titaniumtown/server-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: titaniumtown:04d6a9b546c4a9fea79e4aa6f9d36077018cd5d6
Branches Tags
titaniumtown:main
..
compare: titaniumtown:f3f5a9c726939e980c0bdd6e41fc1d61d7ad6e2b
Branches Tags
titaniumtown:main

2 Commits
04d6a9b546 ... f3f5a9c726

Author SHA1 Message Date
Simon Gardling
f3f5a9c726 caddy: add redirect from old domain 2026-03-10 14:53:35 -04:00
Simon Gardling
3d4aea8c5b caddy: move to new domain 2026-03-10 14:53:33 -04:00
2 changed files with 46 additions and 3 deletions
Expand all files Collapse all files

3
service-configs.nix
View File

@@ -45,7 +45,8 @@ rec {
https = {
certs = services_dir + "/http_certs";
domain = "gardling.com";
domain = "sigkill.computer";
old_domain = "gardling.com"; # Redirect traffic from old domain
};
gitea = {

46
services/caddy.nix
View File

@@ -41,6 +41,9 @@ let
hugo --minify -d $out;
'';
};
newDomain = service_configs.https.domain;
oldDomain = service_configs.https.old_domain;
in
{
imports = [
@@ -52,14 +55,53 @@ in
services.caddy = {
enable = true;
email = "titaniumtown@proton.me";
# Enable on-demand TLS for old domain redirects
# Certs are issued dynamically when subdomains are accessed
globalConfig = ''
on_demand_tls {
ask http://localhost:9123/check
}
'';
# Internal endpoint to validate on-demand TLS requests
# Only allows certs for *.${oldDomain}
extraConfig = ''
http://localhost:9123 {
@allowed expression {query.domain}.endsWith(".${oldDomain}") || {query.domain} == "${oldDomain}" || {query.domain} == "www.${oldDomain}"
respond @allowed 200
respond 403
}
'';
virtualHosts = {
${service_configs.https.domain} = {
${newDomain} = {
extraConfig = ''
root * ${hugoWebsite}
file_server browse
'';
serverAliases = [ "www.${service_configs.https.domain}" ];
serverAliases = [ "www.${newDomain}" ];
};
# Redirect old domain (bare + www) to new domain
${oldDomain} = {
extraConfig = ''
redir https://${newDomain}{uri} permanent
'';
serverAliases = [ "www.${oldDomain}" ];
};
# Wildcard redirect for all old domain subdomains
# Uses on-demand TLS - certs issued automatically on first request
"*.${oldDomain}" = {
extraConfig = ''
tls {
on_demand
}
# {labels.2} extracts subdomain from *.gardling.com
redir https://{labels.2}.${newDomain}{uri} permanent
'';
};
};
};