2025-01-27 04:02:11 -05:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
lib,
|
2025-01-30 12:33:03 -05:00
|
|
|
pkgs,
|
2025-01-27 04:02:11 -05:00
|
|
|
...
|
|
|
|
|
}:
|
|
|
|
|
let
|
|
|
|
|
cfg = config.my.caddy;
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
options.my.caddy = {
|
|
|
|
|
enable = lib.mkEnableOption "caddy reverse proxy";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
|
|
|
services.caddy = {
|
|
|
|
|
enable = true;
|
2025-01-30 12:33:03 -05:00
|
|
|
package = pkgs.caddy.withPlugins {
|
|
|
|
|
plugins = [
|
|
|
|
|
# error message will tell you the correct version tag to use
|
|
|
|
|
# (still need the @ to pass nix config check)
|
|
|
|
|
"github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e"
|
|
|
|
|
];
|
|
|
|
|
hash = "sha256-jCcSzenewQiW897GFHF9WAcVkGaS/oUu63crJu7AyyQ=";
|
|
|
|
|
};
|
2025-01-27 04:02:11 -05:00
|
|
|
logFormat = lib.mkForce "level INFO";
|
2025-01-27 05:49:00 -05:00
|
|
|
acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
(common) {
|
|
|
|
|
encode zstd gzip
|
|
|
|
|
header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
|
|
|
|
|
}
|
|
|
|
|
'';
|
2025-01-30 12:33:03 -05:00
|
|
|
globalConfig = ''
|
|
|
|
|
acme_dns cloudflare {$CLOUDFLARE_KEY}
|
|
|
|
|
'';
|
|
|
|
|
environmentFile = config.sops.secrets."caddy/env".path;
|
2025-01-27 04:02:11 -05:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
