caddy
This commit is contained in:
parent
90982b423c
commit
83d77adb77
|
@ -2,11 +2,13 @@
|
|||
security.acme.certs."caspervk.net" = {
|
||||
domain = "*.caspervk.net";
|
||||
reloadServices = [
|
||||
"caddy.service"
|
||||
"kresd@1.service"
|
||||
"kresd@2.service"
|
||||
];
|
||||
};
|
||||
users.groups.acme.members = [
|
||||
"caddy"
|
||||
"knot-resolver"
|
||||
];
|
||||
}
|
||||
|
|
25
hosts/delta/caddy.nix
Normal file
25
hosts/delta/caddy.nix
Normal file
|
@ -0,0 +1,25 @@
|
|||
{...}: {
|
||||
# See modules/server/caddy.nix
|
||||
services.caddy = {
|
||||
# Wildcard certificates are used whenever possible to avoid leaking domains
|
||||
# to the certificate transparency logs.
|
||||
virtualHosts = let
|
||||
# https://caddy.community/t/caddy-server-that-returns-only-ip-address-as-text/6928
|
||||
ipConfig = ''
|
||||
templates
|
||||
header Content-Type text/plain
|
||||
respond "{{.RemoteIP}}"
|
||||
'';
|
||||
in {
|
||||
# Explicit http:// and https:// disables automatic HTTPS redirect to
|
||||
# allow for easier curl'ing.
|
||||
"http://ip.caspervk.net" = {
|
||||
extraConfig = ipConfig;
|
||||
};
|
||||
"https://ip.caspervk.net" = {
|
||||
useACMEHost = "caspervk.net";
|
||||
extraConfig = ipConfig;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -4,6 +4,7 @@
|
|||
../../modules/base
|
||||
../../modules/server
|
||||
./acme.nix
|
||||
./caddy.nix
|
||||
./hardware.nix
|
||||
./knot-resolver.nix
|
||||
./network.nix
|
||||
|
|
30
modules/server/caddy.nix
Normal file
30
modules/server/caddy.nix
Normal file
|
@ -0,0 +1,30 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
# Virtual hosts are configured in each server's caddy.nix. This module
|
||||
# configures shared auxiliary settings if any are configured.
|
||||
lib.mkIf (config.services.caddy.virtualHosts != {}) {
|
||||
# Caddy is a powerful, enterprise-ready, open source web server with
|
||||
# automatic HTTPS written in Go.
|
||||
# https://nixos.wiki/wiki/Caddy
|
||||
services.caddy = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [80 443];
|
||||
};
|
||||
|
||||
environment.persistence."/nix/persist" = {
|
||||
directories = [
|
||||
{
|
||||
directory = "/var/lib/caddy";
|
||||
user = "caddy";
|
||||
group = "caddy";
|
||||
mode = "0755";
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,6 +1,7 @@
|
|||
{...}: {
|
||||
imports = [
|
||||
./acme.nix
|
||||
./caddy.nix
|
||||
./system.nix
|
||||
];
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue