diff --git a/modules/nixos/services/caddy/default.nix b/modules/nixos/services/caddy/default.nix index 5a7b7e5..67c525d 100644 --- a/modules/nixos/services/caddy/default.nix +++ b/modules/nixos/services/caddy/default.nix @@ -23,68 +23,6 @@ let description = "caddy Service"; options = { }; moduleConfig = { - sops = { - secrets = { - "jallen-nas/traefik/crowdsec/lapi-key" = { - sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"); - owner = config.users.users.caddy.name; - group = config.users.users.caddy.group; - restartUnits = [ "caddy.service" ]; - }; - - "jallen-nas/traefik/crowdsec/capi-machine-id" = { - sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"); - owner = config.users.users.caddy.name; - group = config.users.users.caddy.group; - restartUnits = [ "caddy.service" ]; - }; - - "jallen-nas/traefik/crowdsec/capi-password" = { - sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"); - owner = config.users.users.caddy.name; - group = config.users.users.caddy.group; - restartUnits = [ "caddy.service" ]; - }; - "jallen-nas/traefik/cloudflare-dns-api-token" = { - sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"); - owner = config.users.users.caddy.name; - group = config.users.users.caddy.group; - restartUnits = [ "caddy.service" ]; - }; - "jallen-nas/traefik/cloudflare-zone-api-token" = { - sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"); - owner = config.users.users.caddy.name; - group = config.users.users.caddy.group; - restartUnits = [ "caddy.service" ]; - }; - "jallen-nas/traefik/cloudflare-api-key" = { - sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"); - owner = config.users.users.caddy.name; - group = config.users.users.caddy.group; - restartUnits = [ "caddy.service" ]; - }; - "jallen-nas/traefik/cloudflare-email" = { - sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"); - owner = config.users.users.caddy.name; - group = config.users.users.caddy.group; - restartUnits = [ "caddy.service" ]; - }; - }; - templates = { - "caddy.env" = { - content = '' - CLOUDFLARE_DNS_API_TOKEN=${config.sops.placeholder."jallen-nas/traefik/cloudflare-dns-api-token"} - CLOUDFLARE_ZONE_API_TOKEN=${config.sops.placeholder."jallen-nas/traefik/cloudflare-zone-api-token"} - CLOUDFLARE_API_KEY=${config.sops.placeholder."jallen-nas/traefik/cloudflare-api-key"} - CLOUDFLARE_EMAIL=${config.sops.placeholder."jallen-nas/traefik/cloudflare-email"} - ''; - owner = config.users.users.caddy.name; - group = config.users.users.caddy.group; - restartUnits = [ "caddy.service" ]; - }; - }; - }; - services.caddy = { enable = true; package = caddyPackage; @@ -162,5 +100,8 @@ let }; in { - imports = [ caddy ]; + imports = [ + caddy + ./sops.nix + ]; } diff --git a/modules/nixos/services/caddy/sops.nix b/modules/nixos/services/caddy/sops.nix new file mode 100644 index 0000000..0aa6523 --- /dev/null +++ b/modules/nixos/services/caddy/sops.nix @@ -0,0 +1,76 @@ +{ + config, + lib, + pkgs, + namespace, + ... +}: +with lib; +let + cfg = config.${namespace}.services.caddy; +in +{ + config = lib.mkIf cfg.enable { + sops = { + secrets = { + "jallen-nas/traefik/crowdsec/lapi-key" = { + sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"); + owner = config.users.users.caddy.name; + group = config.users.users.caddy.group; + restartUnits = [ "caddy.service" ]; + }; + + "jallen-nas/traefik/crowdsec/capi-machine-id" = { + sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"); + owner = config.users.users.caddy.name; + group = config.users.users.caddy.group; + restartUnits = [ "caddy.service" ]; + }; + + "jallen-nas/traefik/crowdsec/capi-password" = { + sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"); + owner = config.users.users.caddy.name; + group = config.users.users.caddy.group; + restartUnits = [ "caddy.service" ]; + }; + "jallen-nas/traefik/cloudflare-dns-api-token" = { + sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"); + owner = config.users.users.caddy.name; + group = config.users.users.caddy.group; + restartUnits = [ "caddy.service" ]; + }; + "jallen-nas/traefik/cloudflare-zone-api-token" = { + sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"); + owner = config.users.users.caddy.name; + group = config.users.users.caddy.group; + restartUnits = [ "caddy.service" ]; + }; + "jallen-nas/traefik/cloudflare-api-key" = { + sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"); + owner = config.users.users.caddy.name; + group = config.users.users.caddy.group; + restartUnits = [ "caddy.service" ]; + }; + "jallen-nas/traefik/cloudflare-email" = { + sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"); + owner = config.users.users.caddy.name; + group = config.users.users.caddy.group; + restartUnits = [ "caddy.service" ]; + }; + }; + templates = { + "caddy.env" = { + content = '' + CLOUDFLARE_DNS_API_TOKEN=${config.sops.placeholder."jallen-nas/traefik/cloudflare-dns-api-token"} + CLOUDFLARE_ZONE_API_TOKEN=${config.sops.placeholder."jallen-nas/traefik/cloudflare-zone-api-token"} + CLOUDFLARE_API_KEY=${config.sops.placeholder."jallen-nas/traefik/cloudflare-api-key"} + CLOUDFLARE_EMAIL=${config.sops.placeholder."jallen-nas/traefik/cloudflare-email"} + ''; + owner = config.users.users.caddy.name; + group = config.users.users.caddy.group; + restartUnits = [ "caddy.service" ]; + }; + }; + }; + }; +}