botalex/nixos-server
1
0
Fork 0
mirror of https://github.com/MagicBOTAlex/nixos-server.git synced 2025-09-04 21:06:52 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

I guess i forgot to add networking

Browse source
This commit is contained in:
botalex 2025-08-15 21:53:02 +02:00
parent f358915432
commit d022103d82
18 changed files with 528 additions and 77 deletions
Download patch file Download diff file Expand all files Collapse all files

135
networking/caddy.nix Normal file
View file

@ -0,0 +1,135 @@
{pkgs, ... } : {
imports = [
./networkSetup.nix
];
services.caddy.virtualHosts."immich.deprived.dev" = {
extraConfig = ''
reverse_proxy * 127.0.0.1:2283
'';
};
services.caddy.virtualHosts."ha.deprived.dev" = {
extraConfig = ''
reverse_proxy * 127.0.0.1:8123
'';
};
services.caddy.virtualHosts."jelly.deprived.dev" = {
extraConfig = ''
reverse_proxy * 127.0.0.1:8096
'';
};
services.caddy.virtualHosts."pocket.deprived.dev" = {
extraConfig = ''
reverse_proxy * 127.0.0.1:5500
'';
};
services.caddy.virtualHosts."seer.deprived.dev" = {
extraConfig = ''
reverse_proxy * 127.0.0.1:5055
'';
};
services.caddy.virtualHosts."development.deprived.dev" = {
extraConfig = ''
reverse_proxy * 127.0.0.1:5550
'';
};
services.caddy.virtualHosts."spotify.api.deprived.dev" = {
extraConfig = ''
encode zstd gzip
# --- CORS: preflight (OPTIONS) ---
@preflight {
method OPTIONS
header Origin *
header Access-Control-Request-Method *
}
handle @preflight {
header {
Access-Control-Allow-Origin "{http.request.header.Origin}"
Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS"
Access-Control-Allow-Headers "{http.request.header.Access-Control-Request-Headers}"
Access-Control-Allow-Credentials "true"
Access-Control-Max-Age "600"
Vary "Origin"
}
respond 204
}
# --- Auth: protect everything except OPTIONS ---
@protected {
not method OPTIONS
}
basicauth @protected {
alice $2a$14$GbqQnETcOz5fNEbS06Y0E.HxRIIgPKAK7OMijT1Bv63h3V6S/gwRG
}
# --- Reverse proxy: strip upstream CORS so we don't end up with duplicates ---
reverse_proxy 127.0.0.1:6666 {
header_down -Access-Control-Allow-Origin
header_down -Access-Control-Allow-Methods
header_down -Access-Control-Allow-Headers
header_down -Access-Control-Allow-Credentials
header_down -Vary
}
# --- CORS: set headers on actual responses (only when Origin is present) ---
@cors header Origin *
header @cors {
Access-Control-Allow-Origin "{http.request.header.Origin}"
Access-Control-Allow-Credentials "true"
# Optionally expose any headers your frontend needs to read:
# Access-Control-Expose-Headers "Content-Type, Content-Length, Date"
Vary "Origin"
}
'';
};
services.caddy.virtualHosts."spotify.playing.deprived.dev" = {
extraConfig = ''
encode zstd gzip
@preflight method OPTIONS
handle @preflight {
header {
Access-Control-Allow-Origin "{http.request.header.Origin}"
Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS"
Access-Control-Allow-Headers "{http.request.header.Access-Control-Request-Headers}"
Access-Control-Allow-Credentials "true"
Access-Control-Max-Age "600"
Vary "Origin"
}
respond 204
}
@protected not method OPTIONS
basicauth @protected {
alice $2a$14$GbqQnETcOz5fNEbS06Y0E.HxRIIgPKAK7OMijT1Bv63h3V6S/gwRG
}
reverse_proxy 127.0.0.1:8800
header {
Access-Control-Allow-Origin "{http.request.header.Origin}"
Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS"
Access-Control-Allow-Headers "{http.request.header.Access-Control-Request-Headers}"
Access-Control-Allow-Credentials "true"
Vary "Origin"
}
'';
};
services.caddy.virtualHosts."lyrics.deprived.dev" = {
extraConfig = ''
reverse_proxy * 127.0.0.1:7444
'';
};
}

8
networking/networkSetup.nix Normal file
View file

@ -0,0 +1,8 @@
{pkgs, ... } : {
services.caddy.enable = true;
security.acme.acceptTerms = true;
security.acme.defaults.email = "zhen@deprived.dev";
networking.firewall.enable = false;
}