add caddy

2025-06-04 02:57:11 -04:00 · 2025-06-04 02:57:11 -04:00 · 3a9acadf0a
commit 3a9acadf0a
parent 7fb32811d4
2 changed files with 46 additions and 14 deletions
--- a/modules/caddy/caddy.nix
+++ b/modules/caddy/caddy.nix
@ -1,14 +0,0 @@
-{lib, pkgs, config, ...}:
-
-{
- 
-  services.caddy = {
-    enable = true;
-
-    virtualHosts = {
-      "s3.nekomimi.pet".extraConfig = ''
-        reverse_proxy http://127.0.0.1:3903
-      ''
-    };
-  };
-}
--- a/modules/caddy/default.nix
+++ b/modules/caddy/default.nix
@ -0,0 +1,46 @@
+{lib, pkgs, config, ...}:
+
+/* taken from https://github.com/jdheyburn/nixos-configs
+no license
+*/
+
+with lib;
+let
+  cfg = config.modules.caddy;
+  caddyMetricsPort = 2019
+in
+{
+  options = {
+    modules = {
+      caddy = { enable = mkEnableOption "Deploy Caddy"; };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # Allow network access when building
+    # https://mdleom.com/blog/2021/12/27/caddy-plugins-nixos/#xcaddy
+    #nix.settings.sandbox = false;
+
+    networking.firewall.allowedTCPPorts = [
+      80
+      443
+      caddyMetricsPort
+    ];
+
+    services.caddy = {
+      enable = true;
+      /* package = pkgs.caddy.withPlugins {
+        plugins = [ "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e"];
+        hash = "sha256-JVkUkDKdat4aALJHQCq1zorJivVCdyBT+7UhqTvaFLw=";
+      };*/
+    };
+
+    systemd.services.caddy = {
+      serviceConfig = {
+        AmbientCapabilities = "cap_net_bind_service";
+        CapabilityBoundingSet = "cap_net_bind_service";
+        TimeoutStartSec = "5m";
+      };
+    };
+  };
+}