62 lines
1.9 KiB
Nix
62 lines
1.9 KiB
Nix
{ config, ... }:
|
|
|
|
{
|
|
services.caddy = {
|
|
enable = true;
|
|
email = config.constants.postMaster;
|
|
virtualHosts =
|
|
let
|
|
dn = config.constants.domain;
|
|
hsCfg = config.services.headscale;
|
|
msfqdn = config.mailserver.fqdn;
|
|
mtfqdn = "matrix.${dn}";
|
|
vaultCfg = config.services.vaultwarden.config;
|
|
wn = s: "/.well-known/${s}";
|
|
in
|
|
{
|
|
"${dn}".extraConfig = let wnm = wn "matrix"; in ''
|
|
header ${wnm}/* Content-Type application/json
|
|
header ${wnm}/* Access-Control-Allow-Origin *
|
|
respond ${wnm}/server `{ "m.server": "${mtfqdn}:${toString config.constants.port.https}" }`
|
|
respond ${wnm}/client `{
|
|
"m.homeserver": { "base_url": "https://${mtfqdn}" },
|
|
"m.identity_server": { "base_url": "https://${mtfqdn}" }
|
|
}`
|
|
'';
|
|
"headscale.${dn}".extraConfig = ''
|
|
reverse_proxy ${hsCfg.address}:${toString hsCfg.port}
|
|
'';
|
|
${msfqdn} = {
|
|
extraConfig = ''
|
|
file_server ${wn "acme-challenge"}/* {
|
|
root ${config.security.acme.defaults.webroot}/
|
|
}
|
|
'';
|
|
useACMEHost = msfqdn;
|
|
};
|
|
"vault.${dn}".extraConfig =
|
|
''
|
|
reverse_proxy /notifications/hub/negotiate ${vaultCfg.ROCKET_ADDRESS}:${
|
|
toString vaultCfg.ROCKET_PORT
|
|
}
|
|
reverse_proxy /notifications/hub ${vaultCfg.WEBSOCKET_ADDRESS}:${
|
|
toString vaultCfg.WEBSOCKET_PORT
|
|
}
|
|
reverse_proxy ${vaultCfg.ROCKET_ADDRESS}:${
|
|
toString vaultCfg.ROCKET_PORT
|
|
} {
|
|
header_up X-Real-IP {remote_host}
|
|
}
|
|
'';
|
|
};
|
|
};
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults = {
|
|
email = config.constants.postMaster;
|
|
webroot = "/var/lib/acme/acme-challenge";
|
|
};
|
|
};
|
|
|
|
}
|