migrate chunk to caddy module

Signed-off-by: cy <cy@cy7.sh>
2025-01-27 05:49:00 -05:00 · 2025-01-27 05:49:00 -05:00 · 39111afeae
commit 39111afeae
parent a9a3ee8413
16 changed files with 91 additions and 14 deletions
--- a/hosts/chunk/adguard.nix
+++ b/hosts/chunk/adguard.nix
@ -21,4 +21,9 @@
      ];
    };
  };
  services.caddy.virtualHosts."dns.cything.io".extraConfig = ''
    import common
    reverse_proxy localhost:8082
  '';
 }
--- a/hosts/chunk/attic.nix
+++ b/hosts/chunk/attic.nix
@ -31,4 +31,9 @@
      };
    };
  };
  services.caddy.virtualHosts."cache.cything.io".extraConfig = ''
    import common
    reverse_proxy localhost:8090
  '';
 }
--- a/hosts/chunk/conduwuit.nix
+++ b/hosts/chunk/conduwuit.nix
@ -10,4 +10,9 @@
      allow_check_for_updates = true;
    };
  };
  services.caddy.virtualHosts."chat.cything.io".extraConfig = ''
    import common
    reverse_proxy localhost:8448
  '';
 }
--- a/hosts/chunk/default.nix
+++ b/hosts/chunk/default.nix
@ -183,11 +183,13 @@
  programs.gnupg.agent.enable = true;
  programs.git.enable = true;
-  services.caddy = {
+  my.caddy.enable = true;
-    enable = true;
+  services.caddy.virtualHosts."cy7.sh" = {
-    configFile = ./Caddyfile;
+    serverAliases = [ "www.cy7.sh" ];
-    environmentFile = config.sops.secrets."caddy/env".path;
+    extraConfig = ''
-    logFormat = lib.mkForce "level INFO";
+      import common
      redir https://cything.io temporary
    '';
  };
  # container stuff
--- a/hosts/chunk/deluge.nix
+++ b/hosts/chunk/deluge.nix
@ -7,4 +7,9 @@
      port = 8112;
    };
  };
  services.caddy.virtualHosts."t.cy7.sh".extraConfig = ''
    import common
    reverse_proxy localhost:8112
  '';
 }
--- a/hosts/chunk/element.nix
+++ b/hosts/chunk/element.nix
@ -25,4 +25,9 @@
      ${pkgs.podman}/bin/podman network create element-net
    '';
  };
  services.caddy.virtualHosts."element.cy7.sh".extraConfig = ''
    import common
    reverse_proxy localhost:8089
  '';
 }
--- a/hosts/chunk/forgejo.nix
+++ b/hosts/chunk/forgejo.nix
@ -30,4 +30,20 @@
      name = "git";
    };
  };
  services.caddy.virtualHosts."git.cy7.sh".extraConfig = ''
    import common
    reverse_proxy localhost:3000
  '';
  services.caddy.virtualHosts."git.cything.io".extraConfig = ''
    import common
    # wrap in route so things are evaluated in the order written
    route {
      # rewrite gitlab URIs to make it work with forgejo
      uri path_regexp /-/ /
      uri replace /blob/ /src/
      redir https://git.cy7.sh{uri} permanent
    }
  '';
 }
--- a/hosts/chunk/garage.nix
+++ b/hosts/chunk/garage.nix
@ -16,4 +16,9 @@
    };
    environmentFile = config.sops.secrets."garage/env".path;
  };
  services.caddy.virtualHosts."s3.cy7.sh".extraConfig = ''
    import common
    reverse_proxy localhost:3900
  '';
 }
--- a/hosts/chunk/grafana.nix
+++ b/hosts/chunk/grafana.nix
@ -31,4 +31,9 @@
      }
    ];
  };
  services.caddy.virtualHosts."grafana.cy7.sh".extraConfig = ''
    import common
    reverse_proxy localhost:8088
  '';
 }
--- a/hosts/chunk/hedgedoc.nix
+++ b/hosts/chunk/hedgedoc.nix
@ -16,4 +16,9 @@
      protocolUseSSL = true;
    };
  };
  services.caddy.virtualHosts."pad.cy7.sh".extraConfig = ''
    import common
    reverse_proxy localhost:8085
  '';
 }
--- a/hosts/chunk/immich.nix
+++ b/hosts/chunk/immich.nix
@ -95,4 +95,9 @@ in
      ${pkgs.podman}/bin/podman network create immich-net
    '';
  };
  services.caddy.virtualHosts."photos.cy7.sh".extraConfig = ''
    import common
    reverse_proxy localhost:2283
  '';
 }
--- a/hosts/chunk/miniflux.nix
+++ b/hosts/chunk/miniflux.nix
@ -9,4 +9,9 @@
      FORCE_REFRESH_INTERVAL = 0; # don't rate limit me
    };
  };
  services.caddy.virtualHosts."rss.cy7.sh".extraConfig = ''
    import common
    reverse_proxy localhost:8080
  '';
 }
--- a/hosts/chunk/redlib.nix
+++ b/hosts/chunk/redlib.nix
@ -10,4 +10,9 @@
      REDLIB_ROBOTS_DISABLE_INDEXING = "on";
    };
  };
  services.caddy.virtualHosts."red.cy7.sh".extraConfig = ''
    import common
    reverse_proxy localhost:8087
  '';
 }
--- a/hosts/chunk/vaultwarden.nix
+++ b/hosts/chunk/vaultwarden.nix
@ -10,4 +10,9 @@
      DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden";
    };
  };
  services.caddy.virtualHosts."pass.cy7.sh".extraConfig = ''
    import common
    reverse_proxy localhost:8081
  '';
 }
--- a/modules/caddy.nix
+++ b/modules/caddy.nix
@ -1,29 +1,27 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 let
  cfg = config.my.caddy;
  commonExtraConfig = ''
    encode zstd gzip
    header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
  '';
 in
 {
  options.my.caddy = {
    enable = lib.mkEnableOption "caddy reverse proxy";
    acmeCa = lib.mkOption {
      type = lib.types.str;
    };
  };
  config = lib.mkIf cfg.enable {
    services.caddy = {
      enable = true;
      logFormat = lib.mkForce "level INFO";
-      acmeCa = "https://acme-v02.api.letsencrypt.org/directory";
+      acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
      extraConfig = ''
        (common) {
          encode zstd gzip
          header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
        }
      '';
    };
  };
 }
--- a/modules/default.nix
+++ b/modules/default.nix
@ -2,5 +2,6 @@
 {
  imports = [
    ./backup.nix
    ./caddy.nix
  ];
 }