···
cfg = config.modules.caddy;
+
# Generate Caddyfile content from the proxy configuration
+
generateCaddyfile = proxies:
+
proxyEntries = mapAttrsToList (domain: upstream: ''
+
reverse_proxy ${upstream}
+
# Optional: Add some common headers for better proxying
+
header_up Host {upstream_hostport}
+
header_up X-Real-IP {remote_host}
+
header_up X-Forwarded-For {remote_host}
+
header_up X-Forwarded-Proto {scheme}
+
concatStringsSep "\n\n" proxyEntries;
+
enable = mkEnableOption "Deploy Caddy";
+
# New option for reverse proxy configuration
+
reverseProxies = mkOption {
+
type = types.attrsOf types.str;
+
description = "Attribute set of domain to upstream mappings for reverse proxying";
+
"notes.nekomimi.pet" = "valefar:3009";
+
"git.nekomimi.pet" = "morax:3000";
+
# Optional: Allow custom Caddyfile content to be appended
+
extraConfig = mkOption {
+
description = "Extra Caddyfile configuration to append";
+
# Optional: Email for ACME/Let's Encrypt
+
type = types.nullOr types.str;
+
description = "Email address for ACME certificate registration";
config = mkIf cfg.enable {
# Allow network access when building
# https://mdleom.com/blog/2021/12/27/caddy-plugins-nixos/#xcaddy
+
nix.settings.sandbox = false;
networking.firewall.allowedTCPPorts = [
···
+
package = pkgs.caddy.withPlugins {
+
plugins = [ "github.com/caddy-dns/cloudflare"];
+
hash = "sha256-1niaf801sijvjrqvw998y8x7b43a0g162h3ry530qwl8lrgkapii";
+
# Generate the Caddyfile from our configuration
+
${optionalString (cfg.email != null) ''
+
${generateCaddyfile cfg.reverseProxies}
systemd.services.caddy = {
nekomimi.pet