri}`
			`}`
			`}`
			`}`
			`}`
			`handle {`
Migrate from gitea service to forgejo While I'm at it, make it so I can use git@... at long last. 2024-02-16 17:20:44 +00:00			`reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}`
Try to redirect /X 404s to /tec/X for brevity 2023-06-27 12:33:55 +00:00			`}`
			`'';`
Make caddy config more conditional 2022-08-05 12:29:25 +00:00			`})`
			`];`
Serve TMiO git repository 2024-01-09 18:25:18 +00:00
			`users.users.caddy = {`
			`extraGroups =`
Migrate from gitea service to forgejo While I'm at it, make it so I can use git@... at long last. 2024-02-16 17:20:44 +00:00			`lib.optional config.services.syncthing.enable config.services.syncthing.user ++`
			`lib.optional config.services.forgejo.enable config.services.forgejo.user;`
Serve TMiO git repository 2024-01-09 18:25:18 +00:00			`};`
changes 2022-07-29 17:25:12 +00:00			`}`