modules/server/networking/caddy.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

{
  networking.firewall.allowedTCPPorts = [
    80
    443
  ];

  services.caddy = {
    enable = true;

    virtualHosts =
      let
        onion = "fuwnme4wbs5x36jjf2usedw2zscozwhazykhyfkjsmudtb7egs3mb7yd.onion";
      in
      {
        "mayu.due.moe".extraConfig = "reverse_proxy localhost:8098";
        "counter.due.moe".extraConfig = "reverse_proxy localhost:8098";
        "bin.fuwn.me".extraConfig = "reverse_proxy localhost:8090";
        "status.due.moe".extraConfig = "reverse_proxy localhost:8099";
        "beszel.fuwn.me".extraConfig = "reverse_proxy localhost:8083";
        ${onion}.extraConfig = "reverse_proxy localhost:8084";

        "fuwn.me".extraConfig = ''
          reverse_proxy localhost:8084

          header Onion-Location http://${onion}{path}

          @blocked {
            path /proxy/illegaldrugs.net/cgi-bin/news.php*
            path /proxy/scholasticdiversity.us.to/scriptures/*
            path /proxy/jsreed5.org/oeis/*
          }
          respond @blocked 403

          @no_forwarded_for not header X-Forwarded-For *
          request_header @no_forwarded_for X-Forwarded-For {remote_host}
          respond /whoami {header.X-Forwarded-For} 200
        '';
      };
  };
}