diff --git a/hosts/nimbus/configuration.nix b/hosts/nimbus/configuration.nix index b3dfd9b..6a15891 100644 --- a/hosts/nimbus/configuration.nix +++ b/hosts/nimbus/configuration.nix @@ -9,8 +9,8 @@ inputs.agenix.nixosModules.default ./hardware-configuration.nix ../../modules/nixos/tailscale.nix + ../../modules/nixos/caddy.nix ../../modules/nixos/matrix.nix - ../../modules/nixos/website.nix ]; # Workaround for https://github.com/NixOS/nix/issues/8502 diff --git a/modules/nixos/caddy.nix b/modules/nixos/caddy.nix new file mode 100644 index 0000000..4c3b5d2 --- /dev/null +++ b/modules/nixos/caddy.nix @@ -0,0 +1,64 @@ +{ + systemd.tmpfiles.rules = [ + "d /var/www/jankremer.de 755 jan users -" + ]; + + services.caddy = { + enable = true; + virtualHosts = { + "jankremer.de:8448".extraConfig = # caddyfile + '' + reverse_proxy localhost:6167 + ''; + + "jankremer.de".extraConfig = # caddyfile + '' + handle /_matrix/* { + reverse_proxy localhost:6167 + } + + handle /.well-known/matrix/server { + header Content-Type application/json + respond `{"m.server": "jankremer.de:443"}` 200 + } + + handle /.well-known/matrix/client { + header Content-Type application/json + header Access-Control-Allow-Origin * + respond `{"m.homeserver": {"base_url": "https://jankremer.de"}}` 200 + } + + handle { + root * /var/www/jankremer.de + file_server + + @static { + path *.css *.js *.woff2 *.woff *.ttf *.png *.jpg *.jpeg *.svg *.ico *.webp + } + header @static Cache-Control "public, max-age=31536000, immutable" + + @html { + path *.html + } + header @html Cache-Control "no-cache" + } + + handle_errors { + rewrite * /404.html + file_server + } + ''; + + "jankremer.eu".extraConfig = # caddyfile + '' + redir https://jankremer.de{uri} permanent + ''; + }; + }; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + 8448 + ]; +} diff --git a/modules/nixos/matrix.nix b/modules/nixos/matrix.nix index eb696d2..379a790 100644 --- a/modules/nixos/matrix.nix +++ b/modules/nixos/matrix.nix @@ -17,42 +17,4 @@ }; }; }; - - services.caddy = { - enable = true; - ## Matrix federation - virtualHosts = { - "jankremer.de:8448" = { - extraConfig = # caddyfile - '' - reverse_proxy localhost:6167 - ''; - }; - "jankremer.de" = { - extraConfig = # caddyfile - '' - handle /_matrix/* { - reverse_proxy localhost:6167 - } - - handle /.well-known/matrix/server { - header Content-Type application/json - respond `{"m.server": "jankremer.de:443"}` 200 - } - - handle /.well-known/matrix/client { - header Content-Type application/json - header Access-Control-Allow-Origin * - respond `{"m.homeserver": {"base_url": "https://jankremer.de"}}` 200 - } - ''; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ - 80 - 443 - 8448 - ]; } diff --git a/modules/nixos/website.nix b/modules/nixos/website.nix deleted file mode 100644 index 37bd1b2..0000000 --- a/modules/nixos/website.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ - systemd.tmpfiles.rules = [ - "d /var/www/jankremer.de 755 jan users -" - ]; - - services.caddy.virtualHosts = { - "jankremer.de".extraConfig = # caddyfile - '' - handle { - root * /var/www/jankremer.de - file_server - - @static { - path *.css *.js *.woff2 *.woff *.ttf *.png *.jpg *.jpeg *.svg *.ico *.webp - } - header @static Cache-Control "public, max-age=31536000, immutable" - - @html { - path *.html - } - header @html Cache-Control "no-cache" - - handle_errors { - rewrite * /404.html - file_server - } - } - ''; - - "jankremer.eu".extraConfig = # caddyfile - '' - redir https://jankremer.de{uri} permanent - ''; - }; - - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; -}