nixos-config/machines/gitea/caddy.nix

45 lines
786 B
Nix
Raw Normal View History

2024-03-14 09:19:40 +01:00
# { caddy-with-plugins, ... }:
{
pkgs,
config,
inputs,
...
}:
{
services.caddy = {
enable = true;
package = inputs.caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
2024-03-14 09:19:40 +01:00
email = "erwin@datarift.nl";
virtualHosts = {
"git.datarift.nl" = {
extraConfig = ''
@local {
remote_ip 10.0.0.0/24
}
handle @local {
reverse_proxy 127.0.0.1:3000
}
handle {
error "Nope." 403
}
tls {
dns cloudflare {env.CF_API_TOKEN}
}
'';
};
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
systemd.services.caddy.serviceConfig.EnvironmentFile = [ config.sops.secrets.caddy-env.path ];
}