Created module for caddy with plugins

2024-09-10 19:48:40 +02:00 · 2024-09-10 19:48:40 +02:00 · f4935560a4
commit f4935560a4
parent ecbf722032
3 changed files with 100 additions and 34 deletions
--- a/modules/networking/caddy.nix
+++ b/modules/networking/caddy.nix
@ -0,0 +1,58 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+with lib;
+
+let
+  cfg = config.my.networking.caddy;
+in
+{
+  options.my.networking.caddy = {
+    enable = lib.mkEnableOption "Enable caddy as reverse proxy";
+  };
+
+  config = lib.mkIf cfg.enable {
+
+    age.secrets = {
+      cloudflare-tegola-apiKey = {
+        file = ../../secrets/cloudflare-tegola-apiKey.age;
+        owner = config.services.caddy.user;
+        group = config.services.caddy.group;
+      };
+    };
+
+    services.caddy = {
+      enable = true;
+      package = pkgs.caddy-custom;
+      # acmeCA = "https://acme-staging-v02.api.letsencrypt.org/directory"; # ONLY FOR DEVELOPMENT!
+      extraConfig = ''
+        (cloudflare) {
+          tls {
+            dns cloudflare {env.CLOUDFLARE_KEY}
+            resolvers 1.1.1.1 100.100.100.100
+          }
+        }
+      '';
+    };
+
+    systemd.services.caddy.serviceConfig = {
+      EnvironmentFile = config.age.secrets.cloudflare-tegola-apiKey.path;
+      AmbientCapabilities = "CAP_NET_BIND_SERVICE";
+    };
+
+    networking.firewall.allowedTCPPorts = [
+      80
+      443
+    ];
+
+    networking.firewall.allowedUDPPorts = [
+      80
+      443
+    ];
+  };
+
+}
--- a/modules/networking/default.nix
+++ b/modules/networking/default.nix
@ -1,6 +1,7 @@
 {
  imports = [
    ./avahi.nix
+    ./caddy.nix
    ./tailscale.nix
  ];
 }
--- a/overlay/caddy-custom.nix
+++ b/overlay/caddy-custom.nix
@ -3,7 +3,11 @@
 with pkgs;

 caddy.override {
-  buildGoModule = args: buildGoModule (args // {
+  buildGoModule =
+    args:
+    buildGoModule (
+      args
+      // {
        src = stdenv.mkDerivation rec {
          pname = "caddy-using-xcaddy-${xcaddy.version}";
          inherit (caddy) version;
@ -16,10 +20,7 @@ caddy.override {
            go
          ];

-      plugins = [
-        # https://github.com/caddy-dns/cloudflare
-        "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece"
-      ];
+          plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];

          configurePhase = ''
            export GOCACHE=$TMPDIR/go-cache
@ -28,7 +29,9 @@ caddy.override {
          '';

          buildPhase = ''
-        ${xcaddy}/bin/xcaddy build "${caddy.src.rev}" ${lib.concatMapStringsSep " " (plugin: "--with ${plugin}") plugins}
+            ${xcaddy}/bin/xcaddy build "${caddy.src.rev}" ${
+              lib.concatMapStringsSep " " (plugin: "--with ${plugin}") plugins
+            }
            cd buildenv*
            go mod vendor
          '';
@ -42,7 +45,11 @@ caddy.override {
        };

        subPackages = [ "." ];
-    ldflags = [ "-s" "-w" ]; ## don't include version info twice
+        ldflags = [
+          "-s"
+          "-w"
+        ]; # # don't include version info twice
        vendorHash = null;
-  });
+      }
+    );
 }