From 1023e50fb996411990480fd368d84cb8206c0b02 Mon Sep 17 00:00:00 2001
From: waveringana <ana@nekomimi.pet>
Date: Mon, 16 Jun 2025 17:24:56 -0400
Subject: [PATCH] update caddy

---
 modules/caddy/default.nix | 70 +++++++++++++++++++++++++++++++++++----
 1 file changed, 64 insertions(+), 6 deletions(-)

diff --git a/modules/caddy/default.nix b/modules/caddy/default.nix
index 1a073f9..d30f8ad 100755
--- a/modules/caddy/default.nix
+++ b/modules/caddy/default.nix
@@ -8,18 +8,63 @@ with lib;
 let
   cfg = config.modules.caddy;
   caddyMetricsPort = 2019;
+  
+  # Generate Caddyfile content from the proxy configuration
+  generateCaddyfile = proxies: 
+    let
+      proxyEntries = mapAttrsToList (domain: upstream: ''
+        ${domain} {
+          reverse_proxy ${upstream}
+          
+          # Optional: Add some common headers for better proxying
+          header_up Host {upstream_hostport}
+          header_up X-Real-IP {remote_host}
+          header_up X-Forwarded-For {remote_host}
+          header_up X-Forwarded-Proto {scheme}
+        }
+      '') proxies;
+    in
+    concatStringsSep "\n\n" proxyEntries;
+    
 in
 {
   options = {
     modules = {
-      caddy = { enable = mkEnableOption "Deploy Caddy"; };
+      caddy = { 
+        enable = mkEnableOption "Deploy Caddy";
+        
+        # New option for reverse proxy configuration
+        reverseProxies = mkOption {
+          type = types.attrsOf types.str;
+          default = {};
+          description = "Attribute set of domain to upstream mappings for reverse proxying";
+          example = {
+            "notes.nekomimi.pet" = "valefar:3009";
+            "git.nekomimi.pet" = "morax:3000";
+          };
+        };
+        
+        # Optional: Allow custom Caddyfile content to be appended
+        extraConfig = mkOption {
+          type = types.lines;
+          default = "";
+          description = "Extra Caddyfile configuration to append";
+        };
+        
+        # Optional: Email for ACME/Let's Encrypt
+        email = mkOption {
+          type = types.nullOr types.str;
+          default = null;
+          description = "Email address for ACME certificate registration";
+        };
+      };
     };
   };
 
   config = mkIf cfg.enable {
     # Allow network access when building
     # https://mdleom.com/blog/2021/12/27/caddy-plugins-nixos/#xcaddy
-    #nix.settings.sandbox = false;
+    nix.settings.sandbox = false;
 
     networking.firewall.allowedTCPPorts = [
       80
@@ -29,10 +74,23 @@ in
 
     services.caddy = {
       enable = true;
-      /* package = pkgs.caddy.withPlugins {
-        plugins = [ "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e"];
-        hash = "sha256-JVkUkDKdat4aALJHQCq1zorJivVCdyBT+7UhqTvaFLw=";
-      };*/
+      package = pkgs.caddy.withPlugins {
+        plugins = [ "github.com/caddy-dns/cloudflare"];
+        hash = "sha256-1niaf801sijvjrqvw998y8x7b43a0g162h3ry530qwl8lrgkapii";
+      };
+      
+      # Generate the Caddyfile from our configuration
+      extraConfig = ''
+        ${optionalString (cfg.email != null) ''
+          {
+            email ${cfg.email}
+          }
+        ''}
+        
+        ${generateCaddyfile cfg.reverseProxies}
+        
+        ${cfg.extraConfig}
+      '';
     };
 
     systemd.services.caddy = {