Gitiles
Code Review Sign In
git.clicks.codes / Infra / NixFiles / b3516c2fa7d5c0367ddde969833daa9705e5ca25 / . / modules / caddy.nix
blob: a76672eefb8ff431ab5ed499453431f5af672beb [file] [log] [blame]
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]1{ base, config, pkgs, lib, ... }: lib.recursiveUpdate {
Skyler Grey4f3e6062023-03-04 01:29:29 +0000[diff] [blame]2 services.caddy.enable = true;
Skyler Grey40ab9af2023-05-20 18:03:53 +0200[diff] [blame]3 services.caddy.configFile = lib.pipe ./caddy/caddyfile.nix [
4 import
Skyler Grey0e71dcd2023-05-21 00:05:17 +0200[diff] [blame]5 (f: f { inherit pkgs lib; })
Skyler Grey40ab9af2023-05-20 18:03:53 +0200[diff] [blame]6 builtins.toJSON
7 (pkgs.writeText "caddy.json")
8 ];
Skyler Grey0e71dcd2023-05-21 00:05:17 +0200[diff] [blame]9 services.caddy.package = pkgs.callPackage ../packages/caddy.nix { };
Skyler Grey8b0e52f2023-05-01 21:31:07 +0000[diff] [blame]10 services.caddy.user = "root";
11 systemd.services.caddy.serviceConfig.ProtectHome = lib.mkForce false;
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]12
13 sops.secrets.cloudflare_token = {
14 mode = "0600";
15 owner = config.users.users.root.name;
16 group = config.users.users.nobody.group;
17 sopsFile = ../secrets/caddy.json;
18 format = "json";
19 };
20} (
21 let
22 isDerived = base != null;
23 in
24 if isDerived
25 then
26 let
27 caddy_json = base.config.services.caddy.configFile;
28 in
29 {
30 scalpel.trafos."caddy.json" = {
31 source = toString caddy_json;
32 matchers."cloudflare_token".secret =
33 config.sops.secrets.cloudflare_token.path;
34 owner = config.users.users.root.name;
35 group = config.users.users.nobody.group;
36 mode = "0400";
37 };
38
39 services.caddy.configFile = lib.mkForce config.scalpel.trafos."caddy.json".destination;
Skyler Greyb3516c22023-05-24 19:17:11 +0200[diff] [blame^]40
41 systemd.services.caddy.reloadTriggers = [ caddy_json ];
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]42 }
43 else { }
44)