80 lines
1.7 KiB
Nix
80 lines
1.7 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
namespace,
|
|
...
|
|
}:
|
|
with lib;
|
|
let
|
|
name = "caddy";
|
|
cfg = config.${namespace}.services.${name};
|
|
|
|
caddyPackage = pkgs.caddy.withPlugins {
|
|
plugins = [
|
|
"github.com/caddy-dns/cloudflare@v0.2.3"
|
|
];
|
|
hash = "sha256-bL1cpMvDogD/pdVxGA8CAMEXazWpFDBiGBxG83SmXLA=";
|
|
};
|
|
|
|
# "github.com/hslatman/caddy-crowdsec-bouncer/http@v0.9.2"
|
|
caddy = lib.${namespace}.mkModule {
|
|
inherit config name;
|
|
description = "caddy Service";
|
|
options = { };
|
|
moduleConfig = {
|
|
services.caddy = {
|
|
enable = true;
|
|
package = caddyPackage;
|
|
environmentFile = config.sops.templates."caddy.env".path;
|
|
email = "jalle008@proton.me";
|
|
enableReload = true;
|
|
dataDir = "${cfg.configDir}/caddy";
|
|
globalConfig = ''
|
|
metrics
|
|
http_port 80
|
|
https_port 443
|
|
default_bind 0.0.0.0
|
|
'';
|
|
virtualHosts = {
|
|
"*.mjallen.dev" = {
|
|
extraConfig = ''
|
|
tls {
|
|
dns cloudflare {$CLOUDFLARE_DNS_API_TOKEN}
|
|
}
|
|
|
|
@hass host hass.mjallen.dev
|
|
handle @hass {
|
|
reverse_proxy http://nuc-nixos.local:8123
|
|
}
|
|
'';
|
|
};
|
|
|
|
"sonarr.mjallen.dev" = {
|
|
extraConfig = ''
|
|
@sonarr {
|
|
remote_ip 10.0.1.0/24 10.1.1.0/16
|
|
host sonarr.mjallen.dev
|
|
}
|
|
|
|
handle @sonarr {
|
|
reverse_proxy 10.0.1.3:8989
|
|
}
|
|
|
|
handle {
|
|
respond "Forbidden" 403
|
|
}
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
in
|
|
{
|
|
imports = [
|
|
caddy
|
|
./sops.nix
|
|
];
|
|
}
|