chore: move caddy to common settings

2025-05-10 00:27:51 +08:00 · 2025-05-10 00:27:51 +08:00 · 9b3e4038a9
commit 9b3e4038a9
parent e78f1fe200
21 changed files with 69 additions and 6709 deletions
--- a/modules/nixos/common-settings/proxy-server.nix
+++ b/modules/nixos/common-settings/proxy-server.nix
@ -176,11 +176,8 @@ in
        reverse_proxy 127.0.0.1:30310
      '';

-      networking.firewall.allowedTCPPorts = [
-        80
-        cfg.trojan.port
-      ];
-      networking.firewall.allowedUDPPorts = [ ] ++ (lib.range 6311 6314);
+      networking.firewall.allowedTCPPorts = [ cfg.trojan.port ];
+      networking.firewall.allowedUDPPorts = lib.range 6311 6314;

      services.sing-box = {
        enable = true;
--- a/modules/nixos/common-settings/server.nix
+++ b/modules/nixos/common-settings/server.nix
@ -0,0 +1,56 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  cfg = config.commonSettings.serverComponents;
+in
+{
+  options = {
+    commonSettings.serverComponents = {
+      enable = lib.mkEnableOption "Common components on servers";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [
+      80
+      443
+    ];
+
+    services.caddy = {
+      enable = true;
+      package = pkgs.caddy.withPlugins {
+        plugins = [
+          "github.com/caddy-dns/cloudflare@v0.2.1"
+        ];
+        hash = "sha256-saKJatiBZ4775IV2C5JLOmZ4BwHKFtRZan94aS5pO90=";
+      };
+    };
+
+    services.caddy.globalConfig = ''
+      servers {
+        metrics
+      }
+
+      admin unix//var/run/caddy/admin.sock {
+        origins 127.0.0.1 ${config.networking.hostName}.coho-tet.ts.net:2019
+      }
+    '';
+
+    systemd.services.caddy.serviceConfig = {
+      RuntimeDirectory = "caddy";
+      RuntimeDirectoryMode = "0700";
+    };
+
+    custom.monitoring = {
+      promtail.enable = true;
+    };
+
+    custom.prometheus.exporters = {
+      enable = true;
+      node.enable = true;
+    };
+  };
+}