Gitiles
Code Review Sign In
git.clicks.codes / Infra / NixFiles / 3e8dd8254f410b6e067693d27e48d2a30dd23e21 / . / modules / caddy.nix
blob: 26e0a58092c09671a25ad14f86fb0b346317b559 [file] [log] [blame]
TheCodedProfbdc23452023-06-14 13:39:10 -0400[diff] [blame]1{ base, config, pkgs, lib, ... }: lib.recursiveUpdate
2{
Skyler Grey09c5cda2023-10-09 07:10:10 +0000[diff] [blame]3 services.nginx.enable = false; # PrivateBin, nextcloud etc. attempts to enable nginx but we already use caddy
Skyler Grey4f3e6062023-03-04 01:29:29 +0000[diff] [blame]4 services.caddy.enable = true;
Skyler Grey40ab9af2023-05-20 18:03:53 +0200[diff] [blame]5 services.caddy.configFile = lib.pipe ./caddy/caddyfile.nix [
6 import
TheCodedProf85256bc2023-06-13 13:02:53 -0400[diff] [blame]7 (f: f { inherit pkgs lib config; })
Skyler Grey40ab9af2023-05-20 18:03:53 +0200[diff] [blame]8 builtins.toJSON
9 (pkgs.writeText "caddy.json")
10 ];
Skyler Grey0e71dcd2023-05-21 00:05:17 +0200[diff] [blame]11 services.caddy.package = pkgs.callPackage ../packages/caddy.nix { };
Skyler Grey8b0e52f2023-05-01 21:31:07 +0000[diff] [blame]12 services.caddy.user = "root";
13 systemd.services.caddy.serviceConfig.ProtectHome = lib.mkForce false;
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]14
15 sops.secrets.cloudflare_token = {
16 mode = "0600";
17 owner = config.users.users.root.name;
18 group = config.users.users.nobody.group;
19 sopsFile = ../secrets/caddy.json;
20 format = "json";
21 };
TheCodedProfbdc23452023-06-14 13:39:10 -0400[diff] [blame]22}
23 (
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]24 let
TheCodedProfbdc23452023-06-14 13:39:10 -0400[diff] [blame]25 isDerived = base != null;
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]26 in
TheCodedProfbdc23452023-06-14 13:39:10 -0400[diff] [blame]27 if isDerived
28 then
29 let
30 caddy_json = base.config.services.caddy.configFile;
31 in
32 {
33 scalpel.trafos."caddy.json" = {
34 source = toString caddy_json;
35 matchers."cloudflare_token".secret =
36 config.sops.secrets.cloudflare_token.path;
37 owner = config.users.users.root.name;
38 group = config.users.users.nobody.group;
39 mode = "0400";
40 };
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]41
TheCodedProfbdc23452023-06-14 13:39:10 -0400[diff] [blame]42 services.caddy.configFile = lib.mkForce config.scalpel.trafos."caddy.json".destination;
Skyler Greyb3516c22023-05-24 19:17:11 +0200[diff] [blame]43
TheCodedProfbdc23452023-06-14 13:39:10 -0400[diff] [blame]44 systemd.services.caddy.reloadTriggers = [ caddy_json ];
45 }
46 else { }
47 )