setup vps1 ingress

newinfra/nix/modules/ingress/Caddyfile

@@ -0,0 +1,29 @@
+{
+	email nilstrieb@proton.me
+}
+
+# https://gist.github.com/ryanburnette/d13575c9ced201e73f8169d3a793c1a3
+(cors) {
+	@cors_preflight{args.0} method OPTIONS
+	@cors{args.0} header Origin {args.0}
+
+	handle @cors_preflight{args.0} {
+		header {
+			Access-Control-Allow-Origin "{args.0}"
+			Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS"
+			Access-Control-Allow-Credentials "false"
+			Access-Control-Allow-Headers "${args.1}"
+			Access-Control-Max-Age "86400"
+			defer
+		}
+		respond "" 204
+	}
+
+	handle @cors{args.0} {
+		header {
+			Access-Control-Allow-Origin "{args.0}"
+			Access-Control-Expose-Headers *
+			defer
+		}
+	}
+}

newinfra/nix/modules/ingress/debugging-page/index.html

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>nora' server</title>
+</head>
+<body>
+    <h1>congrats, you landed on my server (100% NixOS) directly!?</h1>
+    <p>sorry, but there isn't anything cool here. this is <b>my</b> infra, you are not allowed here.</p>
+    <p>if you do want to be allowed here, then uh.. still no.</p>
+    <p>:3</p>
+</body>
+</html>

newinfra/nix/modules/ingress/default.nix

@@ -1 +1,20 @@
-{ ... }: { }
+{ pkgs, ... }: {
+  networking.firewall.allowedTCPPorts = [
+    22
+    443
+  ];
+
+  services.caddy = {
+    enable = true;
+    configFile = pkgs.writeText "Caddyfile"
+      (
+        builtins.readFile ./Caddyfile +
+        ''
+          vps1.nilstrieb.dev {
+            root * ${./debugging-page}
+            file_server
+          }
+        ''
+      );
+  };
+}