81 lines
1.8 KiB
Nix
Executable File
81 lines
1.8 KiB
Nix
Executable File
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
namespace,
|
|
...
|
|
}:
|
|
with lib;
|
|
let
|
|
name = "caddy";
|
|
cfg = config.${namespace}.services.${name};
|
|
net = lib.${namespace}.network;
|
|
|
|
caddyPackage = pkgs.caddy.withPlugins {
|
|
plugins = [
|
|
"github.com/caddy-dns/cloudflare@v0.2.3"
|
|
];
|
|
hash = "sha256-20o+14cn/eeLuf1c8uGE1ODRZGC0oxocaIVlv4tFSvA=";
|
|
};
|
|
|
|
# "github.com/hslatman/caddy-crowdsec-bouncer/http@v0.9.2"
|
|
caddy = lib.${namespace}.mkModule {
|
|
inherit config name;
|
|
description = "caddy Service";
|
|
options = { };
|
|
moduleConfig = {
|
|
services.caddy = {
|
|
enable = true;
|
|
package = caddyPackage;
|
|
environmentFile = config.sops.templates."caddy.env".path;
|
|
email = "jalle008@proton.me";
|
|
enableReload = true;
|
|
dataDir = "${cfg.configDir}/caddy";
|
|
globalConfig = ''
|
|
metrics
|
|
http_port 80
|
|
https_port 443
|
|
default_bind 0.0.0.0
|
|
'';
|
|
virtualHosts = {
|
|
"*.mjallen.dev" = {
|
|
extraConfig = ''
|
|
tls {
|
|
dns cloudflare {$CLOUDFLARE_DNS_API_TOKEN}
|
|
}
|
|
|
|
@hass host hass.mjallen.dev
|
|
handle @hass {
|
|
reverse_proxy http://${net.hosts.nuc.lan}:${toString net.ports.nuc.homeAssistant}
|
|
}
|
|
'';
|
|
};
|
|
|
|
"sonarr.mjallen.dev" = {
|
|
extraConfig = ''
|
|
@sonarr {
|
|
remote_ip ${net.subnet.lan} ${net.subnet.nebula}
|
|
host sonarr.mjallen.dev
|
|
}
|
|
|
|
handle @sonarr {
|
|
reverse_proxy ${net.hosts.nas.lan}:${toString net.ports.nas.sonarr}
|
|
}
|
|
|
|
handle {
|
|
respond "Forbidden" 403
|
|
}
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
in
|
|
{
|
|
imports = [
|
|
caddy
|
|
./sops.nix
|
|
];
|
|
}
|