vt3e.cat
my nix flake.
ivy: add immich; move caddy vhosts into related service files
+13
-53
hosts/ivy/caddy.nix
+13
-53
hosts/ivy/caddy.nix
···
3
3
services.caddy = {
4
4
enable = true;
5
5
email = "hai@wlo.moe";
6
-
virtualHosts = {
7
-
"pds.wlo.moe" = {
8
-
serverAliases = [ "*.pds.wlo.moe" ];
9
-
extraConfig = ''
10
-
tls {
11
-
on_demand
12
-
}
13
-
14
-
handle /xrpc/app.bsky.unspecced.getAgeAssuranceState {
15
-
header content-type "application/json"
16
-
header access-control-allow-headers "authorization,dpop,atproto-accept-labelers,atproto-proxy"
17
-
header access-control-allow-origin "*"
18
-
respond `{ "lastInitiatedAt": "2025-07-14T14:22:43.912Z", "status": "assured" }` 200
19
-
}
20
-
21
-
@backend {
22
-
path /xrpc/* /.well-known/* /robots.txt /oauth/* /@*
23
-
}
24
-
25
-
handle @backend {
26
-
reverse_proxy localhost:8090
27
-
}
28
-
29
-
handle {
30
-
reverse_proxy localhost:8090
31
-
}
32
-
'';
33
-
};
34
-
"vaultwarden.wlo.moe" = {
35
-
hostName = "vaultwarden.wlo.moe";
36
-
extraConfig = ''
37
-
encode zstd gzip
38
-
reverse_proxy :8222 {
39
-
header_up X-Real-IP {remote_host}
40
-
}
41
-
'';
42
-
};
43
-
"wlo.moe" = {
44
-
extraConfig = ''
45
-
encode zstd gzip
46
-
root * /var/www/wlo.moe
47
-
try_files {path} /index.html
48
-
file_server
49
-
'';
50
-
};
51
-
};
52
6
53
7
globalConfig = ''
54
-
on_demand_tls {
55
-
ask http://localhost:8090/tls-check
56
-
}
8
+
on_demand_tls {
9
+
ask http://localhost:8090/tls-check
10
+
}
57
11
'';
58
12
59
13
extraConfig = ''
···
63
17
file_server
64
18
}
65
19
'';
66
-
};
67
20
68
-
systemd.services.caddy.serviceConfig = {
69
-
ReadWritePaths = [ "/home/willow/things/www/dist" ];
21
+
virtualHosts = {
22
+
"wlo.moe" = {
23
+
extraConfig = ''
24
+
encode zstd gzip
25
+
root * /var/www/wlo.moe
26
+
try_files {path} /index.html
27
+
file_server
28
+
'';
29
+
};
30
+
};
70
31
};
71
-
72
32
}
+1
-2
hosts/ivy/default.nix
+1
-2
hosts/ivy/default.nix
+7
hosts/ivy/services/default.nix
+7
hosts/ivy/services/default.nix
+24
hosts/ivy/services/immich.nix
+24
hosts/ivy/services/immich.nix
···
1
+
{ ... }:
2
+
let
3
+
sv_port = 8081;
4
+
in
5
+
{
6
+
services.immich = {
7
+
enable = true;
8
+
secretsFile = "/run/secrets/immich";
9
+
port = sv_port;
10
+
settings = {
11
+
server = {
12
+
externalDomain = "https://immich.wlo.moe";
13
+
};
14
+
};
15
+
};
16
+
17
+
services.caddy.virtualHosts."immich.wlo.moe" = {
18
+
extraConfig = ''
19
+
encode zstd gzip
20
+
reverse_proxy localhost:${toString sv_port}
21
+
'';
22
+
};
23
+
24
+
}
+28
hosts/ivy/services/pds.nix
+28
hosts/ivy/services/pds.nix
···
12
12
PDS_DATA_DIRECTORY = "/var/lib/pds";
13
13
};
14
14
};
15
+
16
+
services.caddy.virtualHosts."pds.wlo.moe" = {
17
+
serverAliases = [ "*.pds.wlo.moe" ];
18
+
extraConfig = ''
19
+
tls {
20
+
on_demand
21
+
}
22
+
23
+
handle /xrpc/app.bsky.unspecced.getAgeAssuranceState {
24
+
header content-type "application/json"
25
+
header access-control-allow-headers "authorization,dpop,atproto-accept-labelers,atproto-proxy"
26
+
header access-control-allow-origin "*"
27
+
respond `{ "lastInitiatedAt": "2025-07-14T14:22:43.912Z", "status": "assured" }` 200
28
+
}
29
+
30
+
@backend {
31
+
path /xrpc/* /.well-known/* /robots.txt /oauth/* /@*
32
+
}
33
+
34
+
handle @backend {
35
+
reverse_proxy localhost:8090
36
+
}
37
+
38
+
handle {
39
+
reverse_proxy localhost:8090
40
+
}
41
+
'';
42
+
};
15
43
}
+11
hosts/ivy/services/vaultwarden.nix
+11
hosts/ivy/services/vaultwarden.nix
···
22
22
SMTP_USERNAME = "resend";
23
23
};
24
24
};
25
+
26
+
services.caddy.virtualHosts."vaultwarden.wlo.moe" = {
27
+
hostName = "vaultwarden.wlo.moe";
28
+
extraConfig = ''
29
+
encode zstd gzip
30
+
reverse_proxy :8222 {
31
+
header_up X-Real-IP {remote_host}
32
+
}
33
+
'';
34
+
};
35
+
25
36
}