make caddy work through new vps/vpn

2025-06-01 22:13:07 +02:00 · 2025-06-01 22:13:07 +02:00 · 323d53b591
commit 323d53b591
parent 04eb8b5ff6
4 changed files with 12 additions and 23 deletions
--- a/sys/machines/hopper/lab/caddy.nix
+++ b/sys/machines/hopper/lab/caddy.nix
@ -6,7 +6,6 @@
  ...
 }: let
  inherit (vars) domain;
-  caddyPort = 8336;
  bridge = config.vpnNamespaces."wg".bridgeAddress;
 in {
  systemd.services.caddy.vpnConfinement = {
@ -29,11 +28,9 @@ in {
      '';
      mkPublicEntry = name: destination: {
        useACMEHost = domain;
-        hostName = "${name}.${domain}:${toString caddyPort}";
+        hostName = "${name}.${domain}";
        extraConfig = ''
-          ${blockNonCloudflare}
          reverse_proxy {
-            header_up X-Forwarded-For {http.request.header.CF-Connecting-IP}
            to ${destination}
          }
        '';
@ -56,9 +53,8 @@ in {

      base = {
        useACMEHost = domain;
-        hostName = "${domain}:${toString caddyPort}";
+        hostName = "${domain}";
        extraConfig = ''
-          ${blockNonCloudflare}
          root * ${inputs.own-website.packages.${pkgs.system}.default}
          file_server
        '';
@ -66,15 +62,7 @@ in {

      other = {
        useACMEHost = domain;
-        hostName = ":${toString caddyPort}";
-        extraConfig = ''
-          respond 404 {
-            body "uhh that doesnt exist, i hope this isnt my fault.."
-          }
-        '';
-      };
-      otherPriv = {
-        hostName = ":80";
+        hostName = "*.${domain}";
        extraConfig = ''
          respond 404 {
            body "uhh that doesnt exist, i hope this isnt my fault.."
--- a/sys/machines/hopper/lab/vaultwarden.nix
+++ b/sys/machines/hopper/lab/vaultwarden.nix
@ -1,8 +1,4 @@
-{
-  config,
-  mylib,
-  ...
-}: {
+{config, ...}: {
  systemd.services.vaultwarden = {
    serviceConfig.EnvironmentFile = config.sops.secrets.vaultwarden-env.path;
  };
@ -10,7 +6,7 @@
  services.vaultwarden = {
    enable = true;
    config = {
-      DOMAIN = mylib.stripPort "https://${config.services.caddy.virtualHosts.vaultwarden.hostName}";
+      DOMAIN = "https://${config.services.caddy.virtualHosts.vaultwarden.hostName}";
      ROCKET_ADDRESS = "0.0.0.0";
      ROCKET_PORT = 35381;
      ROCKET_LOG = "critical";
--- a/sys/machines/hopper/lab/vpn-namespace.nix
+++ b/sys/machines/hopper/lab/vpn-namespace.nix
@ -34,9 +34,14 @@
    # Forwarded to my vpn, for making things accessible from outside
    openVPNPorts = [
      {
-        port = 8336;
+        port = 443; # caddy
        protocol = "tcp";
      }
+      {
+        port = 80; # caddy
+        protocol = "tcp";
+      }
+
      {
        port = 24001; # slskd
        protocol = "both";
--- a/sys/machines/rackserv/wireguard-server.nix
+++ b/sys/machines/rackserv/wireguard-server.nix
@ -7,7 +7,7 @@
  networking.firewall = let
    forwardPorts = {
      "10.0.0.2" =
-        [24001 24002 24003]
+        [24001 24002 24003 443 80]
        |> map (n: {
          protocols = ["tcp"];
          port = n;