From 3a9acadf0ab67121057e8cf8445fd3d6e5f5a66a Mon Sep 17 00:00:00 2001 From: waveringana Date: Wed, 4 Jun 2025 02:57:11 -0400 Subject: [PATCH] add caddy --- modules/caddy/caddy.nix | 14 ------------ modules/caddy/default.nix | 46 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 14 deletions(-) delete mode 100644 modules/caddy/caddy.nix create mode 100644 modules/caddy/default.nix diff --git a/modules/caddy/caddy.nix b/modules/caddy/caddy.nix deleted file mode 100644 index 724fde2..0000000 --- a/modules/caddy/caddy.nix +++ /dev/null @@ -1,14 +0,0 @@ -{lib, pkgs, config, ...}: - -{ - - services.caddy = { - enable = true; - - virtualHosts = { - "s3.nekomimi.pet".extraConfig = '' - reverse_proxy http://127.0.0.1:3903 - '' - }; - }; -} \ No newline at end of file diff --git a/modules/caddy/default.nix b/modules/caddy/default.nix new file mode 100644 index 0000000..08a0a64 --- /dev/null +++ b/modules/caddy/default.nix @@ -0,0 +1,46 @@ +{lib, pkgs, config, ...}: + +/* taken from https://github.com/jdheyburn/nixos-configs +no license +*/ + +with lib; +let + cfg = config.modules.caddy; + caddyMetricsPort = 2019 +in +{ + options = { + modules = { + caddy = { enable = mkEnableOption "Deploy Caddy"; }; + }; + }; + + config = mkIf cfg.enable { + # Allow network access when building + # https://mdleom.com/blog/2021/12/27/caddy-plugins-nixos/#xcaddy + #nix.settings.sandbox = false; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + caddyMetricsPort + ]; + + services.caddy = { + enable = true; + /* package = pkgs.caddy.withPlugins { + plugins = [ "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e"]; + hash = "sha256-JVkUkDKdat4aALJHQCq1zorJivVCdyBT+7UhqTvaFLw="; + };*/ + }; + + systemd.services.caddy = { + serviceConfig = { + AmbientCapabilities = "cap_net_bind_service"; + CapabilityBoundingSet = "cap_net_bind_service"; + TimeoutStartSec = "5m"; + }; + }; + }; +} \ No newline at end of file