Setup caddy server on VPS

2024-11-14 22:38:24 +01:00 · 2024-11-14 22:38:24 +01:00 · f9de646111
commit f9de646111
parent d774997a27
1 changed files with 36 additions and 11 deletions
--- a/vps-configuration.nix
+++ b/vps-configuration.nix
@ -12,25 +12,50 @@
    efiInstallAsRemovable = true;
  };

-  networking.hostName = "tien";
+  environment.systemPackages = with pkgs; [
+    curl
+  ];

-  # do not use DHCP, as dashserv provisions IPs using cloud-init
+  networking.hostName = "tien";
+  # do not use DHCP, as dashserv provisions IPs using cloud-init (see service below)
  networking.useDHCP = pkgs.lib.mkForce false;
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 80 443 ];
+    trustedInterfaces = [ "tailscale0" ];
+  };
+
+  services.caddy = {
+    enable = true;
+    email = lib.strings.concatStrings ["mail" "@" "johannes-rothe.de"];
+    virtualHosts = {
+      "johannes-rothe.de".extraConfig = ''
+        reverse_proxy base:11112
+      '';
+      "www.johannes-rothe.de".extraConfig = ''
+        reverse_proxy base:11112
+      '';
+      "cloud.johannes-rothe.de".extraConfig = ''
+        reverse_proxy base:5002
+      '';
+      "feeds.johannes-rothe.de".extraConfig = ''
+        reverse_proxy base:1990
+      '';
+      "git.johannes-rothe.de".extraConfig = ''
+        reverse_proxy base:3001
+      '';
+      "radicale.johannes-rothe.de".extraConfig = ''
+        reverse_proxy base:5232
+      '';
+    };
+  };
+
  services.cloud-init = {
    enable = true;
    network.enable = true;
  };

-  networking.firewall = {
-    enable = true;
-    trustedInterfaces = [ "tailscale0" ];
-  };
-
  services.tailscale.enable = true;

-  environment.systemPackages = with pkgs; [
-    curl
-  ];
-
  system.stateVersion = "24.05";
 }