From c6bd6f90d9ad6bb9bc416a274b1bf0fee1753303 Mon Sep 17 00:00:00 2001
From: Erwin Boskma <erwin@datarift.nl>
Date: Wed, 12 Jun 2024 20:56:52 +0200
Subject: [PATCH] nix-cache: Use caddy-proxy module

---
 machines/nix-cache/configuration.nix | 38 ++++++++--------------------
 1 file changed, 11 insertions(+), 27 deletions(-)

diff --git a/machines/nix-cache/configuration.nix b/machines/nix-cache/configuration.nix
index a789d50..7be5afe 100644
--- a/machines/nix-cache/configuration.nix
+++ b/machines/nix-cache/configuration.nix
@@ -24,6 +24,17 @@
       enable = true;
       server = true;
     };
+    caddy-proxy = {
+      enable = true;
+      package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
+      proxyHosts = [
+        {
+          externalHostname = "nix-cache.datarift.nl";
+          proxyAddress = "127.0.0.1:8080";
+        }
+      ];
+
+    };
     nix-common = {
       enable = true;
       remote-builders = true;
@@ -130,33 +141,6 @@
       };
     };
 
-    caddy = {
-      enable = true;
-      package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
-
-      email = "erwin@datarift.nl";
-
-      virtualHosts = {
-        "nix-cache.datarift.nl" = {
-          extraConfig = ''
-            @local_or_ts {
-              remote_ip 10.0.0.0/24 100.64.0.0/10
-            }
-
-            handle @local_or_ts {
-              reverse_proxy 127.0.0.1:8080
-            }
-            handle {
-              error "Nope." 403
-            }
-
-            tls {
-              dns cloudflare {env.CF_API_TOKEN}
-            }
-          '';
-        };
-      };
-    };
   };
 
   sops.defaultSopsFile = ./secrets.yaml;