blake/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5168f5fc3e51b9fedceaef2d0067361cb09fcceb
nix/modules/homelab/services/caddy/default.nix

92 lines
2.1 KiB
Nix
Raw Blame History

{ pkgs, config, lib, ... }:
let
service = "caddy";
cfg = config.modules.services.${service};
sec = config.sops.secrets;
homelab = config.modules.homelab;
in
{
options.modules.services.${service} = {
enable = lib.mkEnableOption "enables ${service}";
# set port options
data_dir = lib.mkOption {
type = lib.types.str;
default = "/var/lib/${service}";
description = "set data directory for ${service}";
};
backup = lib.mkOption {
type = lib.types.bool;
default = true;
description = "enable backups for ${service}";
};
};
config = lib.mkIf cfg.enable {
# declare ${service} group
users.groups.${service} = {};
# declare ${service} user
users.users.${service} = {
description = "${service} server user";
isSystemUser = true;
home = cfg.data_dir;
createHome = true;
group = "${service}";
extraGroups = [];
};
# enable the ${service} service
services.${service} = {
enable = true;
user = "${service}";
group = "${service}";
dataDir = cfg.data_dir;
email = "me@blakedheld.xyz";
globalConfig = ''
# auto_https ignore_loaded_certs
'';
};
# enable acme for auto ssl certs with lets encrypt
security.acme = {
acceptTerms = true;
defaults.email = "me@blakedheld.xyz";
};
# override umask to make permissions work out
systemd.services.${service}.serviceConfig = {
UMask = lib.mkForce "0007";
};
# open firewall
networking.firewall.allowedTCPPorts = [ 80 443 ];
sops.secrets = {
"ssl_blakedheld_crt" = {
owner = "caddy";
group = "caddy";
path = "/etc/ssl/blakedheld.xyz.crt";
};
"ssl_blakedheld_key" = {
owner = "caddy";
group = "caddy";
path = "/etc/ssl/blakedheld.xyz.key";
};
"klefki_pub.asc" = {
owner = "caddy";
group = "caddy";
path = "/var/www/keys/klefki_pub.asc";
};
};
# add to backups
modules.system.backups.baks = {
${service} = { paths = [ cfg.data_dir ]; };
};
};
}
Reference in New Issue View Git Blame Copy Permalink