diff --git a/services/caddy.nix b/services/caddy.nix deleted file mode 100644 index 2f80550..0000000 --- a/services/caddy.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, ... }: { - services.caddy = { - enable = true; - logFormat = "level INFO"; - }; - - services.crowdsec = { - localConfig.acquisitions = [{ - filenames = [ "${config.services.caddy.logDir}/*.log" ]; - labels.type = "caddy"; - }]; - - hub.parsers = [ "crowdsecurity/caddy-logs" ]; - }; -} diff --git a/services/vaultwarden.nix b/services/vaultwarden.nix index 22562a0..51949ba 100644 --- a/services/vaultwarden.nix +++ b/services/vaultwarden.nix @@ -36,28 +36,7 @@ in { }; services.caddy.virtualHosts."vault.millironx.com".extraConfig = '' - # See - encode zstd gzip - header / { - Strict-Transport-Security "max-age=31536000;" - X-XSS-Protection "0" - X-Frame-Options "DENY" - X-Robots-Tag "noindex, nofollow" - X-Content-Type-Options "nosniff" - -Server - -X-Powered-By - -Last-Modified - } - - @admin { - path /admin* - not remote_ip private_ranges 100.64.0.0/10 - } - respond @admin "Access denied to remote clients. Use localhost or VPN." 403 - - reverse_proxy http://127.0.0.1:${port} { - header_up X-Real-IP {remote_host} - } + reverse_proxy http://127.0.0.1:${port} ''; users.users."${user}" = { diff --git a/systems/linux/mcentire.nix b/systems/linux/mcentire.nix index 95cb563..cf01a65 100644 --- a/systems/linux/mcentire.nix +++ b/systems/linux/mcentire.nix @@ -5,7 +5,6 @@ ./hardware-configuration/mcentire.nix ./../../modules/podman-secrets.nix ./../../services/borgmatic.nix - ./../../services/caddy.nix ./../../services/crowdsec.nix ./../../services/authentik.nix ./../../services/audiobookshelf.nix @@ -68,6 +67,7 @@ services = { openssh.enable = true; tailscale.enable = true; + caddy.enable = true; # Do not "enable" database services, but include the package configuration # so that borgmatic does not freak out about unset variables