41 lines
1.3 KiB
Nix
41 lines
1.3 KiB
Nix
{ config, pkgs, ... }:
|
|
{
|
|
sops.secrets.caddy_env = {
|
|
sopsFile = ../secrets/caddy.env;
|
|
format = "dotenv";
|
|
mode = "0440";
|
|
owner = config.services.caddy.user;
|
|
group = config.services.caddy.group;
|
|
restartUnits = [ "caddy.service" ];
|
|
};
|
|
services.caddy = {
|
|
enable = true;
|
|
package = pkgs.caddy.withPlugins {
|
|
# NOTE: Occasionally specify @latest and update the new versions, and the result hash.
|
|
plugins = [
|
|
"github.com/mholt/caddy-dynamicdns@v0.0.0-20250430031602-b846b9e8fb83"
|
|
"github.com/caddy-dns/cloudflare@v0.2.1"
|
|
];
|
|
|
|
# NOTE: Built on 6/4/2025
|
|
hash = "sha256-swskhAr7yFJX+qy0FR54nqJarTOojwhV2Mbk7+fyS0I=";
|
|
};
|
|
# NOTE: Use Staging CA while testing, check `systemctl status caddy`
|
|
# to see if everything is working.
|
|
# acmeCA = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
|
|
|
# TODO: Add Metrics with Prometheus & Grafana
|
|
environmentFile = config.sops.secrets.caddy_env.path;
|
|
globalConfig = ''
|
|
# acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
|
dynamic_dns {
|
|
provider cloudflare {env.CLOUDFLARE_API_TOKEN}
|
|
domains {
|
|
${config.networking.domain} @
|
|
}
|
|
dynamic_domains
|
|
}
|
|
'';
|
|
};
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
}
|