aottr.dev / otterden
❄️ Nix configurations
fork atom

add acme for caddy

aottr.dev b72f8361 c8631b1e

+18 -56
-33
nixos/common/caddy/custom-caddy.nix
··· 1 - { pkgs, config, plugins, stdenv, lib, ... }: 2 - 3 - stdenv.mkDerivation rec { 4 - pname = "caddy"; 5 - # https://github.com/NixOS/nixpkgs/issues/113520 6 - version = "2.7.6"; 7 - dontUnpack = true; 8 - 9 - nativeBuildInputs = [ pkgs.git pkgs.go pkgs.xcaddy ]; 10 - 11 - configurePhase = '' 12 - export GOCACHE=$TMPDIR/go-cache 13 - export GOPATH="$TMPDIR/go" 14 - ''; 15 - 16 - buildPhase = 17 - let 18 - pluginArgs = 19 - lib.concatMapStringsSep " " (plugin: "--with ${plugin}") plugins; 20 - in 21 - '' 22 - runHook preBuild 23 - ${pkgs.xcaddy}/bin/xcaddy build "v${version}" ${pluginArgs} 24 - runHook postBuild 25 - ''; 26 - 27 - installPhase = '' 28 - runHook preInstall 29 - mkdir -p $out/bin 30 - mv caddy $out/bin 31 - runHook postInstall 32 - ''; 33 - }
-22
nixos/common/caddy/default.nix
··· 1 - { config, pkgs, lib, ... }: 2 - 3 - with lib; 4 - 5 - { 6 - nix.settings.sandbox = false; 7 - 8 - services.caddy = { 9 - enable = true; 10 - package = (pkgs.callPackage ./custom-caddy.nix { 11 - plugins = [ "github.com/caddy-dns/cloudflare" ]; 12 - }); 13 - 14 - virtualHosts."localhost".extraConfig = '' 15 - respond "OK" 16 - ''; 17 - }; 18 - networking.firewall.allowedTCPPorts = [ 19 - 80 20 - 443 21 - ]; 22 - }
+17
nixos/ferret/caddy.nix
··· 6 6 443 7 7 ]; 8 8 9 + security.acme = { 10 + acceptTerms = true; 11 + defaults.email = "alex@otter.foo"; 12 + 13 + certs."ferret.otter.place" = { 14 + extraDomainNames = [ "*.ferret.otter.place" ]; 15 + dnsProvider = "cloudflare"; 16 + dnsPropagationCheck = true; 17 + # Supplying password files like this will make your credentials world-readable 18 + # in the Nix store. This is for demonstration purpose only, do not use this in production. 19 + environmentFile = "${pkgs.writeText "cloudflare-creds" '' 20 + CLOUDFLARE_EMAIL=xxxxxxxxxx 21 + CLOUDFLARE_API_KEY=yyyyyyyyyy 22 + ''}"; 23 + }; 24 + }; 25 + 9 26 services.caddy = { 10 27 enable = true; 11 28 virtualHosts."localhost".extraConfig = ''
+1 -1
nixos/ferret/default.nix
··· 5 5 ./configuration.nix 6 6 ./hardware-configuration.nix 7 7 ./media.nix 8 - ../common/caddy 8 + ./caddy.nix 9 9 ]; 10 10 11 11 security.polkit.enable = true;