pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / web-servers / caddy.nix
at 16.09-beta 1.8 kB view raw
1{ config, lib, pkgs, ... }: 2 3with lib; 4 5let 6 cfg = config.services.caddy; 7 configFile = pkgs.writeText "Caddyfile" cfg.config; 8in 9{ 10 options.services.caddy = { 11 enable = mkEnableOption "Caddy web server"; 12 13 config = mkOption { 14 description = "Verbatim Caddyfile to use"; 15 }; 16 17 ca = mkOption { 18 default = "https://acme-v01.api.letsencrypt.org/directory"; 19 example = "https://acme-staging.api.letsencrypt.org/directory"; 20 type = types.string; 21 description = "Certificate authority ACME server. The default (Let's Encrypt production server) should be fine for most people."; 22 }; 23 24 email = mkOption { 25 default = ""; 26 type = types.string; 27 description = "Email address (for Let's Encrypt certificate)"; 28 }; 29 30 agree = mkOption { 31 default = false; 32 example = true; 33 type = types.bool; 34 description = "Agree to Let's Encrypt Subscriber Agreement"; 35 }; 36 37 dataDir = mkOption { 38 default = "/var/lib/caddy"; 39 type = types.path; 40 description = "The data directory, for storing certificates."; 41 }; 42 }; 43 44 config = mkIf cfg.enable { 45 systemd.services.caddy = { 46 description = "Caddy web server"; 47 after = [ "network.target" ]; 48 wantedBy = [ "multi-user.target" ]; 49 serviceConfig = { 50 ExecStart = ''${pkgs.caddy.bin}/bin/caddy -conf=${configFile} \ 51 -ca=${cfg.ca} -email=${cfg.email} ${optionalString cfg.agree "-agree"} 52 ''; 53 Type = "simple"; 54 User = "caddy"; 55 Group = "caddy"; 56 AmbientCapabilities = "cap_net_bind_service"; 57 }; 58 }; 59 60 users.extraUsers.caddy = { 61 group = "caddy"; 62 uid = config.ids.uids.caddy; 63 home = cfg.dataDir; 64 createHome = true; 65 }; 66 67 users.extraGroups.caddy.gid = config.ids.uids.caddy; 68 }; 69}