caddy: move to vno1-oh2

2023-08-25 16:44:41 +03:00 · 2023-08-25 16:44:41 +03:00 · cc6af1c68f
commit cc6af1c68f
parent ee4a2cc4b7
3 changed files with 46 additions and 8 deletions
--- a/data.nix
+++ b/data.nix
@ -80,8 +80,8 @@ rec {
    @                                SOA   ns1.jakstys.lt. motiejus.jakstys.lt. (2023032100 86400 86400 86400 86400)
    @                                NS    ns1.jakstys.lt.
    @                                NS    ns2.jakstys.lt.
-    @                60              A     ${hel1a}
-    www              60              A     ${hel1a}
+    @                60              A     ${vno1}
+    www              60              A     ${vno1}
    ns1                              A     ${vno1}
    ns2                              A     ${hel1a}
    vpn             600              A     ${hel1a}
--- a/hosts/hel1-a/configuration.nix
+++ b/hosts/hel1-a/configuration.nix
@ -119,12 +119,12 @@
    caddy = {
      enable = true;
      email = "motiejus+acme@jakstys.lt";
-      virtualHosts."www.jakstys.lt".extraConfig = ''
-        redir https://jakstys.lt
-      '';
      virtualHosts."fwmine.jakstys.lt".extraConfig = ''
        reverse_proxy fwmine.motiejus.jakst:8080
      '';
+      virtualHosts."www.jakstys.lt".extraConfig = ''
+        redir https://jakstys.lt
+      '';
      virtualHosts."jakstys.lt" = {
        logFormat = ''
          output file ${config.services.caddy.logDir}/access-jakstys.lt.log {
--- a/hosts/vno1-oh2/configuration.nix
+++ b/hosts/vno1-oh2/configuration.nix
@ -158,10 +158,48 @@
    caddy = {
      enable = true;
      email = "motiejus+acme@jakstys.lt";
-      virtualHosts."grafana.jakstys.lt" = {
+      virtualHosts."grafana.jakstys.lt".extraConfig = ''
+        reverse_proxy 127.0.0.1:3000
+        tls {$CREDENTIALS_DIRECTORY}/grafana.jakstys.lt-cert.pem {$CREDENTIALS_DIRECTORY}/grafana.jakstys.lt-key.pem
+      '';
+      virtualHosts."www.jakstys.lt".extraConfig = ''
+        redir https://jakstys.lt
+      '';
+      virtualHosts."jakstys.lt" = {
+        logFormat = ''
+          output file ${config.services.caddy.logDir}/access-jakstys.lt.log {
+            roll_disabled
+          }
+        '';
        extraConfig = ''
-          reverse_proxy 127.0.0.1:3000
-          tls {$CREDENTIALS_DIRECTORY}/grafana.jakstys.lt-cert.pem {$CREDENTIALS_DIRECTORY}/grafana.jakstys.lt-key.pem
+          header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+
+          header /_/* Cache-Control "public, max-age=31536000, immutable"
+
+          root * /var/www/jakstys.lt
+          file_server {
+            precompressed br gzip
+          }
+
+          @matrixMatch {
+            path /.well-known/matrix/client
+            path /.well-known/matrix/server
+          }
+          header @matrixMatch Content-Type application/json
+          header @matrixMatch Access-Control-Allow-Origin *
+          header @matrixMatch Cache-Control "public, max-age=3600, immutable"
+
+          handle /.well-known/matrix/client {
+            respond "{\"m.homeserver\": {\"base_url\": \"https://jakstys.lt\"}}" 200
+          }
+          handle /.well-known/matrix/server {
+            respond "{\"m.server\": \"jakstys.lt:443\"}" 200
+          }
+
+          handle /_matrix/* {
+            encode gzip
+            reverse_proxy http://127.0.0.1:${toString myData.ports.matrix-synapse}
+          }
        '';
      };
    };