From 323d53b591d593920e4844284473494bbdec778a Mon Sep 17 00:00:00 2001
From: xunuwu <xunuwu@gmail.com>
Date: Sun, 1 Jun 2025 22:13:07 +0200
Subject: [PATCH] make caddy work through new vps/vpn

---
 sys/machines/hopper/lab/caddy.nix          | 18 +++---------------
 sys/machines/hopper/lab/vaultwarden.nix    |  8 ++------
 sys/machines/hopper/lab/vpn-namespace.nix  |  7 ++++++-
 sys/machines/rackserv/wireguard-server.nix |  2 +-
 4 files changed, 12 insertions(+), 23 deletions(-)

diff --git a/sys/machines/hopper/lab/caddy.nix b/sys/machines/hopper/lab/caddy.nix
index bc54e14..5c8cf9d 100644
--- a/sys/machines/hopper/lab/caddy.nix
+++ b/sys/machines/hopper/lab/caddy.nix
@@ -6,7 +6,6 @@
   ...
 }: let
   inherit (vars) domain;
-  caddyPort = 8336;
   bridge = config.vpnNamespaces."wg".bridgeAddress;
 in {
   systemd.services.caddy.vpnConfinement = {
@@ -29,11 +28,9 @@ in {
       '';
       mkPublicEntry = name: destination: {
         useACMEHost = domain;
-        hostName = "${name}.${domain}:${toString caddyPort}";
+        hostName = "${name}.${domain}";
         extraConfig = ''
-          ${blockNonCloudflare}
           reverse_proxy {
-            header_up X-Forwarded-For {http.request.header.CF-Connecting-IP}
             to ${destination}
           }
         '';
@@ -56,9 +53,8 @@ in {
 
       base = {
         useACMEHost = domain;
-        hostName = "${domain}:${toString caddyPort}";
+        hostName = "${domain}";
         extraConfig = ''
-          ${blockNonCloudflare}
           root * ${inputs.own-website.packages.${pkgs.system}.default}
           file_server
         '';
@@ -66,15 +62,7 @@ in {
 
       other = {
         useACMEHost = domain;
-        hostName = ":${toString caddyPort}";
-        extraConfig = ''
-          respond 404 {
-            body "uhh that doesnt exist, i hope this isnt my fault.."
-          }
-        '';
-      };
-      otherPriv = {
-        hostName = ":80";
+        hostName = "*.${domain}";
         extraConfig = ''
           respond 404 {
             body "uhh that doesnt exist, i hope this isnt my fault.."
diff --git a/sys/machines/hopper/lab/vaultwarden.nix b/sys/machines/hopper/lab/vaultwarden.nix
index 40e4d52..b993c2f 100644
--- a/sys/machines/hopper/lab/vaultwarden.nix
+++ b/sys/machines/hopper/lab/vaultwarden.nix
@@ -1,8 +1,4 @@
-{
-  config,
-  mylib,
-  ...
-}: {
+{config, ...}: {
   systemd.services.vaultwarden = {
     serviceConfig.EnvironmentFile = config.sops.secrets.vaultwarden-env.path;
   };
@@ -10,7 +6,7 @@
   services.vaultwarden = {
     enable = true;
     config = {
-      DOMAIN = mylib.stripPort "https://${config.services.caddy.virtualHosts.vaultwarden.hostName}";
+      DOMAIN = "https://${config.services.caddy.virtualHosts.vaultwarden.hostName}";
       ROCKET_ADDRESS = "0.0.0.0";
       ROCKET_PORT = 35381;
       ROCKET_LOG = "critical";
diff --git a/sys/machines/hopper/lab/vpn-namespace.nix b/sys/machines/hopper/lab/vpn-namespace.nix
index 8060629..b0d6033 100644
--- a/sys/machines/hopper/lab/vpn-namespace.nix
+++ b/sys/machines/hopper/lab/vpn-namespace.nix
@@ -34,9 +34,14 @@
     # Forwarded to my vpn, for making things accessible from outside
     openVPNPorts = [
       {
-        port = 8336;
+        port = 443; # caddy
         protocol = "tcp";
       }
+      {
+        port = 80; # caddy
+        protocol = "tcp";
+      }
+
       {
         port = 24001; # slskd
         protocol = "both";
diff --git a/sys/machines/rackserv/wireguard-server.nix b/sys/machines/rackserv/wireguard-server.nix
index d3ac497..038ca48 100644
--- a/sys/machines/rackserv/wireguard-server.nix
+++ b/sys/machines/rackserv/wireguard-server.nix
@@ -7,7 +7,7 @@
   networking.firewall = let
     forwardPorts = {
       "10.0.0.2" =
-        [24001 24002 24003]
+        [24001 24002 24003 443 80]
         |> map (n: {
           protocols = ["tcp"];
           port = n;