server.nix/caddy/default.nix

{ config
, pkgs
, inputs
, settings
, ...
}:
let
  elementClient = pkgs.element-web.override {
    conf = {
      default_server_config.default_server_name = "catnip.ee";
      element_call.use_exclusively = true;

      features = {
        feature_video_rooms = true;
        feature_element_call_video_rooms = true;
      };
    };
  };

  synapse-admin = pkgs.synapse-admin.override {
    baseUrl = "https://matrix.catnip.ee";
  };
in
{
  systemd.services.caddy = {
      serviceConfig = {
        # Required to use ports < 1024
        AmbientCapabilities = "cap_net_bind_service";
        CapabilityBoundingSet = "cap_net_bind_service";
        EnvironmentFile = "/etc/secrets/caddy.env";
        TimeoutStartSec = "5m";
      };
  };

  services.caddy = {
    enable = true;
    email = "ssl@catnip.ee";

    package = (pkgs.callPackage ./custom-caddy.nix {
      plugins = [ "github.com/caddy-dns/cloudflare" ];
    });

    virtualHosts = {
      "kaya.ee".extraConfig = ''
        tls {
          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
          resolvers 1.1.1.1
        }

        respond owo
      '';
      "bsky.ee" = {
        extraConfig = ''
          tls {
            dns cloudflare {env.CLOUDFLARE_API_TOKEN}
            resolvers 1.1.1.1
          }

          handle /xrpc/* {
            reverse_proxy :${config.services.pds.settings.PDS_PORT}
          }

          handle /.well-known/* {
            reverse_proxy :${config.services.pds.settings.PDS_PORT}
          }

          root * ${inputs.bsky-website}
          file_server browse {
            hide .git
          }
        '';
        serverAliases = [ "*.bsky.ee" ];
      };

      ${config.services.coturn.realm} = {
        extraConfig = ''
          root /.well-known/acme-challenge/* ${settings.turnAcmeDir}
          file_server
        '';

        useACMEHost = config.services.coturn.realm;
      };
      "lastfm.catnip.ee".extraConfig = ''
        tls {
          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
          resolvers 1.1.1.1
        }

        reverse_proxy :${toString config.services.lastfm-status.port}
      '';
      "forge.catnip.ee".extraConfig = ''
        tls {
          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
          resolvers 1.1.1.1
        }

        reverse_proxy :${toString config.services.forgejo.settings.server.HTTP_PORT}
      '';
      "waka.catnip.ee".extraConfig = ''
        tls {
          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
          resolvers 1.1.1.1
        }

        reverse_proxy :${toString config.services.wakapi.settings.server.port}
      '';

      "http://syncthing.internal".extraConfig = ''
        @local remote_ip private_ranges 100.64.0.0/10
        reverse_proxy @local http://${config.services.syncthing.guiAddress}
      '';
      "http://epic.internal".extraConfig = ''
        @local remote_ip private_ranges 100.64.0.0/10
        reverse_proxy @local :${toString settings.ports.epicgames-freegames-node}
      '';
      "http://bazarr.internal".extraConfig = ''
        @local remote_ip private_ranges 100.64.0.0/10
        reverse_proxy @local :${toString config.services.bazarr.listenPort}
      '';
      "http://scrutiny.internal".extraConfig = ''
        @local remote_ip private_ranges 100.64.0.0/10
        reverse_proxy @local :${toString config.services.scrutiny.settings.web.listen.port}
      '';
      "http://prowlarr.internal".extraConfig = ''
        @local remote_ip private_ranges 100.64.0.0/10
        reverse_proxy @local :${toString settings.ports.prowlarr}
      '';
      "http://radarr.internal".extraConfig = ''
        @local remote_ip private_ranges 100.64.0.0/10
        reverse_proxy @local :${toString settings.ports.radarr}
      '';
      "http://sonarr.internal".extraConfig = ''
        @local remote_ip private_ranges 100.64.0.0/10
        reverse_proxy @local :${toString settings.ports.sonarr}
      '';
      "http://lidarr.internal".extraConfig = ''
        @local remote_ip private_ranges 100.64.0.0/10
        reverse_proxy @local :${toString settings.ports.lidarr}
      '';
      "http://qbittorrent.internal".extraConfig = ''
        @local remote_ip private_ranges 100.64.0.0/10
        reverse_proxy @local :${toString settings.ports.qbittorrent}
      '';
      "http://files.internal".extraConfig = ''
        @local remote_ip private_ranges 100.64.0.0/10
        root * /mnt/media
        file_server @local browse {
          hide .Trash-1000
        }
      '';

      "files.catnip.ee".extraConfig = ''
        tls {
          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
          resolvers 1.1.1.1
        }

        basic_auth {
         mrow {env.FILES_PASSWORD_HASH}
        }

        root * /mnt/media
        file_server browse {
          hide .Trash-1000
        }
      '';

      "chat.catnip.ee".extraConfig = ''
        tls {
          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
          resolvers 1.1.1.1
        }

        root * ${elementClient}
        file_server
      '';
      "synapse-admin.catnip.ee".extraConfig = ''
        tls {
          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
          resolvers 1.1.1.1
        }

        root * ${synapse-admin}
        file_server
      '';
      "matrix.catnip.ee".extraConfig = ''
        tls {
          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
          resolvers 1.1.1.1
        }

        reverse_proxy :${toString settings.ports.synapse}

        redir /telegram /telegram/

        handle /.well-known/matrix/client {
          header Content-Type application/json
          header Access-Control-Allow-Origin *
          respond `{"m.homeserver":{"base_url":"https://matrix.catnip.ee/"},"org.matrix.msc3575.proxy":{"url":"https://sliding-sync.catnip.ee"}}`
        }
        handle /.well-known/matrix/server {
          header Content-Type application/json
          header Access-Control-Allow-Origin *
          respond `{"m.server": "matrix.catnip.ee:443"}`
        }

        handle /telegram/* {
          reverse_proxy :${toString settings.ports.mautrix-telegram}
        }
      '';

      "ntfy.catnip.ee".extraConfig = ''
        tls {
          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
          resolvers 1.1.1.1
        }

        reverse_proxy ${config.services.ntfy-sh.settings.listen-http}

        # Redirect HTTP to HTTPS, but only for GET topic addresses, since we want
        # it to work with curl without the annoying https:// prefix.
        @httpget {
            protocol http
            method GET
            path_regexp ^/([-_a-z0-9]{0,64}$|docs/|static/)
        }
        redir @httpget https://{host}{uri}
      '';

      "cloud.catnip.ee".extraConfig = ''
        tls {
          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
          resolvers 1.1.1.1
        }

        redir /.well-known/carddav /remote.php/dav 301
        redir /.well-known/caldav /remote.php/dav 301

        header {
           Strict-Transport-Security "max-age=31536000; includeSubDomains"
           Referrer-Policy no-referrer
           Referrer-Policy same-origin
           Referrer-Policy strict-origin
           Referrer-Policy strict-origin-when-cross-origin
           Referrer-Policy no-referrer-when-downgrade
         }

         reverse_proxy 127.0.0.1:${toString settings.ports.nextcloud}
      '';

      "catnip.ee".extraConfig = ''
        tls {
          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
          resolvers 1.1.1.1
        }

        root * ${inputs.catnip-website}
        file_server browse {
          hide .git
        }

        handle /.well-known/matrix/client {
          header Content-Type application/json
          header Access-Control-Allow-Origin *
          respond `{"m.homeserver":{"base_url":"https://matrix.catnip.ee/"},"org.matrix.msc3575.proxy":{"url":"https://sliding-sync.catnip.ee"}}`
        }
        handle /.well-known/matrix/server {
          header Content-Type application/json
          header Access-Control-Allow-Origin *
          respond `{"m.server": "matrix.catnip.ee:443"}`
        }
      '';
      "www.catnip.ee".extraConfig = ''
        tls {
          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
          resolvers 1.1.1.1
        }

        redir https://catnip.ee{uri} permanent
      '';

      "confess.catnip.ee".extraConfig = ''
        tls {
          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
          resolvers 1.1.1.1
        }

        reverse_proxy :${toString config.services.confess-web.port}
      '';

      ":80".extraConfig = ''
        respond awawaw
      '';
    };
  };
}
Formatting 2024-05-02 14:09:52 +03:00			`{ config`
			`, pkgs`
			`, inputs`
Move settings to an input 2024-05-03 00:54:08 +03:00			`, settings`
Formatting 2024-05-02 14:09:52 +03:00			`, ...`
			`}:`
			`let`
Initial commit 2024-02-23 01:56:51 +02:00			`elementClient = pkgs.element-web.override {`
			`conf = {`
Update element config to use element_call 2024-04-21 19:59:43 +03:00			`default_server_config.default_server_name = "catnip.ee";`
			`element_call.use_exclusively = true;`

			`features = {`
			`feature_video_rooms = true;`
			`feature_element_call_video_rooms = true;`
Initial commit 2024-02-23 01:56:51 +02:00			`};`
			`};`
			`};`
Fix synapse-admin 2024-05-07 16:26:34 +03:00
			`synapse-admin = pkgs.synapse-admin.override {`
			`baseUrl = "https://matrix.catnip.ee";`
			`};`
Formatting 2024-05-02 14:09:52 +03:00			`in`
			`{`
Change caddy for cloudflare caddy plugin, needed for bsky wildcard 2024-11-01 20:50:46 +02:00			`systemd.services.caddy = {`
			`serviceConfig = {`
			`# Required to use ports < 1024`
			`AmbientCapabilities = "cap_net_bind_service";`
			`CapabilityBoundingSet = "cap_net_bind_service";`
			`EnvironmentFile = "/etc/secrets/caddy.env";`
			`TimeoutStartSec = "5m";`
			`};`
			`};`

Initial commit 2024-02-23 01:56:51 +02:00			`services.caddy = {`
			`enable = true;`
Update ssl emails 2024-03-22 13:52:30 +02:00			`email = "ssl@catnip.ee";`
Change caddy for cloudflare caddy plugin, needed for bsky wildcard 2024-11-01 20:50:46 +02:00
			`package = (pkgs.callPackage ./custom-caddy.nix {`
			`plugins = [ "github.com/caddy-dns/cloudflare" ];`
			`});`

Initial commit 2024-02-23 01:56:51 +02:00			`virtualHosts = {`
Add basic kaya.ee website 2024-11-14 22:11:37 +02:00			`"kaya.ee".extraConfig = ''`
			`tls {`
			`dns cloudflare {env.CLOUDFLARE_API_TOKEN}`
			`resolvers 1.1.1.1`
			`}`

			`respond owo`
			`'';`
Add bluesky 2024-11-01 19:29:28 +02:00			`"bsky.ee" = {`
			`extraConfig = ''`
Change caddy for cloudflare caddy plugin, needed for bsky wildcard 2024-11-01 20:50:46 +02:00			`tls {`
			`dns cloudflare {env.CLOUDFLARE_API_TOKEN}`
			`resolvers 1.1.1.1`
			`}`

Add bsky website 2024-11-12 18:10:07 +02:00			`handle /xrpc/* {`
			`reverse_proxy :${config.services.pds.settings.PDS_PORT}`
			`}`

Fix bsky, should no longer say invalid handle 2024-11-13 17:53:25 +02:00			`handle /.well-known/* {`
			`reverse_proxy :${config.services.pds.settings.PDS_PORT}`
			`}`

Add bsky website 2024-11-12 18:10:07 +02:00			`root * ${inputs.bsky-website}`
			`file_server browse {`
			`hide .git`
			`}`
Add bluesky 2024-11-01 19:29:28 +02:00			`'';`
			`serverAliases = [ "*.bsky.ee" ];`
			`};`
Add mastodon 2024-04-22 11:05:42 +03:00
Possibly fix turn server cert 2024-03-27 14:45:33 +02:00			`${config.services.coturn.realm} = {`
			`extraConfig = ''`
			`root /.well-known/acme-challenge/* ${settings.turnAcmeDir}`
			`file_server`
			`'';`

			`useACMEHost = config.services.coturn.realm;`
			`};`
Initial commit 2024-02-23 01:56:51 +02:00			`"lastfm.catnip.ee".extraConfig = ''`
Add cloudflare ssl cert adding to most domains 2024-11-12 23:50:21 +02:00			`tls {`
			`dns cloudflare {env.CLOUDFLARE_API_TOKEN}`
			`resolvers 1.1.1.1`
			`}`

Clean up 2024-10-25 21:04:10 +03:00			`reverse_proxy :${toString config.services.lastfm-status.port}`
Initial commit 2024-02-23 01:56:51 +02:00			`'';`
			`"forge.catnip.ee".extraConfig = ''`
Add cloudflare ssl cert adding to most domains 2024-11-12 23:50:21 +02:00			`tls {`
			`dns cloudflare {env.CLOUDFLARE_API_TOKEN}`
			`resolvers 1.1.1.1`
			`}`

Clean up 2024-10-25 21:04:10 +03:00			`reverse_proxy :${toString config.services.forgejo.settings.server.HTTP_PORT}`
Initial commit 2024-02-23 01:56:51 +02:00			`'';`
Add cloudflare ssl cert adding to most domains 2024-11-12 23:50:21 +02:00			`"waka.catnip.ee".extraConfig = ''`
			`tls {`
			`dns cloudflare {env.CLOUDFLARE_API_TOKEN}`
			`resolvers 1.1.1.1`
			`}`

			`reverse_proxy :${toString config.services.wakapi.settings.server.port}`
			`'';`

Add syncthing #1 2024-10-25 20:12:49 +03:00			`"http://syncthing.internal".extraConfig = ''`
			`@local remote_ip private_ranges 100.64.0.0/10`
			`reverse_proxy @local http://${config.services.syncthing.guiAddress}`
			`'';`
Replace .local with .internal as ICANN suggests that 2024-10-21 20:17:48 +03:00			`"http://epic.internal".extraConfig = ''`
Add epicgames-freegames-node 2024-04-25 13:41:52 +03:00			`@local remote_ip private_ranges 100.64.0.0/10`
			`reverse_proxy @local :${toString settings.ports.epicgames-freegames-node}`
			`'';`
Replace .local with .internal as ICANN suggests that 2024-10-21 20:17:48 +03:00			`"http://bazarr.internal".extraConfig = ''`
Initial commit 2024-02-23 01:56:51 +02:00			`@local remote_ip private_ranges 100.64.0.0/10`
Clean up 2024-10-25 21:04:10 +03:00			`reverse_proxy @local :${toString config.services.bazarr.listenPort}`
Initial commit 2024-02-23 01:56:51 +02:00			`'';`
Replace .local with .internal as ICANN suggests that 2024-10-21 20:17:48 +03:00			`"http://scrutiny.internal".extraConfig = ''`
Initial commit 2024-02-23 01:56:51 +02:00			`@local remote_ip private_ranges 100.64.0.0/10`
Clean up 2024-10-25 21:04:10 +03:00			`reverse_proxy @local :${toString config.services.scrutiny.settings.web.listen.port}`
Initial commit 2024-02-23 01:56:51 +02:00			`'';`
Replace .local with .internal as ICANN suggests that 2024-10-21 20:17:48 +03:00			`"http://prowlarr.internal".extraConfig = ''`
Initial commit 2024-02-23 01:56:51 +02:00			`@local remote_ip private_ranges 100.64.0.0/10`
			`reverse_proxy @local :${toString settings.ports.prowlarr}`
			`'';`
Replace .local with .internal as ICANN suggests that 2024-10-21 20:17:48 +03:00			`"http://radarr.internal".extraConfig = ''`
Initial commit 2024-02-23 01:56:51 +02:00			`@local remote_ip private_ranges 100.64.0.0/10`
			`reverse_proxy @local :${toString settings.ports.radarr}`
			`'';`
Replace .local with .internal as ICANN suggests that 2024-10-21 20:17:48 +03:00			`"http://sonarr.internal".extraConfig = ''`
Initial commit 2024-02-23 01:56:51 +02:00			`@local remote_ip private_ranges 100.64.0.0/10`
			`reverse_proxy @local :${toString settings.ports.sonarr}`
			`'';`
Replace .local with .internal as ICANN suggests that 2024-10-21 20:17:48 +03:00			`"http://lidarr.internal".extraConfig = ''`
Add lidarr 2024-04-05 10:41:54 +03:00			`@local remote_ip private_ranges 100.64.0.0/10`
			`reverse_proxy @local :${toString settings.ports.lidarr}`
			`'';`
Replace .local with .internal as ICANN suggests that 2024-10-21 20:17:48 +03:00			`"http://qbittorrent.internal".extraConfig = ''`
Initial commit 2024-02-23 01:56:51 +02:00			`@local remote_ip private_ranges 100.64.0.0/10`
			`reverse_proxy @local :${toString settings.ports.qbittorrent}`
			`'';`
Replace .local with .internal as ICANN suggests that 2024-10-21 20:17:48 +03:00			`"http://files.internal".extraConfig = ''`
Initial commit 2024-02-23 01:56:51 +02:00			`@local remote_ip private_ranges 100.64.0.0/10`
			`root * /mnt/media`
			`file_server @local browse {`
			`hide .Trash-1000`
			`}`
			`'';`

Formatting 2024-03-05 21:21:27 +02:00			`"files.catnip.ee".extraConfig = ''`
Add cloudflare ssl cert adding to most domains 2024-11-12 23:50:21 +02:00			`tls {`
			`dns cloudflare {env.CLOUDFLARE_API_TOKEN}`
			`resolvers 1.1.1.1`
			`}`

Rename basicauth -> basic_auth in caddy 2024-09-29 02:32:00 +03:00			`basic_auth {`
Formatting 2024-03-05 21:21:27 +02:00			`mrow {env.FILES_PASSWORD_HASH}`
			`}`

			`root * /mnt/media`
			`file_server browse {`
			`hide .Trash-1000`
			`}`
			`'';`
Initial commit 2024-02-23 01:56:51 +02:00
			`"chat.catnip.ee".extraConfig = ''`
Add cloudflare ssl cert adding to most domains 2024-11-12 23:50:21 +02:00			`tls {`
			`dns cloudflare {env.CLOUDFLARE_API_TOKEN}`
			`resolvers 1.1.1.1`
			`}`

Initial commit 2024-02-23 01:56:51 +02:00			`root * ${elementClient}`
			`file_server`
			`'';`
Fix synapse-admin 2024-05-07 16:26:34 +03:00			`"synapse-admin.catnip.ee".extraConfig = ''`
Add cloudflare ssl cert adding to most domains 2024-11-12 23:50:21 +02:00			`tls {`
			`dns cloudflare {env.CLOUDFLARE_API_TOKEN}`
			`resolvers 1.1.1.1`
			`}`

Fix synapse-admin 2024-05-07 16:26:34 +03:00			`root * ${synapse-admin}`
			`file_server`
			`'';`
Initial commit 2024-02-23 01:56:51 +02:00			`"matrix.catnip.ee".extraConfig = ''`
Add cloudflare ssl cert adding to most domains 2024-11-12 23:50:21 +02:00			`tls {`
			`dns cloudflare {env.CLOUDFLARE_API_TOKEN}`
			`resolvers 1.1.1.1`
			`}`

Initial commit 2024-02-23 01:56:51 +02:00			`reverse_proxy :${toString settings.ports.synapse}`

Clean up 2024-10-25 21:04:10 +03:00			`redir /telegram /telegram/`
Add matrix wellknown only to matrix.catnip.ee, .well-known requests will get redirected to right place 2024-03-06 17:49:13 +02:00
			`handle /.well-known/matrix/client {`
			`header Content-Type application/json`
			`header Access-Control-Allow-Origin *`
			respond `{"m.homeserver":{"base_url":"https://matrix.catnip.ee/"},"org.matrix.msc3575.proxy":{"url":"https://sliding-sync.catnip.ee"}}`
			`}`
			`handle /.well-known/matrix/server {`
			`header Content-Type application/json`
			`header Access-Control-Allow-Origin *`
			respond `{"m.server": "matrix.catnip.ee:443"}`
			`}`
Initial commit 2024-02-23 01:56:51 +02:00
			`handle /telegram/* {`
			`reverse_proxy :${toString settings.ports.mautrix-telegram}`
			`}`
			`'';`

			`"ntfy.catnip.ee".extraConfig = ''`
Add cloudflare ssl cert adding to most domains 2024-11-12 23:50:21 +02:00			`tls {`
			`dns cloudflare {env.CLOUDFLARE_API_TOKEN}`
			`resolvers 1.1.1.1`
			`}`

Formatting 2024-03-05 21:21:27 +02:00			`reverse_proxy ${config.services.ntfy-sh.settings.listen-http}`
Initial commit 2024-02-23 01:56:51 +02:00
Formatting 2024-03-05 21:21:27 +02:00			`# Redirect HTTP to HTTPS, but only for GET topic addresses, since we want`
			`# it to work with curl without the annoying https:// prefix.`
			`@httpget {`
			`protocol http`
			`method GET`
			`path_regexp ^/([-_a-z0-9]{0,64}$\|docs/\|static/)`
			`}`
			`redir @httpget https://{host}{uri}`
Initial commit 2024-02-23 01:56:51 +02:00			`'';`

			`"cloud.catnip.ee".extraConfig = ''`
Add cloudflare ssl cert adding to most domains 2024-11-12 23:50:21 +02:00			`tls {`
			`dns cloudflare {env.CLOUDFLARE_API_TOKEN}`
			`resolvers 1.1.1.1`
			`}`

			`redir /.well-known/carddav /remote.php/dav 301`
			`redir /.well-known/caldav /remote.php/dav 301`
Initial commit 2024-02-23 01:56:51 +02:00
			`header {`
			`Strict-Transport-Security "max-age=31536000; includeSubDomains"`
			`Referrer-Policy no-referrer`
			`Referrer-Policy same-origin`
			`Referrer-Policy strict-origin`
			`Referrer-Policy strict-origin-when-cross-origin`
			`Referrer-Policy no-referrer-when-downgrade`
			`}`

			`reverse_proxy 127.0.0.1:${toString settings.ports.nextcloud}`
			`'';`

Redirect www.catnip.ee to catnip.ee 2024-03-27 15:26:19 +02:00			`"catnip.ee".extraConfig = ''`
Add cloudflare ssl cert adding to most domains 2024-11-12 23:50:21 +02:00			`tls {`
			`dns cloudflare {env.CLOUDFLARE_API_TOKEN}`
			`resolvers 1.1.1.1`
			`}`

Redirect www.catnip.ee to catnip.ee 2024-03-27 15:26:19 +02:00			`root * ${inputs.catnip-website}`
			`file_server browse {`
			`hide .git`
			`}`

Change caddy matrix well-known 2024-03-28 13:03:11 +02:00			`handle /.well-known/matrix/client {`
			`header Content-Type application/json`
			`header Access-Control-Allow-Origin *`
			respond `{"m.homeserver":{"base_url":"https://matrix.catnip.ee/"},"org.matrix.msc3575.proxy":{"url":"https://sliding-sync.catnip.ee"}}`
			`}`
			`handle /.well-known/matrix/server {`
			`header Content-Type application/json`
			`header Access-Control-Allow-Origin *`
			respond `{"m.server": "matrix.catnip.ee:443"}`
			`}`
Redirect www.catnip.ee to catnip.ee 2024-03-27 15:26:19 +02:00			`'';`
			`"www.catnip.ee".extraConfig = ''`
Add cloudflare ssl cert adding to most domains 2024-11-12 23:50:21 +02:00			`tls {`
			`dns cloudflare {env.CLOUDFLARE_API_TOKEN}`
			`resolvers 1.1.1.1`
			`}`

Redirect www.catnip.ee to catnip.ee 2024-03-27 15:26:19 +02:00			`redir https://catnip.ee{uri} permanent`
			`'';`
Initial commit 2024-02-23 01:56:51 +02:00
Add confess web, rename forge option 2024-06-08 16:41:43 +03:00			`"confess.catnip.ee".extraConfig = ''`
Add cloudflare ssl cert adding to most domains 2024-11-12 23:50:21 +02:00			`tls {`
			`dns cloudflare {env.CLOUDFLARE_API_TOKEN}`
			`resolvers 1.1.1.1`
			`}`

Clean up 2024-10-25 21:04:10 +03:00			`reverse_proxy :${toString config.services.confess-web.port}`
Add confess web, rename forge option 2024-06-08 16:41:43 +03:00			`'';`
Initial commit 2024-02-23 01:56:51 +02:00
			`":80".extraConfig = ''`
			`respond awawaw`
			`'';`
			`};`
			`};`
			`}`