pazpi/nix
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

random test

Browse source
This commit is contained in:
= 2025-01-19 15:11:59 +01:00
parent 03def204c7
commit 700bca41c3
8 changed files with 254 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

106
modules/networking/caddy.nix
View file

@ -28,29 +28,27 @@ in
];
};
# claudflareApiKeyFile = lib.mkOption {
# default = "";
# type = lib.types.str;
# description = ''
# Cloudflare API key file
# '';
# };
dynamicdnsDomains = lib.mkOption {
type = lib.types.listOf (lib.types.attrsOf lib.types.str);
description = ''
A list of domains to update with the dynamicdns plugin.
'';
default = [
{
domain = "example.com";
cloudflareApiEnvName = "CLOUDFLARE_API_TOKEN_MY_DOMAIN";
}
];
};
# domain = lib.mkOption {
# default = "example.com";
# type = lib.types.str;
# description = ''
# The domain where Caddy is reachable
# '';
# };
# email = lib.mkOption {
# default = "user@domain.com";
# type = lib.types.str;
# description = ''
# Email for Certbot
# '';
# };
configEnvFile = lib.mkOption {
type = lib.types.path;
description = ''
Path to the environment file that contains the secrets like Cloudflare API key.
In order to use the dynamicdns plugin, you need to set "cloudflareApiEnvName" for each domain in the dynamicdnsDomains list.
'';
default = "";
};
};
@ -79,26 +77,46 @@ in
}) cfg.domainsList
);
# certs."${cfg.domain}" = {
# group = config.services.caddy.group;
# domain = "${cfg.domain}";
# extraDomainNames = [ "*.${cfg.domain}" ];
# dnsProvider = "cloudflare";
# dnsResolver = "1.1.1.1:53";
# dnsPropagationCheck = true;
# environmentFile = cfg.claudflareApiKeyFile;
# };
};
services.caddy = {
enable = true;
globalConfig = ''
admin :2024
servers {
metrics
}
'';
# Waiting for https://github.com/NixOS/nixpkgs/issues/14671 to be released
package = pkgs.callPackage ../../packages/caddy.nix {
externalPlugins = [
{
name = "cloudflare";
repo = "github.com/caddy-dns/cloudflare";
version = "master";
}
{
name = "dynamicdns";
repo = "github.com/mholt/caddy-dynamicdns";
version = "7c818ab3fc3485a72a346f85c77810725f19f9cf";
}
];
vendorHash = "sha256-AWKokxGG2iCouhet5cPiKTuL9g9RQihkBRReU1nw9jc=";
};
globalConfig =
''
admin :2024
servers {
metrics
}
''
+ lib.concatStringsSep "\n" (
map (dynamicdnsDomain: ''
dynamic_dns {
provider cloudflare {env.${dynamicdnsDomain.cloudflareApiEnvName}}
domains {
${dynamicdnsDomain.domain} @
}
dynamic_domains
}
'') cfg.dynamicdnsDomains
);
extraConfig = lib.concatStringsSep "\n" (
map (
@ -116,21 +134,11 @@ in
) cfg.domainsList
);
# extraConfig =
# let
# certPath = config.security.acme.certs."${cfg.domain}".directory;
# in
# ''
# (cloudflare) {
# tls ${certPath}/cert.pem ${certPath}/key.pem {
# protocols tls1.3
# }
# }
# '';
};
systemd.services.caddy.serviceConfig = {
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
EnvironmentFile = cfg.configEnvFile;
};
# By default, the module create a custom user but it lacks permission to read caddy files

27
modules/networking/ddclient.nix Normal file
View file

@ -0,0 +1,27 @@
{
lib,
config,
pkgs,
...
}:
let
cfg = config.my.networking.ddclient;
in
{
options.my.networking.ddclient = {
enable = lib.mkEnableOption "Enable DDClient dynamic DNS client";
configFile = lib.mkOption {
type = lib.types.path;
default = "/etc/ddclient/ddclient.conf";
description = "Path to the ddclient configuration file (use agenix path)";
};
};
config = lib.mkIf cfg.enable {
services.ddclient = {
enable = true;
configFile = cfg.configFile;
};
};
}

1
modules/networking/default.nix
View file

@ -2,6 +2,7 @@
imports = [
./avahi.nix
./caddy.nix
./ddclient.nix
./nas-samba-share.nix
./tailscale.nix
];