2024-09-14 19:36:59 +05:30
|
|
|
{ config, inputs, pkgs, ... }:
|
|
|
|
let
|
|
|
|
inherit (import ./caddy-helpers.nix) logFormat;
|
|
|
|
in
|
|
|
|
{
|
2024-09-14 16:57:22 +05:30
|
|
|
sops = {
|
|
|
|
secrets = {
|
2024-09-14 19:36:33 +05:30
|
|
|
"caddy/env_file" = {
|
|
|
|
mode = "400";
|
|
|
|
owner = config.users.users.caddy.name;
|
|
|
|
inherit (config.users.users.caddy) group;
|
2024-09-14 16:57:22 +05:30
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2024-07-03 17:03:34 +05:30
|
|
|
services.caddy = {
|
|
|
|
enable = true;
|
2024-09-14 16:07:45 +05:30
|
|
|
package = inputs.caddy.packages.${pkgs.system}.caddy;
|
2024-07-03 17:03:34 +05:30
|
|
|
email = "admin@acomputer.lol";
|
2024-09-14 16:57:22 +05:30
|
|
|
globalConfig = ''
|
2024-10-31 14:39:20 +05:30
|
|
|
acme_dns hetzner {env.HETZNER_ACCESS_TOKEN}
|
2024-09-15 16:58:33 +05:30
|
|
|
servers {
|
2024-10-27 20:50:37 +05:30
|
|
|
trusted_proxies static private_ranges 10.10.10.0/24
|
2024-09-15 16:58:33 +05:30
|
|
|
client_ip_headers X-Forwarded-For X-Real-IP
|
|
|
|
metrics
|
|
|
|
}
|
2024-09-14 16:57:22 +05:30
|
|
|
'';
|
2024-10-27 23:09:50 +05:30
|
|
|
inherit logFormat;
|
2024-07-03 17:03:34 +05:30
|
|
|
};
|
2024-09-14 19:36:33 +05:30
|
|
|
systemd.services.caddy.serviceConfig.EnvironmentFile = config.sops.secrets."caddy/env_file".path;
|
2024-08-31 17:44:26 +05:30
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
2024-07-03 17:03:34 +05:30
|
|
|
}
|
|
|
|
|