wo2w/nixos-config
1
0
Fork 0
Code Issues Pull requests Activity

common: move to modules, move some files out, modules: adjust dir structure

Browse source
This commit is contained in:
wo2wz 2025-10-04 18:32:46 -04:00
parent ed5f8c3ae6
commit 0bc9abc4c0
43 changed files with 86 additions and 83 deletions
Download patch file Download diff file Expand all files Collapse all files

76
modules/nixos/homeserver/caddy.nix
View file

@ -1,76 +0,0 @@
{ config, pkgs, ... }:
{
sops.secrets = {
"caddy/secrets.env" = {};
"caddy/wo2wz.fyi.crt" = {
owner = "caddy";
group = "caddy";
reloadUnits = [ "caddy.service" ];
};
"caddy/wo2wz.fyi.key" = {
owner = "caddy";
group = "caddy";
reloadUnits = [ "caddy.service" ];
};
};
services = {
tailscale.permitCertUid = "caddy";
caddy = {
enable = true;
package = pkgs.caddy.withPlugins {
plugins = [
"github.com/WeidiDeng/caddy-cloudflare-ip@v0.0.0-20231130002422-f53b62aa13cb"
"github.com/tailscale/caddy-tailscale@v0.0.0-20250915161136-32b202f0a953"
];
hash = "sha256-icldgfR6CidNdsM/AcpaV484hrljGxj5KiAqTOjlKgg=";
};
environmentFile = config.sops.secrets."caddy/secrets.env".path;
extraConfig = ''
(cloudflare-tls) {
tls ${config.sops.secrets."caddy/wo2wz.fyi.crt".path} ${config.sops.secrets."caddy/wo2wz.fyi.key".path}
}
(default-settings) {
encode
header {
Strict-Transport-Security "max-age=15552000;"
X-Frame-Options "SAMEORIGIN"
X-Content-Type-Options "nosniff"
X-Robots-Tag "noindex, nofollow"
-Server
-X-Powered-By
}
}
'';
globalConfig = ''
grace_period 30s
servers {
client_ip_headers CF-Connecting-Ip X-Forwarded-For
trusted_proxies cloudflare {
interval 7d
timeout 15s
}
trusted_proxies_strict
}
tailscale {
auth_key {env.CADDY_TAILSCALE_AUTH_KEY}
state_dir ${config.services.caddy.dataDir}/caddy-tailscale
}
'';
virtualHosts."wo2wz.fyi".extraConfig = ''
import default-settings
import cloudflare-tls
respond "not much to see here"
'';
};
};
}