2024-05-02 14:09:52 +03:00
|
|
|
{ config
|
|
|
|
|
, pkgs
|
|
|
|
|
, inputs
|
2024-05-03 00:54:08 +03:00
|
|
|
, settings
|
2024-05-02 14:09:52 +03:00
|
|
|
, ...
|
|
|
|
|
}:
|
|
|
|
|
let
|
2024-02-23 01:56:51 +02:00
|
|
|
elementClient = pkgs.element-web.override {
|
|
|
|
|
conf = {
|
2024-04-21 19:59:43 +03:00
|
|
|
default_server_config.default_server_name = "catnip.ee";
|
|
|
|
|
element_call.use_exclusively = true;
|
|
|
|
|
|
|
|
|
|
features = {
|
|
|
|
|
feature_video_rooms = true;
|
|
|
|
|
feature_element_call_video_rooms = true;
|
2024-02-23 01:56:51 +02:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-05-07 16:26:34 +03:00
|
|
|
|
|
|
|
|
synapse-admin = pkgs.synapse-admin.override {
|
|
|
|
|
baseUrl = "https://matrix.catnip.ee";
|
|
|
|
|
};
|
2024-05-02 14:09:52 +03:00
|
|
|
in
|
|
|
|
|
{
|
2024-11-01 20:50:46 +02:00
|
|
|
systemd.services.caddy = {
|
2024-11-16 00:31:06 +02:00
|
|
|
serviceConfig = {
|
|
|
|
|
# Required to use ports < 1024
|
|
|
|
|
AmbientCapabilities = "cap_net_bind_service";
|
|
|
|
|
CapabilityBoundingSet = "cap_net_bind_service";
|
|
|
|
|
EnvironmentFile = "/etc/secrets/caddy.env";
|
|
|
|
|
TimeoutStartSec = "5m";
|
|
|
|
|
};
|
2024-11-01 20:50:46 +02:00
|
|
|
};
|
|
|
|
|
|
2024-02-23 01:56:51 +02:00
|
|
|
services.caddy = {
|
|
|
|
|
enable = true;
|
2024-03-22 13:52:30 +02:00
|
|
|
email = "ssl@catnip.ee";
|
2024-11-01 20:50:46 +02:00
|
|
|
|
|
|
|
|
package = (pkgs.callPackage ./custom-caddy.nix {
|
|
|
|
|
plugins = [ "github.com/caddy-dns/cloudflare" ];
|
|
|
|
|
});
|
|
|
|
|
|
2024-02-23 01:56:51 +02:00
|
|
|
virtualHosts = {
|
2024-11-27 19:12:36 +02:00
|
|
|
"xn--tdaa.ee" = {
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
tls {
|
|
|
|
|
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
|
|
|
|
resolvers 1.1.1.1
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
root * ${inputs.xn--tdaa-website}
|
|
|
|
|
file_server browse {
|
|
|
|
|
hide .git
|
|
|
|
|
}
|
|
|
|
|
'';
|
|
|
|
|
serverAliases = [ "üü.ee" ];
|
2024-11-30 01:10:27 +02:00
|
|
|
logFormat = ''
|
|
|
|
|
output file ${config.services.caddy.logDir}/access.log {
|
|
|
|
|
mode 640
|
|
|
|
|
}
|
|
|
|
|
'';
|
2024-11-27 19:12:36 +02:00
|
|
|
};
|
2024-11-30 01:10:27 +02:00
|
|
|
"kaya.ee" = {
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
tls {
|
|
|
|
|
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
|
|
|
|
resolvers 1.1.1.1
|
|
|
|
|
}
|
2024-11-27 19:12:36 +02:00
|
|
|
|
2024-11-30 01:10:27 +02:00
|
|
|
respond owo
|
|
|
|
|
'';
|
2024-11-14 22:11:37 +02:00
|
|
|
|
2024-11-30 01:10:27 +02:00
|
|
|
logFormat = ''
|
|
|
|
|
output file ${config.services.caddy.logDir}/access.log {
|
|
|
|
|
mode 640
|
|
|
|
|
}
|
|
|
|
|
'';
|
|
|
|
|
};
|
2024-11-30 13:47:26 +02:00
|
|
|
|
2024-11-30 01:10:27 +02:00
|
|
|
"lastfm.catnip.ee" = {
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
tls {
|
|
|
|
|
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
|
|
|
|
resolvers 1.1.1.1
|
|
|
|
|
}
|
2024-11-12 23:50:21 +02:00
|
|
|
|
2024-11-30 01:10:27 +02:00
|
|
|
reverse_proxy :${toString config.services.lastfm-status.port}
|
|
|
|
|
'';
|
|
|
|
|
logFormat = ''
|
|
|
|
|
output file ${config.services.caddy.logDir}/access.log {
|
|
|
|
|
mode 640
|
|
|
|
|
}
|
|
|
|
|
'';
|
|
|
|
|
};
|
2024-11-12 23:50:21 +02:00
|
|
|
|
2024-10-25 20:12:49 +03:00
|
|
|
"http://syncthing.internal".extraConfig = ''
|
|
|
|
|
@local remote_ip private_ranges 100.64.0.0/10
|
|
|
|
|
reverse_proxy @local http://${config.services.syncthing.guiAddress}
|
|
|
|
|
'';
|
2024-10-21 20:17:48 +03:00
|
|
|
"http://epic.internal".extraConfig = ''
|
2024-04-25 13:41:52 +03:00
|
|
|
@local remote_ip private_ranges 100.64.0.0/10
|
|
|
|
|
reverse_proxy @local :${toString settings.ports.epicgames-freegames-node}
|
|
|
|
|
'';
|
2024-10-21 20:17:48 +03:00
|
|
|
"http://bazarr.internal".extraConfig = ''
|
2024-02-23 01:56:51 +02:00
|
|
|
@local remote_ip private_ranges 100.64.0.0/10
|
2024-10-25 21:04:10 +03:00
|
|
|
reverse_proxy @local :${toString config.services.bazarr.listenPort}
|
2024-02-23 01:56:51 +02:00
|
|
|
'';
|
2024-10-21 20:17:48 +03:00
|
|
|
"http://scrutiny.internal".extraConfig = ''
|
2024-02-23 01:56:51 +02:00
|
|
|
@local remote_ip private_ranges 100.64.0.0/10
|
2024-10-25 21:04:10 +03:00
|
|
|
reverse_proxy @local :${toString config.services.scrutiny.settings.web.listen.port}
|
2024-02-23 01:56:51 +02:00
|
|
|
'';
|
2024-10-21 20:17:48 +03:00
|
|
|
"http://prowlarr.internal".extraConfig = ''
|
2024-02-23 01:56:51 +02:00
|
|
|
@local remote_ip private_ranges 100.64.0.0/10
|
|
|
|
|
reverse_proxy @local :${toString settings.ports.prowlarr}
|
|
|
|
|
'';
|
2024-10-21 20:17:48 +03:00
|
|
|
"http://radarr.internal".extraConfig = ''
|
2024-02-23 01:56:51 +02:00
|
|
|
@local remote_ip private_ranges 100.64.0.0/10
|
|
|
|
|
reverse_proxy @local :${toString settings.ports.radarr}
|
|
|
|
|
'';
|
2024-10-21 20:17:48 +03:00
|
|
|
"http://sonarr.internal".extraConfig = ''
|
2024-02-23 01:56:51 +02:00
|
|
|
@local remote_ip private_ranges 100.64.0.0/10
|
|
|
|
|
reverse_proxy @local :${toString settings.ports.sonarr}
|
|
|
|
|
'';
|
2024-10-21 20:17:48 +03:00
|
|
|
"http://lidarr.internal".extraConfig = ''
|
2024-04-05 10:41:54 +03:00
|
|
|
@local remote_ip private_ranges 100.64.0.0/10
|
|
|
|
|
reverse_proxy @local :${toString settings.ports.lidarr}
|
|
|
|
|
'';
|
2024-10-21 20:17:48 +03:00
|
|
|
"http://qbittorrent.internal".extraConfig = ''
|
2024-02-23 01:56:51 +02:00
|
|
|
@local remote_ip private_ranges 100.64.0.0/10
|
|
|
|
|
reverse_proxy @local :${toString settings.ports.qbittorrent}
|
|
|
|
|
'';
|
2024-10-21 20:17:48 +03:00
|
|
|
"http://files.internal".extraConfig = ''
|
2024-02-23 01:56:51 +02:00
|
|
|
@local remote_ip private_ranges 100.64.0.0/10
|
|
|
|
|
root * /mnt/media
|
|
|
|
|
file_server @local browse {
|
|
|
|
|
hide .Trash-1000
|
|
|
|
|
}
|
|
|
|
|
'';
|
|
|
|
|
|
2024-11-30 01:10:27 +02:00
|
|
|
"files.catnip.ee" = {
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
tls {
|
|
|
|
|
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
|
|
|
|
resolvers 1.1.1.1
|
|
|
|
|
}
|
2024-11-12 23:50:21 +02:00
|
|
|
|
2024-11-30 01:10:27 +02:00
|
|
|
basic_auth {
|
|
|
|
|
mrow {env.FILES_PASSWORD_HASH}
|
|
|
|
|
}
|
2024-03-05 21:21:27 +02:00
|
|
|
|
2024-11-30 01:10:27 +02:00
|
|
|
root * /mnt/media
|
|
|
|
|
file_server browse {
|
|
|
|
|
hide .Trash-1000
|
|
|
|
|
}
|
|
|
|
|
'';
|
|
|
|
|
logFormat = ''
|
|
|
|
|
output file ${config.services.caddy.logDir}/access.log {
|
|
|
|
|
mode 640
|
|
|
|
|
}
|
|
|
|
|
'';
|
|
|
|
|
};
|
2024-02-23 01:56:51 +02:00
|
|
|
|
|
|
|
|
"chat.catnip.ee".extraConfig = ''
|
2024-11-12 23:50:21 +02:00
|
|
|
tls {
|
|
|
|
|
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
|
|
|
|
resolvers 1.1.1.1
|
|
|
|
|
}
|
|
|
|
|
|
2024-02-23 01:56:51 +02:00
|
|
|
root * ${elementClient}
|
|
|
|
|
file_server
|
|
|
|
|
'';
|
2024-05-07 16:26:34 +03:00
|
|
|
"synapse-admin.catnip.ee".extraConfig = ''
|
2024-11-12 23:50:21 +02:00
|
|
|
tls {
|
|
|
|
|
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
|
|
|
|
resolvers 1.1.1.1
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-07 16:26:34 +03:00
|
|
|
root * ${synapse-admin}
|
|
|
|
|
file_server
|
|
|
|
|
'';
|
2024-11-30 01:10:27 +02:00
|
|
|
"matrix.catnip.ee" = {
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
tls {
|
|
|
|
|
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
|
|
|
|
resolvers 1.1.1.1
|
|
|
|
|
}
|
2024-03-06 17:49:13 +02:00
|
|
|
|
2024-11-30 01:10:27 +02:00
|
|
|
reverse_proxy :${toString settings.ports.synapse}
|
2024-02-23 01:56:51 +02:00
|
|
|
|
2024-11-30 01:10:27 +02:00
|
|
|
redir /telegram /telegram/
|
2024-02-23 01:56:51 +02:00
|
|
|
|
2024-11-30 01:10:27 +02:00
|
|
|
handle /.well-known/matrix/client {
|
|
|
|
|
header Content-Type application/json
|
|
|
|
|
header Access-Control-Allow-Origin *
|
|
|
|
|
respond `{"m.homeserver":{"base_url":"https://matrix.catnip.ee/"},"org.matrix.msc3575.proxy":{"url":"https://sliding-sync.catnip.ee"}}`
|
|
|
|
|
}
|
|
|
|
|
handle /.well-known/matrix/server {
|
|
|
|
|
header Content-Type application/json
|
|
|
|
|
header Access-Control-Allow-Origin *
|
|
|
|
|
respond `{"m.server": "matrix.catnip.ee:443"}`
|
|
|
|
|
}
|
2024-11-12 23:50:21 +02:00
|
|
|
|
2024-11-30 01:10:27 +02:00
|
|
|
handle /telegram/* {
|
|
|
|
|
reverse_proxy :${toString settings.ports.mautrix-telegram}
|
|
|
|
|
}
|
|
|
|
|
'';
|
|
|
|
|
logFormat = ''
|
|
|
|
|
output file ${config.services.caddy.logDir}/access.log {
|
|
|
|
|
mode 640
|
|
|
|
|
}
|
|
|
|
|
'';
|
|
|
|
|
};
|
2024-02-23 01:56:51 +02:00
|
|
|
|
2024-11-30 01:10:27 +02:00
|
|
|
"catnip.ee" = {
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
tls {
|
|
|
|
|
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
|
|
|
|
resolvers 1.1.1.1
|
|
|
|
|
}
|
2024-11-12 23:50:21 +02:00
|
|
|
|
2024-11-30 01:10:27 +02:00
|
|
|
root * ${inputs.catnip-website}
|
|
|
|
|
file_server browse {
|
|
|
|
|
hide .git
|
|
|
|
|
}
|
2024-03-27 15:26:19 +02:00
|
|
|
|
2024-11-30 01:10:27 +02:00
|
|
|
handle /.well-known/matrix/client {
|
|
|
|
|
header Content-Type application/json
|
|
|
|
|
header Access-Control-Allow-Origin *
|
|
|
|
|
respond `{"m.homeserver":{"base_url":"https://matrix.catnip.ee/"},"org.matrix.msc3575.proxy":{"url":"https://sliding-sync.catnip.ee"}}`
|
|
|
|
|
}
|
|
|
|
|
handle /.well-known/matrix/server {
|
|
|
|
|
header Content-Type application/json
|
|
|
|
|
header Access-Control-Allow-Origin *
|
|
|
|
|
respond `{"m.server": "matrix.catnip.ee:443"}`
|
|
|
|
|
}
|
|
|
|
|
'';
|
|
|
|
|
logFormat = ''
|
|
|
|
|
output file ${config.services.caddy.logDir}/access.log {
|
|
|
|
|
mode 640
|
|
|
|
|
}
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
"www.catnip.ee" = {
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
tls {
|
|
|
|
|
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
|
|
|
|
resolvers 1.1.1.1
|
|
|
|
|
}
|
2024-11-12 23:50:21 +02:00
|
|
|
|
2024-11-30 01:10:27 +02:00
|
|
|
redir https://catnip.ee{uri} permanent
|
|
|
|
|
'';
|
|
|
|
|
logFormat = ''
|
|
|
|
|
output file ${config.services.caddy.logDir}/access.log {
|
|
|
|
|
mode 640
|
|
|
|
|
}
|
|
|
|
|
'';
|
|
|
|
|
};
|
2024-02-23 01:56:51 +02:00
|
|
|
|
2024-11-30 01:10:27 +02:00
|
|
|
"confess.catnip.ee" = {
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
tls {
|
|
|
|
|
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
|
|
|
|
resolvers 1.1.1.1
|
|
|
|
|
}
|
2024-11-12 23:50:21 +02:00
|
|
|
|
2024-11-30 01:10:27 +02:00
|
|
|
reverse_proxy :${toString config.services.confess-web.port}
|
|
|
|
|
'';
|
|
|
|
|
logFormat = ''
|
|
|
|
|
output file ${config.services.caddy.logDir}/access.log {
|
|
|
|
|
mode 640
|
|
|
|
|
}
|
|
|
|
|
'';
|
|
|
|
|
};
|
2024-02-23 01:56:51 +02:00
|
|
|
|
|
|
|
|
":80".extraConfig = ''
|
|
|
|
|
respond awawaw
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
