migrate chunk to caddy module

Signed-off-by: cy <cy@cy7.sh>

hosts/chunk/Caddyfile

@@ -1,89 +0,0 @@
-{
-  acme_ca https://acme.zerossl.com/v2/DV90
-  acme_eab {
-    key_id {$EAB_KEY_ID}
-    mac_key {$EAB_MAC_KEY}
-  }
-}
-
-(common) {
-  encode zstd gzip
-  header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
-}
-
-git.cything.io {
-  import common
-
-  # wrap in route so things are evaluated in the order written
-  route {
-    # rewrite gitlab URIs to make it work with forgejo
-    uri path_regexp /-/ /
-    uri replace /blob/ /src/
-    redir https://git.cy7.sh{uri} permanent
-  }
-}
-
-git.cy7.sh {
-  import common
-  reverse_proxy localhost:3000
-}
-
-rss.cy7.sh {
-  import common
-  reverse_proxy localhost:8080
-}
-
-photos.cy7.sh {
-  import common
-  reverse_proxy localhost:2283
-}
-
-chat.cything.io {
-  import common
-  reverse_proxy localhost:8448
-}
-
-pass.cy7.sh {
-  import common
-  reverse_proxy localhost:8081
-}
-
-dns.cything.io {
-  import common
-  reverse_proxy localhost:8082
-}
-
-pad.cything.io {
-  import common
-  reverse_proxy localhost:8085
-}
-
-red.cything.io {
-  import common
-  reverse_proxy localhost:8087
-}
-
-grafana.cything.io {
-  import common
-  reverse_proxy localhost:8088
-}
-
-element.cything.io {
-  import common
-  reverse_proxy localhost:8089
-}
-
-cache.cything.io {
-  import common
-  reverse_proxy localhost:8090
-}
-
-s3.cy7.sh {
-  import common
-  reverse_proxy localhost:3900
-}
-
-admin.s3.cy7.sh {
-  import common
-  reverse_proxy localhost:3903
-}

hosts/chunk/adguard.nix

@@ -21,4 +21,9 @@
       ];
     };
   };
+
+  services.caddy.virtualHosts."dns.cything.io".extraConfig = ''
+    import common
+    reverse_proxy localhost:8082
+  '';
 }

hosts/chunk/attic.nix

@@ -31,4 +31,9 @@
       };
     };
   };
+
+  services.caddy.virtualHosts."cache.cything.io".extraConfig = ''
+    import common
+    reverse_proxy localhost:8090
+  '';
 }

hosts/chunk/conduwuit.nix

@@ -10,4 +10,9 @@
       allow_check_for_updates = true;
     };
   };
+
+  services.caddy.virtualHosts."chat.cything.io".extraConfig = ''
+    import common
+    reverse_proxy localhost:8448
+  '';
 }

hosts/chunk/default.nix

@@ -183,11 +183,13 @@
   programs.gnupg.agent.enable = true;
   programs.git.enable = true;
 
-  services.caddy = {
+  my.caddy.enable = true;
-    enable = true;
+  services.caddy.virtualHosts."cy7.sh" = {
-    configFile = ./Caddyfile;
+    serverAliases = [ "www.cy7.sh" ];
-    environmentFile = config.sops.secrets."caddy/env".path;
+    extraConfig = ''
-    logFormat = lib.mkForce "level INFO";
+      import common
+      redir https://cything.io temporary
+    '';
   };
 
   # container stuff

hosts/chunk/deluge.nix

@@ -7,4 +7,9 @@
       port = 8112;
     };
   };
+
+  services.caddy.virtualHosts."t.cy7.sh".extraConfig = ''
+    import common
+    reverse_proxy localhost:8112
+  '';
 }

hosts/chunk/element.nix

@@ -25,4 +25,9 @@
       ${pkgs.podman}/bin/podman network create element-net
     '';
   };
+
+  services.caddy.virtualHosts."element.cy7.sh".extraConfig = ''
+    import common
+    reverse_proxy localhost:8089
+  '';
 }

hosts/chunk/forgejo.nix

@@ -30,4 +30,20 @@
       name = "git";
     };
   };
+
+  services.caddy.virtualHosts."git.cy7.sh".extraConfig = ''
+    import common
+    reverse_proxy localhost:3000
+  '';
+  services.caddy.virtualHosts."git.cything.io".extraConfig = ''
+    import common
+
+    # wrap in route so things are evaluated in the order written
+    route {
+      # rewrite gitlab URIs to make it work with forgejo
+      uri path_regexp /-/ /
+      uri replace /blob/ /src/
+      redir https://git.cy7.sh{uri} permanent
+    }
+  '';
 }

hosts/chunk/garage.nix

@@ -16,4 +16,9 @@
     };
     environmentFile = config.sops.secrets."garage/env".path;
   };
+
+  services.caddy.virtualHosts."s3.cy7.sh".extraConfig = ''
+    import common
+    reverse_proxy localhost:3900
+  '';
 }

hosts/chunk/grafana.nix

@@ -31,4 +31,9 @@
       }
     ];
   };
+
+  services.caddy.virtualHosts."grafana.cy7.sh".extraConfig = ''
+    import common
+    reverse_proxy localhost:8088
+  '';
 }

hosts/chunk/hedgedoc.nix

@@ -16,4 +16,9 @@
       protocolUseSSL = true;
     };
   };
+
+  services.caddy.virtualHosts."pad.cy7.sh".extraConfig = ''
+    import common
+    reverse_proxy localhost:8085
+  '';
 }

hosts/chunk/immich.nix

@@ -95,4 +95,9 @@ in
       ${pkgs.podman}/bin/podman network create immich-net
     '';
   };
+
+  services.caddy.virtualHosts."photos.cy7.sh".extraConfig = ''
+    import common
+    reverse_proxy localhost:2283
+  '';
 }

hosts/chunk/miniflux.nix

@@ -9,4 +9,9 @@
       FORCE_REFRESH_INTERVAL = 0; # don't rate limit me
     };
   };
+
+  services.caddy.virtualHosts."rss.cy7.sh".extraConfig = ''
+    import common
+    reverse_proxy localhost:8080
+  '';
 }

hosts/chunk/redlib.nix

@@ -10,4 +10,9 @@
       REDLIB_ROBOTS_DISABLE_INDEXING = "on";
     };
   };
+
+  services.caddy.virtualHosts."red.cy7.sh".extraConfig = ''
+    import common
+    reverse_proxy localhost:8087
+  '';
 }

hosts/chunk/vaultwarden.nix

@@ -10,4 +10,9 @@
       DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden";
     };
   };
+
+  services.caddy.virtualHosts."pass.cy7.sh".extraConfig = ''
+    import common
+    reverse_proxy localhost:8081
+  '';
 }

modules/caddy.nix

@@ -0,0 +1,27 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.my.caddy;
+in
+{
+  options.my.caddy = {
+    enable = lib.mkEnableOption "caddy reverse proxy";
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.caddy = {
+      enable = true;
+      logFormat = lib.mkForce "level INFO";
+      acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
+      extraConfig = ''
+        (common) {
+          encode zstd gzip
+          header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
+        }
+      '';
+    };
+  };
+}

modules/default.nix

@@ -2,5 +2,6 @@
 {
   imports = [
     ./backup.nix
+    ./caddy.nix
   ];
 }