containers: move caddy virtual hosts to container files

author: Fuwn <[email protected]> 2024-10-07 21:02:40 -0700
committer: Fuwn <[email protected]> 2024-10-07 21:04:52 -0700
commit: 8ce67ac79ff3db29d0d7eb8745ecee70dc7fbe0a (patch)
tree: ad945bb8d9b0cc4390ee66ef96a72bacf2344da8 /modules/server
parent: server: use caddy-tailscale (diff)
download: nixos-config-8ce67ac79ff3db29d0d7eb8745ecee70dc7fbe0a.tar.xz
nixos-config-8ce67ac79ff3db29d0d7eb8745ecee70dc7fbe0a.zip
7 files changed, 59 insertions, 57 deletions
diff --git a/modules/server/networking/caddy.nix b/modules/server/networking/caddy.nix
index a95ff5d..fe07ed4 100644
--- a/modules/server/networking/caddy.nix
+++ b/modules/server/networking/caddy.nix
@@ -11,35 +11,5 @@
   services.caddy = {
     enable = true;
     package = pkgs.caddy-tailscale;
-
-    virtualHosts =
-      let
-        onion = "fuwnme4wbs5x36jjf2usedw2zscozwhazykhyfkjsmudtb7egs3mb7yd.onion";
-      in
-      {
-        "mayu.due.moe".extraConfig = "reverse_proxy localhost:8098";
-        "counter.due.moe".extraConfig = "reverse_proxy localhost:8098";
-        "bin.fuwn.me".extraConfig = "reverse_proxy localhost:8090";
-        "status.due.moe".extraConfig = "reverse_proxy localhost:8099";
-        "beszel.fuwn.me".extraConfig = "reverse_proxy localhost:8083";
-        ${onion}.extraConfig = "reverse_proxy localhost:8084";
-
-        "fuwn.me".extraConfig = ''
-          reverse_proxy localhost:8084
-
-          header Onion-Location http://${onion}{path}
-
-          @blocked {
-            path /proxy/illegaldrugs.net/cgi-bin/news.php*
-            path /proxy/scholasticdiversity.us.to/scriptures/*
-            path /proxy/jsreed5.org/oeis/*
-          }
-          respond @blocked 403
-
-          @no_forwarded_for not header X-Forwarded-For *
-          request_header @no_forwarded_for X-Forwarded-For {remote_host}
-          respond /whoami {header.X-Forwarded-For} 200
-        '';
-      };
   };
 }
diff --git a/modules/server/networking/tor.nix b/modules/server/networking/tor.nix
index ab9afcc..05e7fb7 100644
--- a/modules/server/networking/tor.nix
+++ b/modules/server/networking/tor.nix
@@ -1,37 +1,41 @@
 {
-  services.tor = {
-    enable = true;
-    enableGeoIP = false;
+  services = {
+    caddy.virtualHosts."fuwnme4wbs5x36jjf2usedw2zscozwhazykhyfkjsmudtb7egs3mb7yd.onion".extraConfig = "reverse_proxy localhost:8084";
 
-    relay.onionServices = {
-      "fuwn.me" = {
-        version = 3;
+    tor = {
+      enable = true;
+      enableGeoIP = false;
 
-        map = [
-          {
-            port = 80;
+      relay.onionServices = {
+        "fuwn.me" = {
+          version = 3;
 
-            target = {
-              addr = "[::1]";
-              port = 8084;
-            };
-          }
-          {
-            port = 80;
+          map = [
+            {
+              port = 80;
 
-            target = {
-              addr = "0.0.0.0";
-              port = 8084;
-            };
-          }
-        ];
+              target = {
+                addr = "[::1]";
+                port = 8084;
+              };
+            }
+            {
+              port = 80;
+
+              target = {
+                addr = "0.0.0.0";
+                port = 8084;
+              };
+            }
+          ];
+        };
       };
-    };
 
-    settings = {
-      ClientUseIPv4 = true;
-      ClientUseIPv6 = true;
-      ClientPreferIPv6ORPort = true;
+      settings = {
+        ClientUseIPv4 = true;
+        ClientUseIPv6 = true;
+        ClientPreferIPv6ORPort = true;
+      };
     };
   };
 }
diff --git a/modules/server/virtualisation/containers/beszel.nix b/modules/server/virtualisation/containers/beszel.nix
index c86a109..269b4c5 100644
--- a/modules/server/virtualisation/containers/beszel.nix
+++ b/modules/server/virtualisation/containers/beszel.nix
@@ -1,5 +1,7 @@
 { config, ... }:
 {
+  services.caddy.virtualHosts."beszel.fuwn.me".extraConfig = "reverse_proxy localhost:8083";
+
   virtualisation.oci-containers.containers.beszel = {
     inherit (config.modules.containers) extraOptions;
 
diff --git a/modules/server/virtualisation/containers/mayu.nix b/modules/server/virtualisation/containers/mayu.nix
index 06f818b..29273d1 100644
--- a/modules/server/virtualisation/containers/mayu.nix
+++ b/modules/server/virtualisation/containers/mayu.nix
@@ -1,5 +1,10 @@
 { config, ... }:
 {
+  services.caddy.virtualHosts = {
+    "mayu.due.moe".extraConfig = "reverse_proxy localhost:8098";
+    "counter.due.moe".extraConfig = "reverse_proxy localhost:8098";
+  };
+
   virtualisation.oci-containers.containers.mayu = {
     inherit (config.modules.containers) extraOptions;
 
diff --git a/modules/server/virtualisation/containers/september.nix b/modules/server/virtualisation/containers/september.nix
index d48666c..68dbd2b 100644
--- a/modules/server/virtualisation/containers/september.nix
+++ b/modules/server/virtualisation/containers/september.nix
@@ -1,5 +1,22 @@
 { config, ... }:
 {
+  services.caddy.virtualHosts."fuwn.me".extraConfig = ''
+    reverse_proxy localhost:8084
+
+    header Onion-Location http://fuwnme4wbs5x36jjf2usedw2zscozwhazykhyfkjsmudtb7egs3mb7yd.onion{path}
+
+    @blocked {
+      path /proxy/illegaldrugs.net/cgi-bin/news.php*
+      path /proxy/scholasticdiversity.us.to/scriptures/*
+      path /proxy/jsreed5.org/oeis/*
+    }
+    respond @blocked 403
+
+    @no_forwarded_for not header X-Forwarded-For *
+    request_header @no_forwarded_for X-Forwarded-For {remote_host}
+    respond /whoami {header.X-Forwarded-For} 200
+  '';
+
   virtualisation.oci-containers.containers.september = {
     inherit (config.modules.containers) extraOptions;
 
diff --git a/modules/server/virtualisation/containers/uptime-kuma.nix b/modules/server/virtualisation/containers/uptime-kuma.nix
index a4406d7..b3de506 100644
--- a/modules/server/virtualisation/containers/uptime-kuma.nix
+++ b/modules/server/virtualisation/containers/uptime-kuma.nix
@@ -1,5 +1,7 @@
 { config, ... }:
 {
+  services.caddy.virtualHosts."status.due.moe".extraConfig = "reverse_proxy localhost:8099";
+
   virtualisation.oci-containers.containers.uptime-kuma = {
     inherit (config.modules.containers) extraOptions;
 
diff --git a/modules/server/virtualisation/containers/wastebin.nix b/modules/server/virtualisation/containers/wastebin.nix
index 358a9ba..4a69fd3 100644
--- a/modules/server/virtualisation/containers/wastebin.nix
+++ b/modules/server/virtualisation/containers/wastebin.nix
@@ -1,5 +1,7 @@
 { config, ... }:
 {
+  services.caddy.virtualHosts."bin.fuwn.me".extraConfig = "reverse_proxy localhost:8090";
+
   virtualisation.oci-containers.containers.bin = {
     inherit (config.modules.containers) extraOptions;
author	Fuwn <[email protected]>	2024-10-07 21:02:40 -0700
committer	Fuwn <[email protected]>	2024-10-07 21:04:52 -0700
commit	8ce67ac79ff3db29d0d7eb8745ecee70dc7fbe0a (patch)
tree	ad945bb8d9b0cc4390ee66ef96a72bacf2344da8 /modules/server
parent	server: use caddy-tailscale (diff)
download	nixos-config-8ce67ac79ff3db29d0d7eb8745ecee70dc7fbe0a.tar.xz nixos-config-8ce67ac79ff3db29d0d7eb8745ecee70dc7fbe0a.zip