Refactor setup

2023-12-06 21:46:16 -08:00 · 2023-12-06 21:46:16 -08:00 · a7e892635c
commit a7e892635c
parent b6b118f819
16 changed files with 124 additions and 210 deletions
--- a/linux/singularity/caddy.nix
+++ b/linux/singularity/caddy.nix
@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, pkgs, ... }:

 {
  services.caddy = {
@ -7,24 +7,31 @@
    virtualHosts =
      let
        dn = config.constants.domain;
-        hsCfg = config.services.headscale;
+        home = "100.64.0.3";
+        local = config.constants.localhost;
        msfqdn = config.mailserver.fqdn;
        mtfqdn = "matrix.${dn}";
-        vaultCfg = config.services.vaultwarden.config;
+        portStr = builtins.mapAttrs (n: v: toString v) config.constants.port;
        wn = s: "/.well-known/${s}";
      in
      {
        "${dn}".extraConfig = let wnm = wn "matrix"; in ''
          header ${wnm}/* Content-Type application/json
          header ${wnm}/* Access-Control-Allow-Origin *
-          respond ${wnm}/server `{ "m.server": "${mtfqdn}:${toString config.constants.port.https}" }`
+          respond ${wnm}/server `{ "m.server": "${mtfqdn}:${portStr.https}" }`
          respond ${wnm}/client `{
            "m.homeserver": { "base_url": "https://${mtfqdn}" },
            "m.identity_server": { "base_url": "https://${mtfqdn}" }
          }`
        '';
+        "forgejo.${dn}".extraConfig = ''
+          reverse_proxy ${home}:${portStr.forgejo}
+        '';
        "headscale.${dn}".extraConfig = ''
-          reverse_proxy ${hsCfg.address}:${toString hsCfg.port}
+          reverse_proxy ${local}:${portStr.headscale}
+        '';
+        "jellyfin.${dn}".extraConfig = ''
+          reverse_proxy ${home}:${portStr.jellyfin}
        '';
        ${msfqdn} = {
          extraConfig = ''
@ -34,17 +41,17 @@
          '';
          useACMEHost = msfqdn;
        };
+        "matrix.${dn}".extraConfig = ''
+          reverse_proxy /_matrix/* ${home}:${portStr.conduit}
+          file_server {
+            root ${pkgs.cinny}
+          }
+        '';
        "vault.${dn}".extraConfig =
          ''
-            reverse_proxy /notifications/hub/negotiate ${vaultCfg.ROCKET_ADDRESS}:${
-              toString vaultCfg.ROCKET_PORT
-            }
-            reverse_proxy /notifications/hub ${vaultCfg.WEBSOCKET_ADDRESS}:${
-              toString vaultCfg.WEBSOCKET_PORT
-            }
-            reverse_proxy ${vaultCfg.ROCKET_ADDRESS}:${
-              toString vaultCfg.ROCKET_PORT
-            } {
+            reverse_proxy /notifications/hub/negotiate ${local}:${portStr.vault-rkt}
+            reverse_proxy /notifications/hub ${local}:${portStr.vault-ws}
+            reverse_proxy ${local}:${portStr.vault-rkt} {
              header_up X-Real-IP {remote_host}
            }
          '';