nekomimi.pet / nixcfg
my nix configs for my servers and desktop
fork atom
nixcfg / modules / caddy / default.nix
at 67e4051a2df2451a4030dc2ab3b5bc09376149d7 1.0 kB view raw
1{lib, pkgs, config, ...}: 2 3/* taken from https://github.com/jdheyburn/nixos-configs 4no license 5*/ 6 7with lib; 8let 9 cfg = config.modules.caddy; 10 caddyMetricsPort = 2019; 11in 12{ 13 options = { 14 modules = { 15 caddy = { enable = mkEnableOption "Deploy Caddy"; }; 16 }; 17 }; 18 19 config = mkIf cfg.enable { 20 # Allow network access when building 21 # https://mdleom.com/blog/2021/12/27/caddy-plugins-nixos/#xcaddy 22 #nix.settings.sandbox = false; 23 24 networking.firewall.allowedTCPPorts = [ 25 80 26 443 27 caddyMetricsPort 28 ]; 29 30 services.caddy = { 31 enable = true; 32 /* package = pkgs.caddy.withPlugins { 33 plugins = [ "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e"]; 34 hash = "sha256-JVkUkDKdat4aALJHQCq1zorJivVCdyBT+7UhqTvaFLw="; 35 };*/ 36 }; 37 38 systemd.services.caddy = { 39 serviceConfig = { 40 AmbientCapabilities = "cap_net_bind_service"; 41 CapabilityBoundingSet = "cap_net_bind_service"; 42 TimeoutStartSec = "5m"; 43 }; 44 }; 45 }; 46}