update caddy
This commit is contained in:
parent
2a961aaa91
commit
1023e50fb9
1 changed files with 64 additions and 6 deletions
|
|
@ -8,18 +8,63 @@ with lib;
|
||||||
let
|
let
|
||||||
cfg = config.modules.caddy;
|
cfg = config.modules.caddy;
|
||||||
caddyMetricsPort = 2019;
|
caddyMetricsPort = 2019;
|
||||||
|
|
||||||
|
# Generate Caddyfile content from the proxy configuration
|
||||||
|
generateCaddyfile = proxies:
|
||||||
|
let
|
||||||
|
proxyEntries = mapAttrsToList (domain: upstream: ''
|
||||||
|
${domain} {
|
||||||
|
reverse_proxy ${upstream}
|
||||||
|
|
||||||
|
# Optional: Add some common headers for better proxying
|
||||||
|
header_up Host {upstream_hostport}
|
||||||
|
header_up X-Real-IP {remote_host}
|
||||||
|
header_up X-Forwarded-For {remote_host}
|
||||||
|
header_up X-Forwarded-Proto {scheme}
|
||||||
|
}
|
||||||
|
'') proxies;
|
||||||
|
in
|
||||||
|
concatStringsSep "\n\n" proxyEntries;
|
||||||
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
modules = {
|
modules = {
|
||||||
caddy = { enable = mkEnableOption "Deploy Caddy"; };
|
caddy = {
|
||||||
|
enable = mkEnableOption "Deploy Caddy";
|
||||||
|
|
||||||
|
# New option for reverse proxy configuration
|
||||||
|
reverseProxies = mkOption {
|
||||||
|
type = types.attrsOf types.str;
|
||||||
|
default = {};
|
||||||
|
description = "Attribute set of domain to upstream mappings for reverse proxying";
|
||||||
|
example = {
|
||||||
|
"notes.nekomimi.pet" = "valefar:3009";
|
||||||
|
"git.nekomimi.pet" = "morax:3000";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Optional: Allow custom Caddyfile content to be appended
|
||||||
|
extraConfig = mkOption {
|
||||||
|
type = types.lines;
|
||||||
|
default = "";
|
||||||
|
description = "Extra Caddyfile configuration to append";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Optional: Email for ACME/Let's Encrypt
|
||||||
|
email = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = "Email address for ACME certificate registration";
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
# Allow network access when building
|
# Allow network access when building
|
||||||
# https://mdleom.com/blog/2021/12/27/caddy-plugins-nixos/#xcaddy
|
# https://mdleom.com/blog/2021/12/27/caddy-plugins-nixos/#xcaddy
|
||||||
#nix.settings.sandbox = false;
|
nix.settings.sandbox = false;
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [
|
||||||
80
|
80
|
||||||
|
|
@ -29,10 +74,23 @@ in
|
||||||
|
|
||||||
services.caddy = {
|
services.caddy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
/* package = pkgs.caddy.withPlugins {
|
package = pkgs.caddy.withPlugins {
|
||||||
plugins = [ "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e"];
|
plugins = [ "github.com/caddy-dns/cloudflare"];
|
||||||
hash = "sha256-JVkUkDKdat4aALJHQCq1zorJivVCdyBT+7UhqTvaFLw=";
|
hash = "sha256-1niaf801sijvjrqvw998y8x7b43a0g162h3ry530qwl8lrgkapii";
|
||||||
};*/
|
};
|
||||||
|
|
||||||
|
# Generate the Caddyfile from our configuration
|
||||||
|
extraConfig = ''
|
||||||
|
${optionalString (cfg.email != null) ''
|
||||||
|
{
|
||||||
|
email ${cfg.email}
|
||||||
|
}
|
||||||
|
''}
|
||||||
|
|
||||||
|
${generateCaddyfile cfg.reverseProxies}
|
||||||
|
|
||||||
|
${cfg.extraConfig}
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.caddy = {
|
systemd.services.caddy = {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue