Gitiles
Code Review Sign In
git.clicks.codes / Infra / NixFiles / 3161851d0a35aafe6eb2afdabcb8b6399c6ad7ee / . / modules / caddy.nix
blob: eddcf80df913b6ad086eeb35475576af0fec17b9 [file] [log] [blame]
TheCodedProfbdc23452023-06-14 13:39:10 -0400[diff] [blame]1{ base, config, pkgs, lib, ... }: lib.recursiveUpdate
2{
Skyler Grey4f3e6062023-03-04 01:29:29 +0000[diff] [blame]3 services.caddy.enable = true;
Skyler Grey40ab9af2023-05-20 18:03:53 +0200[diff] [blame]4 services.caddy.configFile = lib.pipe ./caddy/caddyfile.nix [
5 import
TheCodedProf85256bc2023-06-13 13:02:53 -0400[diff] [blame]6 (f: f { inherit pkgs lib config; })
Skyler Grey40ab9af2023-05-20 18:03:53 +0200[diff] [blame]7 builtins.toJSON
8 (pkgs.writeText "caddy.json")
9 ];
Skyler Grey0e71dcd2023-05-21 00:05:17 +0200[diff] [blame]10 services.caddy.package = pkgs.callPackage ../packages/caddy.nix { };
Skyler Grey8b0e52f2023-05-01 21:31:07 +0000[diff] [blame]11 services.caddy.user = "root";
12 systemd.services.caddy.serviceConfig.ProtectHome = lib.mkForce false;
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]13
14 sops.secrets.cloudflare_token = {
15 mode = "0600";
16 owner = config.users.users.root.name;
17 group = config.users.users.nobody.group;
18 sopsFile = ../secrets/caddy.json;
19 format = "json";
20 };
TheCodedProfbdc23452023-06-14 13:39:10 -0400[diff] [blame]21}
22 (
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]23 let
TheCodedProfbdc23452023-06-14 13:39:10 -0400[diff] [blame]24 isDerived = base != null;
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]25 in
TheCodedProfbdc23452023-06-14 13:39:10 -0400[diff] [blame]26 if isDerived
27 then
28 let
29 caddy_json = base.config.services.caddy.configFile;
30 in
31 {
32 scalpel.trafos."caddy.json" = {
33 source = toString caddy_json;
34 matchers."cloudflare_token".secret =
35 config.sops.secrets.cloudflare_token.path;
36 owner = config.users.users.root.name;
37 group = config.users.users.nobody.group;
38 mode = "0400";
39 };
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]40
TheCodedProfbdc23452023-06-14 13:39:10 -0400[diff] [blame]41 services.caddy.configFile = lib.mkForce config.scalpel.trafos."caddy.json".destination;
Skyler Greyb3516c22023-05-24 19:17:11 +0200[diff] [blame]42
TheCodedProfbdc23452023-06-14 13:39:10 -0400[diff] [blame]43 systemd.services.caddy.reloadTriggers = [ caddy_json ];
44 }
45 else { }
46 )