Refactor caddy module, add cloudflare to caddy, remove scalpel antipatterns
diff --git a/modules/caddy.nix b/modules/caddy.nix
index c152989..51efde5 100644
--- a/modules/caddy.nix
+++ b/modules/caddy.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }: {
+{ base, config, pkgs, lib, ... }: lib.recursiveUpdate {
services.caddy.enable = true;
services.caddy.configFile = lib.pipe ./caddy/caddyfile.nix [
import
@@ -9,4 +9,34 @@
services.caddy.package = pkgs.callPackage ../packages/caddy.nix { };
services.caddy.user = "root";
systemd.services.caddy.serviceConfig.ProtectHome = lib.mkForce false;
-}
+
+ sops.secrets.cloudflare_token = {
+ mode = "0600";
+ owner = config.users.users.root.name;
+ group = config.users.users.nobody.group;
+ sopsFile = ../secrets/caddy.json;
+ format = "json";
+ };
+} (
+ let
+ isDerived = base != null;
+ in
+ if isDerived
+ then
+ let
+ caddy_json = base.config.services.caddy.configFile;
+ in
+ {
+ scalpel.trafos."caddy.json" = {
+ source = toString caddy_json;
+ matchers."cloudflare_token".secret =
+ config.sops.secrets.cloudflare_token.path;
+ owner = config.users.users.root.name;
+ group = config.users.users.nobody.group;
+ mode = "0400";
+ };
+
+ services.caddy.configFile = lib.mkForce config.scalpel.trafos."caddy.json".destination;
+ }
+ else { }
+)