falkenstein: switch to caddy

2025-04-28 17:38:30 +02:00 · 2024-05-23 15:44:49 +02:00 · 2024-05-23 15:44:49 +02:00 · c96d8b7103
commit c96d8b7103
parent 7811c95ecf
13 changed files with 76 additions and 121 deletions
--- a/hosts/falkenstein/modules/caddy/default.nix
+++ b/hosts/falkenstein/modules/caddy/default.nix
@ -0,0 +1,33 @@
+{ config, ... }:
+let
+  # matrix homeserver discovery
+  matrix_domain = "matrix.${config.networking.domain}";
+  serverConfig = {
+    "m.server" = "${matrix_domain}:443";
+  };
+  clientConfig = {
+    "m.homeserver" = {
+      base_url = "https://${matrix_domain}";
+      # server_name = config.networking.domain;
+    };
+    "org.matrix.msc3575.proxy" = {
+      url = "https://${matrix_domain}";
+    };
+  };
+in
+{
+  services.caddy = {
+    enable = true;
+    email = "ca@${config.networking.domain}";
+    logFormat = "format console";
+    virtualHosts."${config.networking.domain}".extraConfig = ''
+      file_server browse
+      root * /srv/web/${config.networking.domain}
+      respond /.well-known/matrix/client ${builtins.toJSON clientConfig}
+      respond /.well-known/matrix/server ${builtins.toJSON serverConfig}
+    '';
+  };
+  systemd.services.caddy.environment.XDG_DATA_HOME = "/var/lib";
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedUDPPorts = [ 443 ];
+}