diff --git a/machines/bomba/services/caddy.nix b/machines/bomba/services/caddy.nix index d79e07e..fb5e914 100644 --- a/machines/bomba/services/caddy.nix +++ b/machines/bomba/services/caddy.nix @@ -1,47 +1,87 @@ -{ config, ... }: { - services.caddy = { - enable = true; - virtualHosts = { - "patrickcanal.it".extraConfig = '' - root /var/www/patrickcanal.it/public - file_server + pkgs, + config, + currentSystemUser, + ... +}: +{ + services.caddy = + let + basicAuth = '' + basicauth { + ${currentSystemUser} $2a$14$L6SBwu.0FhGBYwH2LWa6uOrBSeRHo8Lo95Vkle/g5uB7kZl7nmJPO + } ''; - "vaultwarden.patrickcanal.it".extraConfig = '' + in + { + enable = true; + virtualHosts = { + "patrickcanal.it".extraConfig = '' + root /var/www/patrickcanal.it/public + file_server + ''; + "novnc.patrickcanal.it".extraConfig = '' + handle { + ${basicAuth} + root ${pkgs.novnc}/share/webapps/novnc + file_server browse + } + + handle /websockify { + ${basicAuth} + reverse_proxy 127.0.0.1:6080 + } + ''; + "vaultwarden.patrickcanal.it".extraConfig = '' encode zstd gzip reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT} { header_up X-Real-IP {remote_host} } - ''; - "gitea.patrickcanal.it".extraConfig = '' + ''; + "gitea.patrickcanal.it".extraConfig = '' reverse_proxy :${toString config.services.gitea.settings.server.HTTP_PORT} - ''; - "nextcloud.patrickcanal.it".extraConfig = '' + ''; + "nextcloud.patrickcanal.it".extraConfig = '' reverse_proxy :8004 - ''; - "octoprint.patrickcanal.it".extraConfig = '' - reverse_proxy :${toString config.services.octoprint.port} - ''; - "vikunja.patrickcanal.it".extraConfig = '' - reverse_proxy :${toString config.services.vikunja.port} - ''; - "jellyfin.patrickcanal.it".extraConfig = '' - reverse_proxy :${toString config.nixflix.jellyfin.network.internalHttpPort} - ''; - "qbittorrent.patrickcanal.it".extraConfig = '' - reverse_proxy :${toString config.nixflix.downloadarr.qbittorrent.port} - ''; - "radarr.patrickcanal.it".extraConfig = '' - reverse_proxy :${toString config.nixflix.radarr.settings.server.port} - ''; - "sonarr.patrickcanal.it".extraConfig = '' - reverse_proxy :${toString config.nixflix.sonarr.settings.server.port} - ''; - "prowlarr.patrickcanal.it".extraConfig = '' - reverse_proxy :${toString config.nixflix.prowlarr.settings.server.port} - ''; - "seerr.patrickcanal.it".extraConfig = '' - reverse_proxy :${toString config.nixflix.seerr.port} + ''; + "octoprint.patrickcanal.it".extraConfig = '' + reverse_proxy :${toString config.services.octoprint.port} + ''; + "vikunja.patrickcanal.it".extraConfig = '' + reverse_proxy :${toString config.services.vikunja.port} + ''; + "jellyfin.patrickcanal.it".extraConfig = '' + reverse_proxy :${toString config.nixflix.jellyfin.network.internalHttpPort} + ''; + "qbittorrent.patrickcanal.it".extraConfig = '' + reverse_proxy :${toString config.nixflix.downloadarr.qbittorrent.port} + ''; + "radarr.patrickcanal.it".extraConfig = '' + reverse_proxy :${toString config.nixflix.radarr.settings.server.port} + ''; + "sonarr.patrickcanal.it".extraConfig = '' + reverse_proxy :${toString config.nixflix.sonarr.settings.server.port} + ''; + "prowlarr.patrickcanal.it".extraConfig = '' + reverse_proxy :${toString config.nixflix.prowlarr.settings.server.port} + ''; + "seerr.patrickcanal.it".extraConfig = '' + reverse_proxy :${toString config.nixflix.seerr.port} + ''; + }; + }; + + systemd.services.websockify = { + description = "Websockify for noVNC"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Restart = "always"; + User = "nobody"; + ExecStart = '' + ${pkgs.python3Packages.websockify}/bin/websockify \ + --web ${pkgs.novnc}/share/webapps/novnc \ + 6080 127.0.0.1:5900 ''; }; };