mirror of
https://gitlab.com/upRootNutrition/dotfiles.git
synced 2025-06-16 18:15:13 -05:00
42 lines
1.2 KiB
Nix
Executable file
42 lines
1.2 KiB
Nix
Executable file
{flake, ...}: let
|
|
inherit (flake.config.machines.devices) server;
|
|
inherit (flake.config.people.users) user0;
|
|
inherit (flake.config.services.instances) upRootNutrition web;
|
|
service = upRootNutrition;
|
|
localhost = web.localhost.address0;
|
|
host = web.domains.url3;
|
|
in {
|
|
services = {
|
|
caddy = {
|
|
virtualHosts = {
|
|
"${host}" = {
|
|
extraConfig = ''
|
|
root * /var/lib/website/dist
|
|
try_files {path} /index.html
|
|
file_server
|
|
|
|
# Optional: Add security headers
|
|
header {
|
|
Strict-Transport-Security "max-age=31536000;"
|
|
X-Content-Type-Options "nosniff"
|
|
X-Frame-Options "DENY"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
}
|
|
|
|
# Your existing redirects
|
|
redir /.well-known/carddav /remote.php/dav/ 301
|
|
redir /.well-known/caldav /remote.php/dav/ 301
|
|
|
|
# Only proxy API requests if needed
|
|
@api {
|
|
path /api/*
|
|
}
|
|
reverse_proxy ${localhost}:${toString service.ports.port0}
|
|
|
|
tls ${service.ssl.cert} ${service.ssl.key}
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|