77 lines
2 KiB
Nix
77 lines
2 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
services.caddy = {
|
|
enable = true;
|
|
email = "postmaster@extremist.software";
|
|
virtualHosts = {
|
|
"extremist.software" = {
|
|
useACMEHost = "extremist.software";
|
|
extraConfig = ''
|
|
handle /.well-known/acme-challenge/* {
|
|
root * /var/lib/acme/acme-challenge
|
|
file_server
|
|
}
|
|
handle {
|
|
respond "Hi"
|
|
}
|
|
'';
|
|
};
|
|
|
|
"git.extremist.software" = {
|
|
extraConfig = ''
|
|
reverse_proxy localhost:3000
|
|
'';
|
|
};
|
|
|
|
"mail.extremist.software" = {
|
|
useACMEHost = "extremist.software";
|
|
extraConfig = ''
|
|
handle /.well-known/acme-challenge/* {
|
|
root * /var/lib/acme/acme-challenge
|
|
file_server
|
|
}
|
|
handle {
|
|
reverse_proxy localhost:8080
|
|
}
|
|
'';
|
|
};
|
|
|
|
"search.extremist.software" = {
|
|
extraConfig = ''
|
|
reverse_proxy localhost:8082
|
|
'';
|
|
};
|
|
|
|
"status.extremist.software" = {
|
|
extraConfig = ''
|
|
reverse_proxy localhost:3001 # Grafana
|
|
'';
|
|
};
|
|
|
|
"matrix.extremist.software" = {
|
|
extraConfig = ''
|
|
reverse_proxy /_matrix/* localhost:6167
|
|
reverse_proxy /_synapse/client/* localhost:6167
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
|
|
# Configure ACME to fetch Let's Encrypt certificates so they can be shared with other services like Stalwart
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "postmaster@extremist.software";
|
|
defaults.server = "https://acme-v02.api.letsencrypt.org/directory";
|
|
certs."extremist.software" = {
|
|
webroot = "/var/lib/acme/acme-challenge";
|
|
extraDomainNames = [ "mail.extremist.software" ];
|
|
group = "acme";
|
|
};
|
|
};
|
|
|
|
# Ensure Caddy can read the certs too now that they are in the acme group
|
|
users.users.caddy.extraGroups = [ "acme" ];
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
}
|