❄️ Dotfiles for our NixOS system configuration.
sapphic.moe
1{ config, pkgs, ... }:
2
3{
4 age.secrets.caddy = {
5 file = ../../secrets/caddy.age;
6 mode = "600";
7 };
8
9 services.caddy = {
10 enable = true;
11 package = pkgs.caddy.withPlugins {
12 plugins = [
13 "github.com/caddy-dns/bunny@v1.2.0"
14 ];
15 hash = "sha256-bwffi5sWq07DVoPQGgEIN1jnvQKL6c4tFfR9AT9ThD4=";
16 };
17 environmentFile = config.age.secrets.caddy.path;
18 globalConfig = ''
19 debug
20 email chloe@sapphic.moe
21 '';
22 extraConfig = ''
23 (tls_bunny) {
24 tls {
25 dns bunny {env.BUNNY_API_KEY}
26 resolvers 9.9.9.9 149.112.112.112
27 }
28 }
29 (common) {
30 encode zstd gzip
31 }
32 '';
33 logFormat = ''
34 level debug
35 format json
36 '';
37 };
38
39 settings.firewall.allowedTCPPorts = [
40 80
41 443
42 ];
43
44 settings.firewall.allowedUDPPorts = [ 443 ];
45}