blep

update caddy
2025-06-16 17:37:29 -04:00 · 2025-06-16 17:24:56 -04:00
3 changed files with 79 additions and 4 deletions
--- a/hosts/morax/default.nix
+++ b/hosts/morax/default.nix
@ -11,6 +11,17 @@
    ../../host-secrets.nix
  ];

+  # Enable modules
+  modules.caddy.enable = true;
+  modules.garage.enable = true;
+
+  modules.caddy = {
+    email = "ana@nekomimi.pet";
+    reverseProxies = {
+      "s3.nkp.pet" = ["valefar:3900" "morax:3900"];
+    };
+  };
+
  system.stateVersion = "25.05";

  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
--- a/hosts/morax/hardware.nix
+++ b/hosts/morax/hardware.nix
@ -18,6 +18,11 @@
      fsType = "ext4";
    };

+  fileSystems."/garage" = {
+  device = "/dev/sda1";
+    fsType = "ext4";
+  };
+
  swapDevices = [ ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
--- a/modules/caddy/default.nix
+++ b/modules/caddy/default.nix
@ -8,11 +8,58 @@ with lib;
 let
  cfg = config.modules.caddy;
  caddyMetricsPort = 2019;
+  
+  # Generate Caddyfile content from the proxy configuration
+  generateCaddyfile = proxies: 
+    let
+      proxyEntries = mapAttrsToList (domain: upstreams: 
+        let
+          upstreamList = if isList upstreams then upstreams else [upstreams];
+          upstreamStr = concatStringsSep " " upstreamList;
+        in ''
+        ${domain} {
+          reverse_proxy ${upstreamStr}
+          
+          # Optional: Add some common headers for better proxying
+          header_up Host {upstream_hostport}
+          header_up X-Real-IP {remote_host}
+          header_up X-Forwarded-For {remote_host}
+          header_up X-Forwarded-Proto {scheme}
+        }
+      '') proxies;
+    in
+    concatStringsSep "\n\n" proxyEntries;
+    
 in
 {
  options = {
    modules = {
-      caddy = { enable = mkEnableOption "Deploy Caddy"; };
+      caddy = { 
+        enable = mkEnableOption "Deploy Caddy";
+        
+        reverseProxies = mkOption {
+          type = types.attrsOf (types.either types.str (types.listOf types.str));
+          default = {};
+          description = "Attribute set of domain to upstream mappings for reverse proxying. Upstreams can be a single string or a list of strings for load balancing.";
+          example = {
+            "notes.nekomimi.pet" = "valefar:3009";
+            "git.nekomimi.pet" = ["morax:3000" "valefar:3000"];  # Load balance between multiple upstreams
+            "api.nekomimi.pet" = ["server1:8080" "server2:8080" "server3:8080"];
+          };
+        };
+        
+        extraConfig = mkOption {
+          type = types.lines;
+          default = "";
+          description = "Extra Caddyfile configuration to append";
+        };
+        
+        email = mkOption {
+          type = types.nullOr types.str;
+          default = null;
+          description = "Email address for ACME certificate registration";
+        };
+      };
    };
  };

@ -30,9 +77,21 @@ in
    services.caddy = {
      enable = true;
      /*package = pkgs.caddy.withPlugins {
-        plugins = [ "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e"];
-        hash = "sha256-JVkUkDKdat4aALJHQCq1zorJivVCdyBT+7UhqTvaFLw=";
+        plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1"];
+        hash = "sha256-1niaf801sijvjrqvw998y8x7b43a0g162h3ry530qwl8lrgkapii";
      };*/
+      
+      extraConfig = ''
+        ${optionalString (cfg.email != null) ''
+          {
+            email ${cfg.email}
+          }
+        ''}
+        
+        ${generateCaddyfile cfg.reverseProxies}
+        
+        ${cfg.extraConfig}
+      '';
    };

    systemd.services.caddy = {
Author	SHA1	Message	Date
waveringana	30fc5a37e3	blep	2025-06-16 17:37:29 -04:00
waveringana	1023e50fb9	update caddy	2025-06-16 17:24:56 -04:00