diff options
| author | vkcku <[email protected]> | 2026-06-02 07:59:34 +0530 |
|---|---|---|
| committer | vkcku <[email protected]> | 2026-06-02 07:59:34 +0530 |
| commit | 027ac0682d2a1b865d6524a3ec33daaecef94adb (patch) | |
| tree | 04842fe9af195da668a91ad684fb9fe1c1badcc7 /infra/modules/caddy.nix | |
| parent | infra: name the devshell (diff) | |
infra: add caddy module
monorepo-revid: 8c7683c06b78606a897644ebf6f504215c373459
Diffstat (limited to 'infra/modules/caddy.nix')
| -rw-r--r-- | infra/modules/caddy.nix | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/infra/modules/caddy.nix b/infra/modules/caddy.nix new file mode 100644 index 0000000..69edb9b --- /dev/null +++ b/infra/modules/caddy.nix @@ -0,0 +1,99 @@ +{ inputs, self, ... }: +{ + flake.modules.nixos.caddy = + { + config, + lib, + pkgs, + ... + }: + let + trustedProxies = lib.strings.concatStringsSep " " [ ]; + in + { + infra.persist.directories = [ + config.services.caddy.logDir + config.services.caddy.dataDir + ]; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + + sops = { + secrets."services/cloudflare/dns_api_key" = { + owner = config.services.caddy.user; + }; + + templates."caddy.env" = { + content = '' + INFRA_CF_DNS_API_KEY="${config.sops.placeholder."services/cloudflare/dns_api_key"}" + ''; + owner = config.services.caddy.user; + }; + }; + + systemd.services.caddy.serviceConfig.EnvironmentFile = config.sops.templates."caddy.env".path; + + services.caddy = { + enable = true; + package = pkgs.caddy.withPlugins { + plugins = [ + "github.com/caddy-dns/[email protected]" # for DNS-01 challenge + ]; + hash = "sha256-bzMqxWTqrJ1skZmRTXyEMCKStXpljbqe5r0Ve2cnBfM="; + }; + + logFormat = '' + level INFO + output file ${config.services.caddy.logDir}/caddy.log + format append { + fields { + "caddy.version" "${config.services.caddy.package.version}" + "infra.version" "${self.rev or self.dirtyRev}" + "infra.nixpkgs_version" "${inputs.nixpkgs.rev}" + "os.name" "${config.system.nixos.codeName}" + "os.version" "${config.system.nixos.version}" + "host.id" "${config.networking.hostId}" + "host.name" "${config.networking.hostName}" + service caddy + } + } + ''; + + globalConfig = '' + admin :2019 + + grace_period 30s + + skip_install_trust + + email [email protected] + acme_dns cloudflare {env.INFRA_CF_DNS_API_KEY} + + servers { + timeouts { + read_body 45s + read_header 10s + write 45s + idle 10m + } + + trusted_proxies static [private_ranges] ${trustedProxies} + client_ip_headers CF-Connecting-IP X-Forwarded-For + } + + servers :443 { + name https + } + + servers :80 { + name http + } + ''; + + virtualHosts."http://" = { }; + }; + }; +} |