mirror of
https://github.com/MagicBOTAlex/nixos-server.git
synced 2025-09-04 21:06:52 +02:00
135 lines
3.6 KiB
Nix
135 lines
3.6 KiB
Nix
{pkgs, ... } : {
|
|
imports = [
|
|
./networkSetup.nix
|
|
];
|
|
|
|
services.caddy.virtualHosts."immich.deprived.dev" = {
|
|
extraConfig = ''
|
|
reverse_proxy * 127.0.0.1:2283
|
|
'';
|
|
};
|
|
|
|
|
|
services.caddy.virtualHosts."ha.deprived.dev" = {
|
|
extraConfig = ''
|
|
reverse_proxy * 127.0.0.1:8123
|
|
'';
|
|
};
|
|
|
|
services.caddy.virtualHosts."jelly.deprived.dev" = {
|
|
extraConfig = ''
|
|
reverse_proxy * 127.0.0.1:8096
|
|
'';
|
|
};
|
|
|
|
|
|
services.caddy.virtualHosts."pocket.deprived.dev" = {
|
|
extraConfig = ''
|
|
reverse_proxy * 127.0.0.1:5500
|
|
'';
|
|
};
|
|
|
|
services.caddy.virtualHosts."seer.deprived.dev" = {
|
|
extraConfig = ''
|
|
reverse_proxy * 127.0.0.1:5055
|
|
'';
|
|
};
|
|
|
|
services.caddy.virtualHosts."development.deprived.dev" = {
|
|
extraConfig = ''
|
|
reverse_proxy * 127.0.0.1:5550
|
|
'';
|
|
};
|
|
|
|
services.caddy.virtualHosts."spotify.api.deprived.dev" = {
|
|
extraConfig = ''
|
|
encode zstd gzip
|
|
|
|
# --- CORS: preflight (OPTIONS) ---
|
|
@preflight {
|
|
method OPTIONS
|
|
header Origin *
|
|
header Access-Control-Request-Method *
|
|
}
|
|
handle @preflight {
|
|
header {
|
|
Access-Control-Allow-Origin "{http.request.header.Origin}"
|
|
Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS"
|
|
Access-Control-Allow-Headers "{http.request.header.Access-Control-Request-Headers}"
|
|
Access-Control-Allow-Credentials "true"
|
|
Access-Control-Max-Age "600"
|
|
Vary "Origin"
|
|
}
|
|
respond 204
|
|
}
|
|
|
|
# --- Auth: protect everything except OPTIONS ---
|
|
@protected {
|
|
not method OPTIONS
|
|
}
|
|
basicauth @protected {
|
|
alice $2a$14$GbqQnETcOz5fNEbS06Y0E.HxRIIgPKAK7OMijT1Bv63h3V6S/gwRG
|
|
}
|
|
|
|
# --- Reverse proxy: strip upstream CORS so we don't end up with duplicates ---
|
|
reverse_proxy 127.0.0.1:6666 {
|
|
header_down -Access-Control-Allow-Origin
|
|
header_down -Access-Control-Allow-Methods
|
|
header_down -Access-Control-Allow-Headers
|
|
header_down -Access-Control-Allow-Credentials
|
|
header_down -Vary
|
|
}
|
|
|
|
# --- CORS: set headers on actual responses (only when Origin is present) ---
|
|
@cors header Origin *
|
|
header @cors {
|
|
Access-Control-Allow-Origin "{http.request.header.Origin}"
|
|
Access-Control-Allow-Credentials "true"
|
|
# Optionally expose any headers your frontend needs to read:
|
|
# Access-Control-Expose-Headers "Content-Type, Content-Length, Date"
|
|
Vary "Origin"
|
|
}
|
|
'';
|
|
};
|
|
|
|
|
|
services.caddy.virtualHosts."spotify.playing.deprived.dev" = {
|
|
extraConfig = ''
|
|
encode zstd gzip
|
|
|
|
@preflight method OPTIONS
|
|
handle @preflight {
|
|
header {
|
|
Access-Control-Allow-Origin "{http.request.header.Origin}"
|
|
Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS"
|
|
Access-Control-Allow-Headers "{http.request.header.Access-Control-Request-Headers}"
|
|
Access-Control-Allow-Credentials "true"
|
|
Access-Control-Max-Age "600"
|
|
Vary "Origin"
|
|
}
|
|
respond 204
|
|
}
|
|
|
|
@protected not method OPTIONS
|
|
basicauth @protected {
|
|
alice $2a$14$GbqQnETcOz5fNEbS06Y0E.HxRIIgPKAK7OMijT1Bv63h3V6S/gwRG
|
|
}
|
|
|
|
reverse_proxy 127.0.0.1:8800
|
|
|
|
header {
|
|
Access-Control-Allow-Origin "{http.request.header.Origin}"
|
|
Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS"
|
|
Access-Control-Allow-Headers "{http.request.header.Access-Control-Request-Headers}"
|
|
Access-Control-Allow-Credentials "true"
|
|
Vary "Origin"
|
|
}
|
|
'';
|
|
};
|
|
|
|
services.caddy.virtualHosts."lyrics.deprived.dev" = {
|
|
extraConfig = ''
|
|
reverse_proxy * 127.0.0.1:7444
|
|
'';
|
|
};
|
|
}
|