nekomimi.pet
my nix configs for my servers and desktop
blep
+30
-13
+11
hosts/morax/default.nix
+11
hosts/morax/default.nix
···
11
../../host-secrets.nix
12
];
13
14
+
# Enable modules
15
+
modules.caddy.enable = true;
16
+
modules.garage.enable = true;
17
+
18
+
modules.caddy = {
19
+
email = "ana@nekomimi.pet";
20
+
reverseProxies = {
21
+
"s3.nkp.pet" = ["valefar:3900" "morax:3900"];
22
+
};
23
+
};
24
+
25
system.stateVersion = "25.05";
26
27
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+5
hosts/morax/hardware.nix
+5
hosts/morax/hardware.nix
+14
-13
modules/caddy/default.nix
+14
-13
modules/caddy/default.nix
···
12
# Generate Caddyfile content from the proxy configuration
13
generateCaddyfile = proxies:
14
let
15
-
proxyEntries = mapAttrsToList (domain: upstream: ''
16
${domain} {
17
-
reverse_proxy ${upstream}
18
19
# Optional: Add some common headers for better proxying
20
header_up Host {upstream_hostport}
···
33
caddy = {
34
enable = mkEnableOption "Deploy Caddy";
35
36
-
# New option for reverse proxy configuration
37
reverseProxies = mkOption {
38
-
type = types.attrsOf types.str;
39
default = {};
40
-
description = "Attribute set of domain to upstream mappings for reverse proxying";
41
example = {
42
"notes.nekomimi.pet" = "valefar:3009";
43
-
"git.nekomimi.pet" = "morax:3000";
44
};
45
};
46
47
-
# Optional: Allow custom Caddyfile content to be appended
48
extraConfig = mkOption {
49
type = types.lines;
50
default = "";
51
description = "Extra Caddyfile configuration to append";
52
};
53
54
-
# Optional: Email for ACME/Let's Encrypt
55
email = mkOption {
56
type = types.nullOr types.str;
57
default = null;
···
64
config = mkIf cfg.enable {
65
# Allow network access when building
66
# https://mdleom.com/blog/2021/12/27/caddy-plugins-nixos/#xcaddy
67
-
nix.settings.sandbox = false;
68
69
networking.firewall.allowedTCPPorts = [
70
80
···
74
75
services.caddy = {
76
enable = true;
77
-
package = pkgs.caddy.withPlugins {
78
-
plugins = [ "github.com/caddy-dns/cloudflare"];
79
hash = "sha256-1niaf801sijvjrqvw998y8x7b43a0g162h3ry530qwl8lrgkapii";
80
-
};
81
82
-
# Generate the Caddyfile from our configuration
83
extraConfig = ''
84
${optionalString (cfg.email != null) ''
85
{
···
12
# Generate Caddyfile content from the proxy configuration
13
generateCaddyfile = proxies:
14
let
15
+
proxyEntries = mapAttrsToList (domain: upstreams:
16
+
let
17
+
upstreamList = if isList upstreams then upstreams else [upstreams];
18
+
upstreamStr = concatStringsSep " " upstreamList;
19
+
in ''
20
${domain} {
21
+
reverse_proxy ${upstreamStr}
22
23
# Optional: Add some common headers for better proxying
24
header_up Host {upstream_hostport}
···
37
caddy = {
38
enable = mkEnableOption "Deploy Caddy";
39
40
reverseProxies = mkOption {
41
+
type = types.attrsOf (types.either types.str (types.listOf types.str));
42
default = {};
43
+
description = "Attribute set of domain to upstream mappings for reverse proxying. Upstreams can be a single string or a list of strings for load balancing.";
44
example = {
45
"notes.nekomimi.pet" = "valefar:3009";
46
+
"git.nekomimi.pet" = ["morax:3000" "valefar:3000"]; # Load balance between multiple upstreams
47
+
"api.nekomimi.pet" = ["server1:8080" "server2:8080" "server3:8080"];
48
};
49
};
50
51
extraConfig = mkOption {
52
type = types.lines;
53
default = "";
54
description = "Extra Caddyfile configuration to append";
55
};
56
57
email = mkOption {
58
type = types.nullOr types.str;
59
default = null;
···
66
config = mkIf cfg.enable {
67
# Allow network access when building
68
# https://mdleom.com/blog/2021/12/27/caddy-plugins-nixos/#xcaddy
69
+
#nix.settings.sandbox = false;
70
71
networking.firewall.allowedTCPPorts = [
72
80
···
76
77
services.caddy = {
78
enable = true;
79
+
/*package = pkgs.caddy.withPlugins {
80
+
plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1"];
81
hash = "sha256-1niaf801sijvjrqvw998y8x7b43a0g162h3ry530qwl8lrgkapii";
82
+
};*/
83
84
extraConfig = ''
85
${optionalString (cfg.email != null) ''
86
{