pazpi/nix
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Build Caddy with cloudflare as overlay

Browse source
This commit is contained in:
pazpi 2024-10-07 22:03:39 +02:00
parent abfd06a50d
commit 7d2ce03dc3
5 changed files with 95 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

57
modules/networking/caddy.nix
View file

@ -29,6 +29,12 @@ in
enable = true;
package = pkgs.caddy-custom;
# acmeCA = "https://acme-staging-v02.api.letsencrypt.org/directory"; # ONLY FOR DEVELOPMENT!
globalConfig = ''
admin :2024
servers {
metrics
}
'';
extraConfig = ''
(cloudflare) {
tls {
@ -44,9 +50,60 @@ in
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
};
# By default, the module create a custom user but it lacks permission to read caddy files
systemd.services.promtail.serviceConfig = {
Group = lib.mkForce config.services.caddy.group;
User = lib.mkForce config.services.caddy.user;
};
services.promtail = {
enable = true;
configuration = {
server.http_listen_port = 9080;
server.grpc_listen_port = 0;
clients = [ { url = "http://metrics.internal:3100/loki/api/v1/push"; } ];
scrape_configs = [
{
job_name = "journal";
journal = {
max_age = "12h";
labels = {
job = "systemd-journal";
};
};
relabel_configs = [
{
source_labels = [ "__journal__systemd_unit" ];
regex = "(.*)\\.service";
target_label = "service";
}
{
source_labels = [ "__journal__hostname" ];
target_label = "hostname";
}
];
}
{
job_name = "caddy";
static_configs = [
{
targets = [ "localhost" ];
labels = {
job = "caddylogs";
__path__ = "${config.services.caddy.logDir}/*.log";
};
}
];
}
];
};
};
networking.firewall.allowedTCPPorts = [
80
443
2024
];
networking.firewall.allowedUDPPorts = [