caddy
This commit is contained in:
parent
90982b423c
commit
6e8309029b
5 changed files with 59 additions and 0 deletions
|
|
@ -2,10 +2,12 @@
|
||||||
security.acme.certs."caspervk.net" = {
|
security.acme.certs."caspervk.net" = {
|
||||||
domain = "*.caspervk.net";
|
domain = "*.caspervk.net";
|
||||||
reloadServices = [
|
reloadServices = [
|
||||||
|
"caddy.service"
|
||||||
"murmur.service"
|
"murmur.service"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
users.groups.acme.members = [
|
users.groups.acme.members = [
|
||||||
|
"caddy"
|
||||||
"murmur"
|
"murmur"
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
25
hosts/alpha/caddy.nix
Normal file
25
hosts/alpha/caddy.nix
Normal file
|
|
@ -0,0 +1,25 @@
|
||||||
|
{...}: {
|
||||||
|
# See modules/server/caddy.nix
|
||||||
|
services.caddy = {
|
||||||
|
# Wildcard certificates are used whenever possible to avoid leaking domains
|
||||||
|
# to the certificate transparency logs.
|
||||||
|
virtualHosts = let
|
||||||
|
# https://caddy.community/t/caddy-server-that-returns-only-ip-address-as-text/6928
|
||||||
|
ipConfig = ''
|
||||||
|
templates
|
||||||
|
header Content-Type text/plain
|
||||||
|
respond "{{.RemoteIP}}"
|
||||||
|
'';
|
||||||
|
in {
|
||||||
|
# Explicit http:// and https:// disables automatic HTTPS redirect to
|
||||||
|
# allow for easier curl'ing.
|
||||||
|
"http://ip.caspervk.net" = {
|
||||||
|
extraConfig = ipConfig;
|
||||||
|
};
|
||||||
|
"https://ip.caspervk.net" = {
|
||||||
|
useACMEHost = "caspervk.net";
|
||||||
|
extraConfig = ipConfig;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -4,6 +4,7 @@
|
||||||
../../modules/base
|
../../modules/base
|
||||||
../../modules/server
|
../../modules/server
|
||||||
./acme.nix
|
./acme.nix
|
||||||
|
./caddy.nix
|
||||||
./hardware.nix
|
./hardware.nix
|
||||||
./knot-dns.nix
|
./knot-dns.nix
|
||||||
./mumble.nix
|
./mumble.nix
|
||||||
|
|
|
||||||
30
modules/server/caddy.nix
Normal file
30
modules/server/caddy.nix
Normal file
|
|
@ -0,0 +1,30 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
# Virtual hosts are configured in each server's caddy.nix. This module
|
||||||
|
# configures shared auxiliary settings if any are configured.
|
||||||
|
lib.mkIf (config.services.caddy.virtualHosts != {}) {
|
||||||
|
# Caddy is a powerful, enterprise-ready, open source web server with
|
||||||
|
# automatic HTTPS written in Go.
|
||||||
|
# https://nixos.wiki/wiki/Caddy
|
||||||
|
services.caddy = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall = {
|
||||||
|
allowedTCPPorts = [80 443];
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.persistence."/nix/persist" = {
|
||||||
|
directories = [
|
||||||
|
{
|
||||||
|
directory = "/var/lib/caddy";
|
||||||
|
user = "caddy";
|
||||||
|
group = "caddy";
|
||||||
|
mode = "0755";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
{...}: {
|
{...}: {
|
||||||
imports = [
|
imports = [
|
||||||
./acme.nix
|
./acme.nix
|
||||||
|
./caddy.nix
|
||||||
./system.nix
|
./system.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue