···
cfg = config.modules.caddy;
12
+
# Generate Caddyfile content from the proxy configuration
13
+
generateCaddyfile = proxies:
15
+
proxyEntries = mapAttrsToList (domain: upstream: ''
17
+
reverse_proxy ${upstream}
19
+
# Optional: Add some common headers for better proxying
20
+
header_up Host {upstream_hostport}
21
+
header_up X-Real-IP {remote_host}
22
+
header_up X-Forwarded-For {remote_host}
23
+
header_up X-Forwarded-Proto {scheme}
27
+
concatStringsSep "\n\n" proxyEntries;
15
-
caddy = { enable = mkEnableOption "Deploy Caddy"; };
34
+
enable = mkEnableOption "Deploy Caddy";
36
+
# New option for reverse proxy configuration
37
+
reverseProxies = mkOption {
38
+
type = types.attrsOf types.str;
40
+
description = "Attribute set of domain to upstream mappings for reverse proxying";
42
+
"notes.nekomimi.pet" = "valefar:3009";
43
+
"git.nekomimi.pet" = "morax:3000";
47
+
# Optional: Allow custom Caddyfile content to be appended
48
+
extraConfig = mkOption {
51
+
description = "Extra Caddyfile configuration to append";
54
+
# Optional: Email for ACME/Let's Encrypt
56
+
type = types.nullOr types.str;
58
+
description = "Email address for ACME certificate registration";
config = mkIf cfg.enable {
# Allow network access when building
# https://mdleom.com/blog/2021/12/27/caddy-plugins-nixos/#xcaddy
22
-
#nix.settings.sandbox = false;
67
+
nix.settings.sandbox = false;
networking.firewall.allowedTCPPorts = [
···
32
-
/* package = pkgs.caddy.withPlugins {
33
-
plugins = [ "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e"];
34
-
hash = "sha256-JVkUkDKdat4aALJHQCq1zorJivVCdyBT+7UhqTvaFLw=";
77
+
package = pkgs.caddy.withPlugins {
78
+
plugins = [ "github.com/caddy-dns/cloudflare"];
79
+
hash = "sha256-1niaf801sijvjrqvw998y8x7b43a0g162h3ry530qwl8lrgkapii";
82
+
# Generate the Caddyfile from our configuration
84
+
${optionalString (cfg.email != null) ''
90
+
${generateCaddyfile cfg.reverseProxies}
systemd.services.caddy = {
nekomimi.pet