2024-12-19 22:37:17 -06:00
|
|
|
{flake, ...}: let
|
2024-12-20 00:34:07 -06:00
|
|
|
inherit (flake.config.machines.devices) server;
|
2024-12-20 00:53:48 -06:00
|
|
|
inherit (flake.config.people.users) user0;
|
2024-12-08 22:53:40 -06:00
|
|
|
inherit (flake.config.services.instances) upRootNutrition web;
|
|
|
|
|
service = upRootNutrition;
|
|
|
|
|
localhost = web.localhost.address0;
|
|
|
|
|
host = web.domains.url3;
|
|
|
|
|
in {
|
|
|
|
|
services = {
|
|
|
|
|
caddy = {
|
|
|
|
|
virtualHosts = {
|
|
|
|
|
"${host}" = {
|
|
|
|
|
extraConfig = ''
|
2024-12-20 00:53:48 -06:00
|
|
|
root * /var/lib/website/dist
|
|
|
|
|
try_files {path} /index.html
|
|
|
|
|
file_server
|
2024-12-20 00:29:03 -06:00
|
|
|
|
2024-12-20 00:53:48 -06:00
|
|
|
# Optional: Add security headers
|
|
|
|
|
header {
|
|
|
|
|
Strict-Transport-Security "max-age=31536000;"
|
|
|
|
|
X-Content-Type-Options "nosniff"
|
|
|
|
|
X-Frame-Options "DENY"
|
|
|
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Your existing redirects
|
2024-12-19 22:37:17 -06:00
|
|
|
redir /.well-known/carddav /remote.php/dav/ 301
|
|
|
|
|
redir /.well-known/caldav /remote.php/dav/ 301
|
2024-12-08 22:53:40 -06:00
|
|
|
|
2024-12-20 00:53:48 -06:00
|
|
|
# Only proxy API requests if needed
|
|
|
|
|
@api {
|
|
|
|
|
path /api/*
|
|
|
|
|
}
|
|
|
|
|
reverse_proxy @api ${localhost}:${toString service.ports.port0}
|
2024-12-08 22:53:40 -06:00
|
|
|
|
2024-12-19 22:37:17 -06:00
|
|
|
tls ${service.ssl.cert} ${service.ssl.key}
|
2024-12-08 22:53:40 -06:00
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
