nekomimi.pet / nixcfg
my nix configs for my servers and desktop
fork atom

update caddy

nekomimi.pet 1023e50f 2a961aaa

options
unified split
Changed files
+64 -6
modules
caddy
default.nix
+64 -6
modules/caddy/default.nix
··· 8 8 let 9 9 cfg = config.modules.caddy; 10 10 caddyMetricsPort = 2019; 11 + 12 + # Generate Caddyfile content from the proxy configuration 13 + generateCaddyfile = proxies: 14 + let 15 + proxyEntries = mapAttrsToList (domain: upstream: '' 16 + ${domain} { 17 + reverse_proxy ${upstream} 18 + 19 + # Optional: Add some common headers for better proxying 20 + header_up Host {upstream_hostport} 21 + header_up X-Real-IP {remote_host} 22 + header_up X-Forwarded-For {remote_host} 23 + header_up X-Forwarded-Proto {scheme} 24 + } 25 + '') proxies; 26 + in 27 + concatStringsSep "\n\n" proxyEntries; 28 + 11 29 in 12 30 { 13 31 options = { 14 32 modules = { 15 - caddy = { enable = mkEnableOption "Deploy Caddy"; }; 33 + caddy = { 34 + enable = mkEnableOption "Deploy Caddy"; 35 + 36 + # New option for reverse proxy configuration 37 + reverseProxies = mkOption { 38 + type = types.attrsOf types.str; 39 + default = {}; 40 + description = "Attribute set of domain to upstream mappings for reverse proxying"; 41 + example = { 42 + "notes.nekomimi.pet" = "valefar:3009"; 43 + "git.nekomimi.pet" = "morax:3000"; 44 + }; 45 + }; 46 + 47 + # Optional: Allow custom Caddyfile content to be appended 48 + extraConfig = mkOption { 49 + type = types.lines; 50 + default = ""; 51 + description = "Extra Caddyfile configuration to append"; 52 + }; 53 + 54 + # Optional: Email for ACME/Let's Encrypt 55 + email = mkOption { 56 + type = types.nullOr types.str; 57 + default = null; 58 + description = "Email address for ACME certificate registration"; 59 + }; 60 + }; 16 61 }; 17 62 }; 18 63 19 64 config = mkIf cfg.enable { 20 65 # Allow network access when building 21 66 # https://mdleom.com/blog/2021/12/27/caddy-plugins-nixos/#xcaddy 22 - #nix.settings.sandbox = false; 67 + nix.settings.sandbox = false; 23 68 24 69 networking.firewall.allowedTCPPorts = [ 25 70 80 ··· 29 74 30 75 services.caddy = { 31 76 enable = true; 32 - /* package = pkgs.caddy.withPlugins { 33 - plugins = [ "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e"]; 34 - hash = "sha256-JVkUkDKdat4aALJHQCq1zorJivVCdyBT+7UhqTvaFLw="; 35 - };*/ 77 + package = pkgs.caddy.withPlugins { 78 + plugins = [ "github.com/caddy-dns/cloudflare"]; 79 + hash = "sha256-1niaf801sijvjrqvw998y8x7b43a0g162h3ry530qwl8lrgkapii"; 80 + }; 81 + 82 + # Generate the Caddyfile from our configuration 83 + extraConfig = '' 84 + ${optionalString (cfg.email != null) '' 85 + { 86 + email ${cfg.email} 87 + } 88 + ''} 89 + 90 + ${generateCaddyfile cfg.reverseProxies} 91 + 92 + ${cfg.extraConfig} 93 + ''; 36 94 }; 37 95 38 96 systemd.services.caddy = {