46 lines
No EOL
1 KiB
Nix
46 lines
No EOL
1 KiB
Nix
{lib, pkgs, config, ...}:
|
|
|
|
/* taken from https://github.com/jdheyburn/nixos-configs
|
|
no license
|
|
*/
|
|
|
|
with lib;
|
|
let
|
|
cfg = config.modules.caddy;
|
|
caddyMetricsPort = 2019;
|
|
in
|
|
{
|
|
options = {
|
|
modules = {
|
|
caddy = { enable = mkEnableOption "Deploy Caddy"; };
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
# Allow network access when building
|
|
# https://mdleom.com/blog/2021/12/27/caddy-plugins-nixos/#xcaddy
|
|
#nix.settings.sandbox = false;
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
80
|
|
443
|
|
caddyMetricsPort
|
|
];
|
|
|
|
services.caddy = {
|
|
enable = true;
|
|
/* package = pkgs.caddy.withPlugins {
|
|
plugins = [ "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e"];
|
|
hash = "sha256-JVkUkDKdat4aALJHQCq1zorJivVCdyBT+7UhqTvaFLw=";
|
|
};*/
|
|
};
|
|
|
|
systemd.services.caddy = {
|
|
serviceConfig = {
|
|
AmbientCapabilities = "cap_net_bind_service";
|
|
CapabilityBoundingSet = "cap_net_bind_service";
|
|
TimeoutStartSec = "5m";
|
|
};
|
|
};
|
|
};
|
|
} |