convert caddy to nixos builtin

2026-01-14 16:55:00 +01:00 · 2025-08-04 21:18:59 +02:00 · 2025-08-04 21:18:59 +02:00 · 33a7017375
commit 33a7017375
parent 71b4ca1448
18 changed files with 326 additions and 263 deletions
--- a/nix/apps/does-it-build/default.nix
+++ b/nix/apps/does-it-build/default.nix
@ -6,6 +6,16 @@ let
  });
 in
 {
+  services.caddy.virtualHosts = {
+    "does-it-build.noratrieb.dev" = {
+      logFormat = "";
+      extraConfig = ''
+        encode zstd gzip
+        reverse_proxy * localhost:3000
+      '';
+    };
+  };
+
  systemd.services.does-it-build = {
    description = "https://github.com/Noratrieb/does-it-build";
    wantedBy = [ "multi-user.target" ];
--- a/nix/apps/forgejo/default.nix
+++ b/nix/apps/forgejo/default.nix
@ -43,6 +43,14 @@
    };
  };

+  services.caddy.virtualHosts."git.noratrieb.dev" = {
+    logFormat = "";
+    extraConfig = ''
+      encode zstd gzip
+      reverse_proxy * localhost:5015
+    '';
+  };
+
  services.custom-backup.jobs = [{
    app = "forgejo";
    file = "/var/lib/forgejo/data/forgejo.db";
--- a/nix/apps/hugo-chat/default.nix
+++ b/nix/apps/hugo-chat/default.nix
@ -5,6 +5,11 @@ let
      "https://github.com/C0RR1T/HugoChat/releases/download/2024-08-05/HugoServer.jar";
    hash = "sha256-hCe2UPqrSR6u3/UxsURI2KzRxN5saeTteCRq5Zfay4M=";
  };
+  hugo-chat-client = fetchTarball {
+    url =
+      "https://github.com/C0RR1T/HugoChat/releases/download/2024-08-05/hugo-client.tar.xz";
+    sha256 = "sha256:121ai8q6bm7gp0pl1ajfk0k2nrfg05zid61i20z0j5gpb2qyhsib";
+  };
 in
 {
  age.secrets.hugochat_db_password.file = ../../secrets/hugochat_db_password.age;
@ -36,6 +41,61 @@ in
    };
  };

+  services.caddy.virtualHosts = {
+    "hugo-chat.noratrieb.dev" = {
+      logFormat = "";
+      extraConfig = ''
+        encode zstd gzip
+        root * ${import ../../packages/caddy-static-prepare {
+          name = "hugo-chat-client";
+          src = hugo-chat-client;
+          inherit pkgs lib;
+        }}
+        try_files {path} /index.html
+        file_server {
+          etag_file_extensions .sha256
+          precompressed zstd gzip br
+        }
+      '';
+    };
+    "api.hugo-chat.noratrieb.dev" =
+      let
+        cors = pkgs.writeText "cors" ''
+          # https://gist.github.com/ryanburnette/d13575c9ced201e73f8169d3a793c1a3
+          @cors_preflight{args[0]} method OPTIONS
+          @cors{args[0]} header Origin {args[0]}
+
+          handle @cors_preflight{args[0]} {
+            header {
+              Access-Control-Allow-Origin "{args[0]}"
+              Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS"
+              Access-Control-Allow-Credentials "false"
+              Access-Control-Allow-Headers "$${args[1]}"
+              Access-Control-Max-Age "86400"
+              defer
+            }
+            respond "" 204
+          }
+
+          handle @cors{args[0]} {
+            header {
+              Access-Control-Allow-Origin "{args[0]}"
+              Access-Control-Expose-Headers *
+              defer
+            }
+          }
+        '';
+      in
+      {
+        logFormat = "";
+        extraConfig = ''
+          import ${cors} https://hugo-chat.noratrieb.dev "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"
+          encode zstd gzip
+          reverse_proxy * localhost:5001
+        '';
+      };
+  };
+
  services.custom-backup.jobs = [
    {
      app = "hugo-chat";
--- a/nix/apps/old-redirects/default.nix
+++ b/nix/apps/old-redirects/default.nix
@ -0,0 +1,41 @@
+{ ... }:
+let
+  permanent = [
+    { from = "www.noratrieb.dev"; to = "noratrieb.dev"; }
+    { from = "blog.noratrieb.dev"; to = "noratrieb.dev/blog"; }
+    { from = "nilstrieb.dev"; to = "noratrieb.dev"; }
+    { from = "www.nilstrieb.dev"; to = "noratrieb.dev"; }
+    { from = "blog.nilstrieb.dev"; to = "noratrieb.dev/blog"; }
+    { from = "bisect-rustc.nilstrieb.dev"; to = "bisect-rustc.noratrieb.dev"; }
+    { from = "docker.nilstrieb.dev"; to = "docker.noratrieb.dev"; }
+    { from = "hugo-chat.nilstrieb.dev"; to = "hugo-chat.noratrieb.dev"; }
+    { from = "api.hugo-chat.nilstrieb.dev"; to = "api.hugo-chat.noratrieb.dev"; }
+    { from = "uptime.nilstrieb.dev"; to = "uptime.noratrieb.dev"; }
+    { from = "olat.nilstrieb.dev"; to = "olat.noratrieb.dev"; }
+    { from = "olat.nilstrieb.dev:8088"; to = "olat.noratrieb.dev"; }
+  ];
+in
+{
+  services.caddy.virtualHosts = (
+    {
+      "bisect-rustc.noratrieb.dev" = {
+        logFormat = "";
+        extraConfig = "redir https://github.com/Noratrieb/cargo-bisect-rustc-service?tab=readme-ov-file#cargo-bisect-rustc-service";
+      };
+      "uptime.noratrieb.dev" = {
+        logFormat = "";
+        extraConfig = "redir https://github.com/Noratrieb/uptime?tab=readme-ov-file#uptime";
+      };
+    }
+  ) // (
+    builtins.listToAttrs (map
+      (redirect: {
+        name = redirect.from;
+        value = {
+          logFormat = "";
+          extraConfig = "redir https://${redirect.to}{uri} permanent";
+        };
+      })
+      permanent)
+  );
+}
--- a/nix/apps/openolat/default.nix
+++ b/nix/apps/openolat/default.nix
@ -44,6 +44,24 @@ in
    };
  };

+  services.caddy.virtualHosts = {
+    "olat.noratrieb.dev" = {
+      logFormat = "";
+      extraConfig = ''
+        encode zstd gzip
+        reverse_proxy * localhost:5011
+      '';
+    };
+    # unsure if necessary... something was misconfigured in the past here...
+    "olat.noratrieb.dev:8088" = {
+      logFormat = "";
+      extraConfig = ''
+        encode zstd gzip
+        reverse_proxy * localhost:5011
+      '';
+    };
+  };
+
  services.custom-backup.jobs = [
    {
      app = "openolat-db";
--- a/nix/apps/upload-files/default.nix
+++ b/nix/apps/upload-files/default.nix
@ -18,4 +18,15 @@ let upload-files = import (fetchTarball "https://github.com/Noratrieb/upload.fil
      EnvironmentFile = [ config.age.secrets.upload_files_s3_secret.path ];
    };
  };
+
+  services.caddy.virtualHosts."upload.files.noratrieb.dev" = {
+    logFormat = "";
+    extraConfig = ''
+      	encode zstd gzip
+        # we need HTTP/2 here because the server doesn't work with HTTP/1.1
+        # because it will send early 401 responses during the upload without consuming the body
+        # (this has been mostly fixed but still keep it)
+        reverse_proxy * h2c://localhost:3050
+    '';
+  };
 }
--- a/nix/apps/website/default.nix
+++ b/nix/apps/website/default.nix
@ -0,0 +1,34 @@
+{ pkgs, lib, my-projects-versions, ... }:
+let
+  website = import (fetchTarball "https://github.com/Noratrieb/website/archive/${my-projects-versions.website}.tar.gz");
+  blog = fetchTarball "https://github.com/Noratrieb/blog/archive/${my-projects-versions.blog}.tar.gz";
+  slides = fetchTarball "https://github.com/Noratrieb/slides/archive/${my-projects-versions.slides}.tar.gz";
+  website-build = website { inherit pkgs slides blog; };
+in
+{
+  services.caddy.virtualHosts = {
+    "noratrieb.dev" = {
+      logFormat = "";
+      extraConfig = ''
+        encode zstd gzip
+        header -Last-Modified
+        root * ${import ../../packages/caddy-static-prepare {
+          name = "website";
+          src = website-build;
+          inherit pkgs lib;
+        }}
+        file_server {
+          etag_file_extensions .sha256
+          precompressed zstd gzip br
+        }
+      '';
+    };
+    "files.noratrieb.dev" = {
+      logFormat = "";
+      extraConfig = ''
+        encode zstd gzip
+        reverse_proxy * localhost:3902
+      '';
+    };
+  };
+}