diff --git a/hosts/chunk/adguard.nix b/hosts/chunk/adguard.nix index 74207fc..fe4b9bb 100644 --- a/hosts/chunk/adguard.nix +++ b/hosts/chunk/adguard.nix @@ -21,9 +21,4 @@ ]; }; }; - - services.caddy.virtualHosts."dns.cything.io".extraConfig = '' - import common - reverse_proxy localhost:8082 - ''; } diff --git a/hosts/chunk/attic.nix b/hosts/chunk/attic.nix index c41e985..2f84394 100644 --- a/hosts/chunk/attic.nix +++ b/hosts/chunk/attic.nix @@ -31,9 +31,4 @@ }; }; }; - - services.caddy.virtualHosts."cache.cything.io".extraConfig = '' - import common - reverse_proxy localhost:8090 - ''; } diff --git a/hosts/chunk/conduwuit.nix b/hosts/chunk/conduwuit.nix index 8aa8998..25c85ab 100644 --- a/hosts/chunk/conduwuit.nix +++ b/hosts/chunk/conduwuit.nix @@ -10,9 +10,4 @@ allow_check_for_updates = true; }; }; - - services.caddy.virtualHosts."chat.cything.io".extraConfig = '' - import common - reverse_proxy localhost:8448 - ''; } diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 577e9b5..6021b41 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -183,13 +183,11 @@ programs.gnupg.agent.enable = true; programs.git.enable = true; - my.caddy.enable = true; - services.caddy.virtualHosts."cy7.sh" = { - serverAliases = [ "www.cy7.sh" ]; - extraConfig = '' - import common - redir https://cything.io temporary - ''; + services.caddy = { + enable = true; + configFile = ./Caddyfile; + environmentFile = config.sops.secrets."caddy/env".path; + logFormat = lib.mkForce "level INFO"; }; # container stuff diff --git a/hosts/chunk/deluge.nix b/hosts/chunk/deluge.nix index 5dd3fd4..638c728 100644 --- a/hosts/chunk/deluge.nix +++ b/hosts/chunk/deluge.nix @@ -7,9 +7,4 @@ port = 8112; }; }; - - services.caddy.virtualHosts."t.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:8112 - ''; } diff --git a/hosts/chunk/element.nix b/hosts/chunk/element.nix index 5a12e1e..81ab246 100644 --- a/hosts/chunk/element.nix +++ b/hosts/chunk/element.nix @@ -25,9 +25,4 @@ ${pkgs.podman}/bin/podman network create element-net ''; }; - - services.caddy.virtualHosts."element.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:8089 - ''; } diff --git a/hosts/chunk/forgejo.nix b/hosts/chunk/forgejo.nix index 26fb541..fd842ce 100644 --- a/hosts/chunk/forgejo.nix +++ b/hosts/chunk/forgejo.nix @@ -30,20 +30,4 @@ name = "git"; }; }; - - services.caddy.virtualHosts."git.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:3000 - ''; - services.caddy.virtualHosts."git.cything.io".extraConfig = '' - import common - - # wrap in route so things are evaluated in the order written - route { - # rewrite gitlab URIs to make it work with forgejo - uri path_regexp /-/ / - uri replace /blob/ /src/ - redir https://git.cy7.sh{uri} permanent - } - ''; } diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index 75730a1..fe3ef46 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -16,9 +16,4 @@ }; environmentFile = config.sops.secrets."garage/env".path; }; - - services.caddy.virtualHosts."s3.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:3900 - ''; } diff --git a/hosts/chunk/grafana.nix b/hosts/chunk/grafana.nix index 007bcf1..0575f51 100644 --- a/hosts/chunk/grafana.nix +++ b/hosts/chunk/grafana.nix @@ -31,9 +31,4 @@ } ]; }; - - services.caddy.virtualHosts."grafana.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:8088 - ''; } diff --git a/hosts/chunk/hedgedoc.nix b/hosts/chunk/hedgedoc.nix index 62505f9..1988520 100644 --- a/hosts/chunk/hedgedoc.nix +++ b/hosts/chunk/hedgedoc.nix @@ -16,9 +16,4 @@ protocolUseSSL = true; }; }; - - services.caddy.virtualHosts."pad.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:8085 - ''; } diff --git a/hosts/chunk/immich.nix b/hosts/chunk/immich.nix index 9661e8c..2062330 100644 --- a/hosts/chunk/immich.nix +++ b/hosts/chunk/immich.nix @@ -95,9 +95,4 @@ in ${pkgs.podman}/bin/podman network create immich-net ''; }; - - services.caddy.virtualHosts."photos.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:2283 - ''; } diff --git a/hosts/chunk/miniflux.nix b/hosts/chunk/miniflux.nix index 84783f6..f40b2b6 100644 --- a/hosts/chunk/miniflux.nix +++ b/hosts/chunk/miniflux.nix @@ -9,9 +9,4 @@ FORCE_REFRESH_INTERVAL = 0; # don't rate limit me }; }; - - services.caddy.virtualHosts."rss.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:8080 - ''; } diff --git a/hosts/chunk/redlib.nix b/hosts/chunk/redlib.nix index d095da5..39585f1 100644 --- a/hosts/chunk/redlib.nix +++ b/hosts/chunk/redlib.nix @@ -10,9 +10,4 @@ REDLIB_ROBOTS_DISABLE_INDEXING = "on"; }; }; - - services.caddy.virtualHosts."red.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:8087 - ''; } diff --git a/hosts/chunk/vaultwarden.nix b/hosts/chunk/vaultwarden.nix index 7529610..b97835e 100644 --- a/hosts/chunk/vaultwarden.nix +++ b/hosts/chunk/vaultwarden.nix @@ -10,9 +10,4 @@ DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden"; }; }; - - services.caddy.virtualHosts."pass.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:8081 - ''; } diff --git a/modules/caddy.nix b/modules/caddy.nix deleted file mode 100644 index 6d38b01..0000000 --- a/modules/caddy.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.my.caddy; -in -{ - options.my.caddy = { - enable = lib.mkEnableOption "caddy reverse proxy"; - }; - - config = lib.mkIf cfg.enable { - services.caddy = { - enable = true; - logFormat = lib.mkForce "level INFO"; - acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; - extraConfig = '' - (common) { - encode zstd gzip - header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" - } - ''; - }; - }; -} diff --git a/modules/default.nix b/modules/default.nix index 070a96e..2155137 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -2,6 +2,5 @@ { imports = [ ./backup.nix - ./caddy.nix ]; }