modules/caddy.nix - Infra/NixFiles - Gitiles

 { base, config, pkgs, lib, ... }: lib.recursiveUpdate {
   services.caddy.enable = true;
   services.caddy.configFile = lib.pipe ./caddy/caddyfile.nix [
     import
     (f: f { inherit pkgs lib; })
     builtins.toJSON
     (pkgs.writeText "caddy.json")
   ];
   services.caddy.package = pkgs.callPackage ../packages/caddy.nix { };
   services.caddy.user = "root";
   systemd.services.caddy.serviceConfig.ProtectHome = lib.mkForce false;

   sops.secrets.cloudflare_token = {
     mode = "0600";
     owner = config.users.users.root.name;
     group = config.users.users.nobody.group;
     sopsFile = ../secrets/caddy.json;
     format = "json";
   };
 } (
   let
     isDerived = base != null;
   in
   if isDerived
   then
     let
       caddy_json = base.config.services.caddy.configFile;
     in
     {
       scalpel.trafos."caddy.json" = {
         source = toString caddy_json;
         matchers."cloudflare_token".secret =
           config.sops.secrets.cloudflare_token.path;
         owner = config.users.users.root.name;
         group = config.users.users.nobody.group;
         mode = "0400";
       };

       services.caddy.configFile = lib.mkForce config.scalpel.trafos."caddy.json".destination;

       systemd.services.caddy.reloadTriggers = [ caddy_json ];
     }
   else { }
 )
	{ base, config, pkgs, lib, ... }: lib.recursiveUpdate {
	services.caddy.enable = true;
	services.caddy.configFile = lib.pipe ./caddy/caddyfile.nix [
	import
	(f: f { inherit pkgs lib; })
	builtins.toJSON
	(pkgs.writeText "caddy.json")
	];
	services.caddy.package = pkgs.callPackage ../packages/caddy.nix { };
	services.caddy.user = "root";
	systemd.services.caddy.serviceConfig.ProtectHome = lib.mkForce false;

	sops.secrets.cloudflare_token = {
	mode = "0600";
	owner = config.users.users.root.name;
	group = config.users.users.nobody.group;
	sopsFile = ../secrets/caddy.json;
	format = "json";
	};
	} (
	let
	isDerived = base != null;
	in
	if isDerived
	then
	let
	caddy_json = base.config.services.caddy.configFile;
	in
	{
	scalpel.trafos."caddy.json" = {
	source = toString caddy_json;
	matchers."cloudflare_token".secret =
	config.sops.secrets.cloudflare_token.path;
	owner = config.users.users.root.name;
	group = config.users.users.nobody.group;
	mode = "0400";
	};

	services.caddy.configFile = lib.mkForce config.scalpel.trafos."caddy.json".destination;

	systemd.services.caddy.reloadTriggers = [ caddy_json ];
	}
	else { }
	)