2 files changed, 42 insertions, 0 deletions

diff --git a/modules/server/networking/caddy.nix b/modules/server/networking/caddy.nix
new file mode 100644
index 0000000..aae8fb7
--- /dev/null
+++ b/modules/server/networking/caddy.nix
@@ -0,0 +1,28 @@
+{
+  services.caddy = {
+    enable = true;
+
+    virtualHosts = {
+      "mayu.due.moe".extraConfig = "reverse_proxy localhost:8098";
+      "counter.due.moe".extraConfig = "reverse_proxy localhost:8098";
+      "bin.fuwn.me".extraConfig = "reverse_proxy localhost:8090";
+
+      "fuwn.me".extraConfig = ''
+        reverse_proxy localhost:8084
+
+        header Onion-Location http://fuwnme4wbs5x36jjf2usedw2zscozwhazykhyfkjsmudtb7egs3mb7yd.onion{path}
+
+        @blocked {
+          path /proxy/illegaldrugs.net/cgi-bin/news.php*
+          path /proxy/scholasticdiversity.us.to/scriptures/*
+          path /proxy/jsreed5.org/oeis/*
+        }
+        respond @blocked 403
+
+        @no_forwarded_for not header X-Forwarded-For *
+        request_header @no_forwarded_for X-Forwarded-For {remote_host}
+        respond /whoami {header.X-Forwarded-For} 200
+      '';
+    };
+  };
+}
diff --git a/modules/server/networking/default.nix b/modules/server/networking/default.nix
new file mode 100644
index 0000000..c71b072
--- /dev/null
+++ b/modules/server/networking/default.nix
@@ -0,0 +1,14 @@
+{
+  imports = [ ./caddy.nix ];
+  services.openssh.enable = true;
+
+  networking = {
+    hostName = "himeji";
+    domain = "";
+
+    firewall.allowedTCPPorts = [
+      80
+      443
+    ];
+  };
+}