mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Files
92b6e7a82224f138ff502cf8375739d9d2e4bd1b
nix-config/modules/nixos/services/caddy/default.nix
mjallen18 92b6e7a822 caddy
2026-02-11 22:23:00 -06:00

167 lines
5.8 KiB
Nix
Raw Blame History

{
config,
lib,
pkgs,
namespace,
...
}:
with lib;
let
name = "caddy";
cfg = config.${namespace}.services.${name};
caddyPackage = pkgs.caddy.withPlugins {
plugins = [
"github.com/caddy-dns/cloudflare@v0.2.2"
];
hash = "sha256-dnhEjopeA0UiI+XVYHYpsjcEI6Y1Hacbi28hVKYQURg=";
};
# "github.com/hslatman/caddy-crowdsec-bouncer/http@v0.9.2"
caddy = lib.${namespace}.mkModule {
inherit config name;
description = "caddy Service";
options = { };
moduleConfig = {
sops = {
secrets = {
"jallen-nas/traefik/crowdsec/lapi-key" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.caddy.name;
group = config.users.users.caddy.group;
restartUnits = [ "caddy.service" ];
};
"jallen-nas/traefik/crowdsec/capi-machine-id" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.caddy.name;
group = config.users.users.caddy.group;
restartUnits = [ "caddy.service" ];
};
"jallen-nas/traefik/crowdsec/capi-password" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.caddy.name;
group = config.users.users.caddy.group;
restartUnits = [ "caddy.service" ];
};
"jallen-nas/traefik/cloudflare-dns-api-token" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.caddy.name;
group = config.users.users.caddy.group;
restartUnits = [ "caddy.service" ];
};
"jallen-nas/traefik/cloudflare-zone-api-token" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.caddy.name;
group = config.users.users.caddy.group;
restartUnits = [ "caddy.service" ];
};
"jallen-nas/traefik/cloudflare-api-key" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.caddy.name;
group = config.users.users.caddy.group;
restartUnits = [ "caddy.service" ];
};
"jallen-nas/traefik/cloudflare-email" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.caddy.name;
group = config.users.users.caddy.group;
restartUnits = [ "caddy.service" ];
};
};
templates = {
"caddy.env" = {
content = ''
CLOUDFLARE_DNS_API_TOKEN=${config.sops.placeholder."jallen-nas/traefik/cloudflare-dns-api-token"}
CLOUDFLARE_ZONE_API_TOKEN=${config.sops.placeholder."jallen-nas/traefik/cloudflare-zone-api-token"}
CLOUDFLARE_API_KEY=${config.sops.placeholder."jallen-nas/traefik/cloudflare-api-key"}
CLOUDFLARE_EMAIL=${config.sops.placeholder."jallen-nas/traefik/cloudflare-email"}
'';
owner = config.users.users.caddy.name;
group = config.users.users.caddy.group;
restartUnits = [ "caddy.service" ];
};
};
};
services.caddy = {
enable = true;
package = caddyPackage;
environmentFile = config.sops.templates."caddy.env".path;
email = "jalle008@proton.me";
enableReload = true;
dataDir = "${cfg.configDir}/caddy";
globalConfig = ''
metrics
http_port 80
https_port 443
default_bind 0.0.0.0
'';
virtualHosts = {
"*.mjallen.dev" = {
extraConfig = ''
tls {
dns cloudflare {$CLOUDFLARE_DNS_API_TOKEN}
}
@authentik host authentik.mjallen.dev
handle @authentik {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.authentik.port}
}
@cache host cache.mjallen.dev
handle @cache {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.attic.port}
}
@gitea host gitea.mjallen.dev
handle @gitea {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.gitea.port}
}
@homeassistant host hass.mjallen.dev
handle @homeassistant {
reverse_proxy http://nuc-nixos.local:8123
}
@immich host immich.mjallen.dev
handle @immich {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.immich.port}
}
@jellyfin host jellyfin.mjallen.dev
handle @jellyfin {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.jellyfin.port}
}
@jellyseerr host jellyseerr.mjallen.dev
handle @jellyseerr {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.jellyseerr.port}
}
@lubelogger host lubelogger.mjallen.dev
handle @lubelogger {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.lubelogger.port}
}
@matrix host matrix.mjallen.dev
handle @matrix {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.matrix.port}
}
@ntfy host ntfy.mjallen.dev
handle @ntfy {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.ntfy.port}
}
'';
};
};
};
};
};
in
{
imports = [ caddy ];
}
Reference in New Issue View Git Blame Copy Permalink