63 lines
1.6 KiB
Nix
63 lines
1.6 KiB
Nix
{ config, pkgs, ... }:
|
|
{
|
|
sops = {
|
|
secrets = {
|
|
"caddy/cf_dns_token" = {
|
|
owner = "caddy";
|
|
mode = "400";
|
|
};
|
|
"caddy/dnspod_dns_token" = {
|
|
owner = "caddy";
|
|
mode = "400";
|
|
};
|
|
};
|
|
templates."caddy.env".content = ''
|
|
CF_API_TOKEN=${config.sops.placeholder."caddy/cf_dns_token"}
|
|
DNSPOD_API_TOKEN=${config.sops.placeholder."caddy/dnspod_dns_token"}
|
|
'';
|
|
};
|
|
|
|
services.caddy =
|
|
let
|
|
acmeCF = "tls {
|
|
dns cloudflare {env.CF_API_TOKEN}
|
|
}";
|
|
acmeDnspod = "tls {
|
|
dns dnspod {env.DNSPOD_API_TOKEN}
|
|
}";
|
|
in
|
|
{
|
|
enable = true;
|
|
package = pkgs.caddy.withPlugins {
|
|
plugins = [
|
|
"github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e"
|
|
"github.com/caddy-dns/dnspod@v0.0.4"
|
|
];
|
|
hash = "sha256-9DZ58u/Y17njwQKvCZNys8DrCoRNsHQSBD2hV2cm8uU=";
|
|
};
|
|
virtualHosts."derper00.namely.icu:8443".extraConfig = ''
|
|
${acmeDnspod}
|
|
reverse_proxy 127.0.0.1:${toString config.services.tailscale.derper.port}
|
|
'';
|
|
# API Token must be added in systemd environment file
|
|
virtualHosts."immich.xinyang.life:8000".extraConfig = ''
|
|
${acmeDnspod}
|
|
reverse_proxy 127.0.0.1:${toString config.services.immich.port}
|
|
'';
|
|
virtualHosts."immich.xiny.li:8443".extraConfig = ''
|
|
${acmeCF}
|
|
reverse_proxy 127.0.0.1:${toString config.services.immich.port}
|
|
'';
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
8000
|
|
8443
|
|
];
|
|
|
|
systemd.services.caddy = {
|
|
serviceConfig = {
|
|
EnvironmentFile = config.sops.templates."caddy.env".path;
|
|
};
|
|
};
|
|
}
|